fixup commit for tag 'NSS_3_12_2_WITH_CKBI_1_75_RTM'NSS_3_12_2_WITH_CKBI_1_75_RTM

author: cvs2hg <devnull@localhost> 2009-05-21 19:50:33 +0000
committer: cvs2hg <devnull@localhost> 2009-05-21 19:50:33 +0000
commit: fe7c0a62d359825d537f29602aa213a722e3e7a1 (patch)
tree: dbdfa03a22dc1eb8293fcf5d597d8ac76e565f2a /security/nss/lib/freebl
parent: b5c29c9fea36731e5d72bd223c1ec4c5d17e5e22 (diff)
parent: db382805a1d20e2207f9f7081e18a16474484a0c (diff)
download: nss-hg-fe7c0a62d359825d537f29602aa213a722e3e7a1.tar.gz
222 files changed, 105480 insertions, 0 deletions
diff --git a/security/nss/lib/freebl/Makefile b/security/nss/lib/freebl/Makefile
new file mode 100644
index 000000000..bf65098f4
--- /dev/null
+++ b/security/nss/lib/freebl/Makefile
@@ -0,0 +1,584 @@
+#! gmake
+#
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the Netscape security libraries.
+#
+# The Initial Developer of the Original Code is
+# Netscape Communications Corporation.
+# Portions created by the Initial Developer are Copyright (C) 1994-2000
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#   Stephen Fung <fungstep@hotmail.com> and
+#   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+-include config.mk
+
+# default for all platforms
+# unset this on those that have multiple freebl libraries
+FREEBL_BUILD_SINGLE_SHLIB = 1
+
+ifdef USE_64
+	DEFINES += -DNSS_USE_64
+endif
+
+ifdef USE_ABI32_FPU
+	DEFINES += -DNSS_USE_ABI32_FPU
+endif
+
+# des.c wants _X86_ defined for intel CPUs.  
+# coreconf does this for windows, but not for Linux, FreeBSD, etc.
+ifeq ($(CPU_ARCH),x86)
+ifneq (,$(filter-out WIN%,$(OS_TARGET)))
+	OS_REL_CFLAGS += -D_X86_
+endif
+endif
+
+ifeq ($(OS_TARGET),OSF1)
+    DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_NO_MP_WORD
+    MPI_SRCS += mpvalpha.c
+endif
+
+ifeq (,$(filter-out WINNT WIN95,$(OS_TARGET)))  #omits WIN16 and WINCE
+ifndef USE_64
+ifdef NS_USE_GCC
+# Ideally, we want to use assembler
+#     ASFILES  = mpi_x86.s
+#     DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE \
+#                -DMP_ASSEMBLY_DIV_2DX1D
+# but we haven't figured out how to make it work, so we are not
+# using assembler right now.
+    ASFILES  =
+    DEFINES += -DMP_NO_MP_WORD -DMP_USE_UINT_DIGIT
+else
+    MPI_SRCS += mpi_x86_asm.c
+    DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE 
+    DEFINES += -DMP_ASSEMBLY_DIV_2DX1D -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD
+    ifdef BUILD_OPT
+	OPTIMIZER += -Ox  # maximum optimization for freebl
+    endif
+endif
+endif
+endif
+
+ifeq ($(OS_TARGET),WINCE)
+    DEFINES += -DMP_ARGCHK=0	# no assert in WinCE
+    DEFINES += -DSHA_NO_LONG_LONG # avoid 64-bit arithmetic in SHA512
+endif
+
+ifeq ($(OS_TARGET),IRIX)
+ifeq ($(USE_N32),1)
+    ASFILES  = mpi_mips.s
+    ifeq ($(NS_USE_GCC),1)
+	ASFLAGS = -Wp,-P -Wp,-traditional -O -mips3
+    else
+	ASFLAGS = -O -OPT:Olimit=4000 -dollar -fullwarn -xansi -n32 -mips3 
+    endif
+    DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
+    DEFINES += -DMP_USE_UINT_DIGIT
+endif
+endif
+
+ifeq ($(OS_TARGET),Linux)
+ifeq ($(CPU_ARCH),x86_64)
+    ASFILES  = arcfour-amd64-gas.s mpi_amd64_gas.s
+    ASFLAGS += -march=opteron -m64 -fPIC
+    DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY
+    DEFINES += -DNSS_USE_COMBA
+    DEFINES += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN
+#   DEFINES += -DMPI_AMD64_ADD
+    MPI_SRCS += mpi_amd64.c mp_comba.c
+endif
+ifeq ($(CPU_ARCH),x86)
+    ASFILES  = mpi_x86.s
+    DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE 
+    DEFINES += -DMP_ASSEMBLY_DIV_2DX1D
+    DEFINES += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN
+    # The floating point ECC code doesn't work on Linux x86 (bug 311432).
+    #ECL_USE_FP = 1
+endif
+endif # Linux
+
+ifeq ($(OS_TARGET),AIX)
+    DEFINES += -DMP_USE_UINT_DIGIT
+    ifndef USE_64
+	DEFINES += -DMP_NO_DIV_WORD -DMP_NO_ADD_WORD -DMP_NO_SUB_WORD
+    endif
+endif # AIX
+
+ifeq ($(OS_TARGET), HP-UX)
+ifneq ($(OS_TEST), ia64)
+# PA-RISC
+ASFILES += ret_cr16.s
+ifndef USE_64
+    FREEBL_BUILD_SINGLE_SHLIB = 
+    HAVE_ABI32_INT32 = 1
+    HAVE_ABI32_FPU = 1
+endif
+ifdef FREEBL_CHILD_BUILD
+ifdef USE_ABI32_INT32
+# build for DA1.1 (HP PA 1.1) 32-bit ABI build with 32-bit arithmetic
+    DEFINES  += -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD
+    DEFINES += -DSHA_NO_LONG_LONG # avoid 64-bit arithmetic in SHA512
+else
+ifdef USE_64
+# this builds for DA2.0W (HP PA 2.0 Wide), the LP64 ABI, using 64-bit digits 
+    MPI_SRCS += mpi_hp.c 
+    ASFILES  += hpma512.s hppa20.s 
+    DEFINES  += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
+else
+# this builds for DA2.0 (HP PA 2.0 Narrow) ABI32_FPU model 
+# (the 32-bit ABI with 64-bit registers) using 64-bit digits
+    MPI_SRCS += mpi_hp.c 
+    ASFILES  += hpma512.s hppa20.s 
+    DEFINES  += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
+    ARCHFLAG = -Aa +e +DA2.0 +DS2.0
+endif
+endif
+endif
+endif
+endif
+
+# The blapi functions are defined not only in the freebl shared
+# libraries but also in the shared libraries linked with loader.c
+# (libsoftokn3.so and libssl3.so).  We need to use GNU ld's
+# -Bsymbolic option or the equivalent option for other linkers
+# to bind the blapi function references in FREEBLVector vector
+# (ldvector.c) to the blapi functions defined in the freebl
+# shared libraries.
+ifeq (,$(filter-out BSD_OS FreeBSD Linux NetBSD OpenBSD, $(OS_TARGET)))
+    MKSHLIB += -Wl,-Bsymbolic
+endif
+
+ifeq ($(OS_TARGET),SunOS)
+
+# The -R '$ORIGIN' linker option instructs this library to search for its
+# dependencies in the same directory where it resides.
+MKSHLIB += -R '$$ORIGIN'
+ifdef NS_USE_GCC
+    ifdef GCC_USE_GNU_LD
+	MKSHLIB += -Wl,-Bsymbolic,-z,now,-z,text
+    else
+	MKSHLIB += -Wl,-B,symbolic,-z,now,-z,text
+    endif # GCC_USE_GNU_LD
+else
+    MKSHLIB += -B symbolic -z now -z text
+endif # NS_USE_GCC
+
+# Sun's WorkShop defines v8, v8plus and v9 architectures.
+# gcc on Solaris defines v8 and v9 "cpus".  
+# gcc's v9 is equivalent to Workshop's v8plus.
+# gcc's -m64 is equivalent to Workshop's v9
+# We always use Sun's assembler, which uses Sun's naming convention.
+ifeq ($(CPU_ARCH),sparc)
+    FREEBL_BUILD_SINGLE_SHLIB=
+    ifdef USE_64
+        HAVE_ABI64_INT = 1
+        HAVE_ABI64_FPU = 1
+    else
+        HAVE_ABI32_INT32 = 1
+        HAVE_ABI32_FPU = 1
+        HAVE_ABI32_INT64 = 1
+    endif
+    SYSV_SPARC = 1
+    SOLARIS_AS = /usr/ccs/bin/as
+    #### set arch, asm, c flags
+    ifdef NS_USE_GCC
+	ifdef USE_ABI32_INT32
+	    # default ARCHFLAG=-mcpu=v8 set by coreconf/sunOS5.mk
+	endif
+	ifdef USE_ABI32_INT64
+	    ARCHFLAG=-mcpu=v9 -Wa,-xarch=v8plus
+	    SOLARIS_AS_FLAGS = -xarch=v8plus -K PIC
+	endif
+	ifdef USE_ABI32_FPU
+	    ARCHFLAG=-mcpu=v9 -Wa,-xarch=v8plusa
+	    SOLARIS_AS_FLAGS = -xarch=v8plusa -K PIC
+	endif # USE_ABI32_FPU
+	ifdef USE_ABI64_INT
+	    # this builds for Sparc v9a pure 64-bit architecture
+	    ARCHFLAG += -mcpu=v9 -Wa,-xarch=v9
+	    SOLARIS_AS_FLAGS = -xarch=v9 -K PIC
+	endif
+	ifdef USE_ABI64_FPU
+	    # this builds for Sparc v9a pure 64-bit architecture
+	    # It uses floating point, and 32-bit word size
+	    ARCHFLAG += -mcpu=v9 -Wa,-xarch=v9a
+	    SOLARIS_AS_FLAGS = -xarch=v9a -K PIC
+	endif
+    else # NS_USE_GCC
+	# FPU_TARGET_OPTIMIZER specifies the target processor and cache
+	# properties of the ABI32_FPU and ABI64_FPU architectures for use
+	# by the optimizer.
+	ifeq (,$(findstring Sun WorkShop 6,$(shell $(CC) -V 2>&1)))
+	    # if the compiler is not Forte 6
+	    FPU_TARGET_OPTIMIZER = -xcache=64/32/4:1024/64/4 -xchip=ultra3
+	else
+	    # Forte 6 C compiler generates incorrect code for rijndael.c
+	    # if -xchip=ultra3 is used (Bugzilla bug 333925).  So we revert
+	    # to what we used in NSS 3.10.
+	    FPU_TARGET_OPTIMIZER = -xchip=ultra2
+	endif
+	ifdef USE_ABI32_INT32
+	    #ARCHFLAG=-xarch=v8 set in coreconf/sunOS5.mk
+	endif
+	ifdef USE_ABI32_INT64
+	    # this builds for Sparc v8+a ABI32_FPU architecture, 64-bit registers, 
+	    # 32-bit ABI, it uses 64-bit words, integer arithmetic,
+	    # no FPU (non-VIS cpus).
+	    # These flags were suggested by the compiler group for building
+	    # with SunStudio 10.
+	    ifdef BUILD_OPT
+                SOL_CFLAGS += -xO4
+	    endif
+ 	    SOL_CFLAGS += -xtarget=generic
+	    ARCHFLAG = -xarch=v8plus
+	    SOLARIS_AS_FLAGS = -xarch=v8plus -K PIC
+	endif
+	ifdef USE_ABI32_FPU
+	    # this builds for Sparc v8+a ABI32_FPU architecture, 64-bit registers, 
+	    # 32-bit ABI, it uses FPU code, and 32-bit word size.
+	    # these flags were determined by running cc -### -fast and copying
+	    # the generated flag settings
+	    SOL_CFLAGS += -fsingle -xmemalign=8s
+	    ifdef BUILD_OPT
+                SOL_CFLAGS += -D__MATHERR_ERRNO_DONTCARE -fsimple=1
+                SOL_CFLAGS += -xalias_level=basic -xbuiltin=%all
+                SOL_CFLAGS += $(FPU_TARGET_OPTIMIZER) -xdepend
+                SOL_CFLAGS += -xlibmil -xO5
+	    endif
+	    ARCHFLAG = -xarch=v8plusa
+	    SOLARIS_AS_FLAGS = -xarch=v8plusa -K PIC
+	endif
+	ifdef USE_ABI64_INT
+	    # this builds for Sparc v9a pure 64-bit architecture,
+	    # no FPU (non-VIS cpus). For building with SunStudio 10.
+	    ifdef BUILD_OPT
+                SOL_CFLAGS += -xO4
+	    endif
+ 	    SOL_CFLAGS += -xtarget=generic
+	    ARCHFLAG = -xarch=v9
+	    SOLARIS_AS_FLAGS = -xarch=v9 -K PIC
+	endif
+	ifdef USE_ABI64_FPU
+	    # this builds for Sparc v9a pure 64-bit architecture
+	    # It uses floating point, and 32-bit word size.
+	    # See comment for USE_ABI32_FPU.
+	    SOL_CFLAGS += -fsingle -xmemalign=8s
+	    ifdef BUILD_OPT
+                SOL_CFLAGS += -D__MATHERR_ERRNO_DONTCARE -fsimple=1
+                SOL_CFLAGS += -xalias_level=basic -xbuiltin=%all
+                SOL_CFLAGS += $(FPU_TARGET_OPTIMIZER) -xdepend
+                SOL_CFLAGS += -xlibmil -xO5
+	    endif
+	    ARCHFLAG = -xarch=v9a
+	    SOLARIS_AS_FLAGS = -xarch=v9a -K PIC
+	endif
+    endif # NS_USE_GCC
+
+    ### set flags for both GCC and Sun cc
+    ifdef USE_ABI32_INT32
+	# this builds for Sparc v8 pure 32-bit architecture
+	DEFINES += -DMP_USE_UINT_DIGIT -DMP_ASSEMBLY_MULTIPLY
+	ASFILES  = mpv_sparcv8x.s
+	DEFINES += -DSHA_NO_LONG_LONG # avoid 64-bit arithmetic in SHA512
+    endif
+    ifdef USE_ABI32_INT64
+	# this builds for Sparc v8+a ABI32_FPU architecture, 64-bit registers, 
+	# 32-bit ABI, it uses 64-bit words, integer arithmetic, no FPU
+	# best times are with no MP_ flags specified
+    endif
+    ifdef USE_ABI32_FPU
+	# this builds for Sparc v8+a ABI32_FPU architecture, 64-bit registers, 
+	# 32-bit ABI, it uses FPU code, and 32-bit word size
+	MPI_SRCS += mpi_sparc.c
+	ASFILES  = mpv_sparcv8.s montmulfv8.s
+	DEFINES  += -DMP_NO_MP_WORD -DMP_USE_UINT_DIGIT -DMP_ASSEMBLY_MULTIPLY
+	DEFINES  += -DMP_USING_MONT_MULF -DMP_MONT_USE_MP_MUL
+	ECL_USE_FP = 1
+    endif
+    ifdef USE_ABI64_INT
+	# this builds for Sparc v9a pure 64-bit architecture
+	# best times are with no MP_ flags specified
+    endif
+    ifdef USE_ABI64_FPU
+	# this builds for Sparc v9a pure 64-bit architecture
+	# It uses floating point, and 32-bit word size
+	MPI_SRCS += mpi_sparc.c
+	ASFILES   = mpv_sparcv9.s montmulfv9.s
+	DEFINES  += -DMP_NO_MP_WORD -DMP_USE_UINT_DIGIT -DMP_ASSEMBLY_MULTIPLY
+	DEFINES  += -DMP_USING_MONT_MULF -DMP_MONT_USE_MP_MUL
+	ECL_USE_FP = 1
+    endif
+
+else
+    # Solaris for non-sparc family CPUs
+    ifdef NS_USE_GCC
+	LD = gcc
+	AS = gcc
+	ASFLAGS =
+    endif
+    ifeq ($(USE_64),1)
+	# Solaris for AMD64
+	ifdef NS_USE_GCC
+	    ASFILES  = arcfour-amd64-gas.s mpi_amd64_gas.s
+	    ASFLAGS += -march=opteron -m64 -fPIC
+	    MPI_SRCS += mp_comba.c
+	else
+	    ASFILES  = arcfour-amd64-sun.s mpi_amd64_sun.s sha-fast-amd64-sun.s
+ 	    ASFILES += mp_comba_amd64_sun.s mpcpucache_amd64.s
+	    ASFLAGS += -xarch=generic64 -K PIC
+            SOL_CFLAGS += -xprefetch=no
+	    SHA_SRCS =
+ 	    MPCPU_SRCS =
+	endif
+	DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY
+	DEFINES += -DNSS_USE_COMBA -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN
+	MPI_SRCS += mpi_amd64.c
+    else
+	# Solaris x86
+	DEFINES += -D_X86_
+	DEFINES += -DMP_USE_UINT_DIGIT
+	DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE 
+	DEFINES += -DMP_ASSEMBLY_DIV_2DX1D
+	ASFILES  = mpi_i86pc.s
+ 	ifndef NS_USE_GCC
+ 	   MPCPU_SRCS =
+ 	   ASFILES += mpcpucache_x86.s
+ 	endif
+    endif
+endif # Solaris for non-sparc family CPUs
+endif # target == SunOS
+
+ifdef NSS_ENABLE_ECC
+    ifdef ECL_USE_FP
+	#enable floating point ECC code	
+	DEFINES  += -DECL_USE_FP
+	ECL_SRCS += ecp_fp160.c ecp_fp192.c ecp_fp224.c ecp_fp.c
+	ECL_HDRS += ecp_fp.h
+    endif
+endif # NSS_ENABLE_ECC
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+export:: private_export
+
+rijndael_tables:
+	$(CC) -o $(OBJDIR)/make_rijndael_tab rijndael_tables.c \
+	         $(DEFINES) $(INCLUDES) $(OBJDIR)/libfreebl.a
+	$(OBJDIR)/make_rijndael_tab
+
+vpath %.h mpi ecl
+vpath %.c mpi ecl
+vpath %.S mpi ecl
+vpath %.s mpi ecl
+INCLUDES += -Impi -Iecl
+
+
+DEFINES += -DMP_API_COMPATIBLE
+
+MPI_USERS = dh.c pqg.c dsa.c rsa.c ec.c
+
+MPI_OBJS = $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(MPI_SRCS:.c=$(OBJ_SUFFIX)))
+MPI_OBJS += $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(MPI_USERS:.c=$(OBJ_SUFFIX)))
+
+$(MPI_OBJS): $(MPI_HDRS)
+
+ECL_USERS = ec.c
+
+ECL_OBJS = $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(ECL_SRCS:.c=$(OBJ_SUFFIX)) $(ECL_ASM_SRCS:$(ASM_SUFFIX)=$(OBJ_SUFFIX)))
+ECL_OBJS += $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(ECL_USERS:.c=$(OBJ_SUFFIX)))
+
+$(ECL_OBJS): $(ECL_HDRS)
+
+
+
+$(OBJDIR)/sysrand$(OBJ_SUFFIX): sysrand.c unix_rand.c win_rand.c os2_rand.c
+
+$(OBJDIR)/$(PROG_PREFIX)mpprime$(OBJ_SUFFIX): primes.c
+
+$(OBJDIR)/ldvector$(OBJ_SUFFIX) $(OBJDIR)/loader$(OBJ_SUFFIX) : loader.h
+
+ifeq ($(SYSV_SPARC),1)
+
+$(OBJDIR)/mpv_sparcv8.o $(OBJDIR)/mpv_sparcv8x.o $(OBJDIR)/montmulfv8.o : $(OBJDIR)/%.o : %.s
+	@$(MAKE_OBJDIR)
+	$(SOLARIS_AS) -o $@ $(SOLARIS_AS_FLAGS) $<
+
+$(OBJDIR)/mpv_sparcv9.o $(OBJDIR)/montmulfv9.o : $(OBJDIR)/%.o : %.s
+	@$(MAKE_OBJDIR)
+	$(SOLARIS_AS) -o $@ $(SOLARIS_AS_FLAGS) $<
+
+$(OBJDIR)/mpmontg.o: mpmontg.c montmulf.h
+
+endif
+
+ifndef FREEBL_CHILD_BUILD
+
+# Parent build. This is where we decide which shared libraries to build
+
+ifdef FREEBL_BUILD_SINGLE_SHLIB
+
+################### Single shared lib stuff #########################
+SINGLE_SHLIB_DIR = $(OBJDIR)/$(OS_TARGET)_SINGLE_SHLIB
+ALL_TRASH += $(SINGLE_SHLIB_DIR) 
+
+$(SINGLE_SHLIB_DIR):
+	-mkdir $(SINGLE_SHLIB_DIR)
+
+release_md libs:: $(SINGLE_SHLIB_DIR)
+	$(MAKE) FREEBL_CHILD_BUILD=1 \
+ OBJDIR=$(SINGLE_SHLIB_DIR) $@
+######################## common stuff #########################
+
+endif
+
+# multiple shared libraries
+
+######################## ABI32_FPU stuff #########################
+ifdef HAVE_ABI32_FPU
+ABI32_FPU_DIR = $(OBJDIR)/$(OS_TARGET)_ABI32_FPU
+ALL_TRASH += $(ABI32_FPU_DIR) 
+
+$(ABI32_FPU_DIR):
+	-mkdir $(ABI32_FPU_DIR)
+
+release_md libs:: $(ABI32_FPU_DIR)
+	$(MAKE) FREEBL_CHILD_BUILD=1 USE_ABI32_FPU=1 \
+ OBJDIR=$(ABI32_FPU_DIR) $@
+endif
+
+######################## ABI32_INT32 stuff #########################
+ifdef HAVE_ABI32_INT32
+ABI32_INT32_DIR = $(OBJDIR)/$(OS_TARGET)_ABI32_INT32
+ALL_TRASH += $(ABI32_INT32_DIR) 
+
+$(ABI32_INT32_DIR):
+	-mkdir $(ABI32_INT32_DIR)
+
+release_md libs:: $(ABI32_INT32_DIR)
+	$(MAKE) FREEBL_CHILD_BUILD=1 USE_ABI32_INT32=1 \
+ OBJDIR=$(ABI32_INT32_DIR) $@
+endif
+
+######################## ABI32_INT64 stuff #########################
+ifdef HAVE_ABI32_INT64
+ABI32_INT64_DIR = $(OBJDIR)/$(OS_TARGET)_ABI32_INT64
+ALL_TRASH += $(ABI32_INT64_DIR) 
+
+$(ABI32_INT64_DIR):
+	-mkdir $(ABI32_INT64_DIR)
+
+release_md libs:: $(ABI32_INT64_DIR)
+	$(MAKE) FREEBL_CHILD_BUILD=1 USE_ABI32_INT64=1\
+ OBJDIR=$(ABI32_INT64_DIR) $@
+endif
+
+######################## END of 32-bit stuff #########################
+
+# above is 32-bit builds, below is 64-bit builds
+
+######################## ABI64_FPU stuff #########################
+ifdef HAVE_ABI64_FPU
+ABI64_FPU_DIR = $(OBJDIR)/$(OS_TARGET)_ABI64_FPU
+ALL_TRASH += $(ABI64_FPU_DIR) 
+
+$(ABI64_FPU_DIR):
+	-mkdir $(ABI64_FPU_DIR)
+
+release_md libs:: $(ABI64_FPU_DIR)
+	$(MAKE) FREEBL_CHILD_BUILD=1 USE_ABI64_FPU=1 \
+ OBJDIR=$(ABI64_FPU_DIR) $@
+endif
+
+######################## ABI64_INT stuff #########################
+ifdef HAVE_ABI64_INT
+ABI64_INT_DIR = $(OBJDIR)/$(OS_TARGET)_ABI64_INT
+ALL_TRASH += $(ABI64_INT_DIR) 
+
+$(ABI64_INT_DIR):
+	-mkdir $(ABI64_INT_DIR)
+
+release_md libs:: $(ABI64_INT_DIR)
+	$(MAKE) FREEBL_CHILD_BUILD=1 USE_ABI64_INT=1 \
+ OBJDIR=$(ABI64_INT_DIR) $@
+endif
+
+endif  # FREEBL_CHILD_BUILD
+
+
+# Bugzilla Bug 333917: the non-x86 code in desblapi.c seems to violate
+# ANSI C's strict aliasing rules.
+ifeq ($(OS_TARGET),Linux)
+ifneq ($(CPU_ARCH),x86)
+$(OBJDIR)/$(PROG_PREFIX)desblapi$(OBJ_SUFFIX): desblapi.c
+	@$(MAKE_OBJDIR)
+ifdef NEED_ABSOLUTE_PATH
+	$(CC) -o $@ -c $(CFLAGS) -fno-strict-aliasing $(call core_abspath,$<)
+else
+	$(CC) -o $@ -c $(CFLAGS) -fno-strict-aliasing $<
+endif
+endif
+endif
diff --git a/security/nss/lib/freebl/aeskeywrap.c b/security/nss/lib/freebl/aeskeywrap.c
new file mode 100644
index 000000000..c61a94a4d
--- /dev/null
+++ b/security/nss/lib/freebl/aeskeywrap.c
@@ -0,0 +1,413 @@
+/*
+ * aeskeywrap.c - implement AES Key Wrap algorithm from RFC 3394
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 2002
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+/* $Id$ */
+
+#include "prcpucfg.h"
+#if defined(IS_LITTLE_ENDIAN) || defined(SHA_NO_LONG_LONG)
+#define BIG_ENDIAN_WITH_64_BIT_REGISTERS 0
+#else
+#define BIG_ENDIAN_WITH_64_BIT_REGISTERS 1
+#endif
+#include "prtypes.h"	/* for PRUintXX */
+#include "secport.h"	/* for PORT_XXX */
+#include "secerr.h"
+#include "blapi.h"	/* for AES_ functions */
+#include "rijndael.h"
+
+struct AESKeyWrapContextStr {
+     unsigned char iv[AES_KEY_WRAP_IV_BYTES];
+     AESContext    aescx;
+};
+
+/******************************************/
+/*
+** AES key wrap algorithm, RFC 3394
+*/
+
+AESKeyWrapContext * 
+AESKeyWrap_AllocateContext(void)
+{
+    AESKeyWrapContext * cx = PORT_New(AESKeyWrapContext);
+    return cx;
+}
+
+SECStatus  
+AESKeyWrap_InitContext(AESKeyWrapContext *cx, 
+		       const unsigned char *key, 
+		       unsigned int keylen,
+		       const unsigned char *iv, 
+		       int x1,
+		       unsigned int encrypt,
+		       unsigned int x2)
+{
+    SECStatus rv = SECFailure;
+    if (!cx) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+    	return SECFailure;
+    }
+    if (iv) {
+    	memcpy(cx->iv, iv, sizeof cx->iv);
+    } else {
+	memset(cx->iv, 0xA6, sizeof cx->iv);
+    }
+    rv = AES_InitContext(&cx->aescx, key, keylen, NULL, NSS_AES, encrypt, 
+                                  AES_BLOCK_SIZE);
+    return rv;
+}
+
+/*
+** Create a new AES context suitable for AES encryption/decryption.
+** 	"key" raw key data
+** 	"keylen" the number of bytes of key data (16, 24, or 32)
+*/
+extern AESKeyWrapContext *
+AESKeyWrap_CreateContext(const unsigned char *key, const unsigned char *iv, 
+                         int encrypt, unsigned int keylen)
+{
+    SECStatus rv;
+    AESKeyWrapContext * cx = AESKeyWrap_AllocateContext();
+    if (!cx) 
+    	return NULL;	/* error is already set */
+    rv = AESKeyWrap_InitContext(cx, key, keylen, iv, 0, encrypt, 0);
+    if (rv != SECSuccess) {
+        PORT_Free(cx);
+	cx = NULL; 	/* error should already be set */
+    }
+    return cx;
+}
+
+/*
+** Destroy a AES KeyWrap context.
+**	"cx" the context
+**	"freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void 
+AESKeyWrap_DestroyContext(AESKeyWrapContext *cx, PRBool freeit)
+{
+    if (cx) {
+	AES_DestroyContext(&cx->aescx, PR_FALSE);
+/*	memset(cx, 0, sizeof *cx); */
+	if (freeit)
+	    PORT_Free(cx);
+    }
+}
+
+#if !BIG_ENDIAN_WITH_64_BIT_REGISTERS
+
+/* The AES Key Wrap algorithm has 64-bit values that are ALWAYS big-endian
+** (Most significant byte first) in memory.  The only ALU operations done
+** on them are increment, decrement, and XOR.  So, on little-endian CPUs,
+** and on CPUs that lack 64-bit registers, these big-endian 64-bit operations
+** are simulated in the following code.  This is thought to be faster and
+** simpler than trying to convert the data to little-endian and back.
+*/
+
+/* A and T point to two 64-bit values stored most signficant byte first
+** (big endian).  This function increments the 64-bit value T, and then
+** XORs it with A, changing A.
+*/ 
+static void
+increment_and_xor(unsigned char *A, unsigned char *T)
+{
+    if (!++T[7])
+        if (!++T[6])
+	    if (!++T[5])
+		if (!++T[4])
+		    if (!++T[3])
+			if (!++T[2])
+			    if (!++T[1])
+				 ++T[0];
+
+    A[0] ^= T[0];
+    A[1] ^= T[1];
+    A[2] ^= T[2];
+    A[3] ^= T[3];
+    A[4] ^= T[4];
+    A[5] ^= T[5];
+    A[6] ^= T[6];
+    A[7] ^= T[7];
+}
+
+/* A and T point to two 64-bit values stored most signficant byte first
+** (big endian).  This function XORs T with A, giving a new A, then 
+** decrements the 64-bit value T.
+*/ 
+static void
+xor_and_decrement(unsigned char *A, unsigned char *T)
+{
+    A[0] ^= T[0];
+    A[1] ^= T[1];
+    A[2] ^= T[2];
+    A[3] ^= T[3];
+    A[4] ^= T[4];
+    A[5] ^= T[5];
+    A[6] ^= T[6];
+    A[7] ^= T[7];
+
+    if (!T[7]--)
+        if (!T[6]--)
+	    if (!T[5]--)
+		if (!T[4]--)
+		    if (!T[3]--)
+			if (!T[2]--)
+			    if (!T[1]--)
+				 T[0]--;
+
+}
+
+/* Given an unsigned long t (in host byte order), store this value as a
+** 64-bit big-endian value (MSB first) in *pt.
+*/
+static void
+set_t(unsigned char *pt, unsigned long t)
+{
+    pt[7] = (unsigned char)t; t >>= 8;
+    pt[6] = (unsigned char)t; t >>= 8;
+    pt[5] = (unsigned char)t; t >>= 8;
+    pt[4] = (unsigned char)t; t >>= 8;
+    pt[3] = (unsigned char)t; t >>= 8;
+    pt[2] = (unsigned char)t; t >>= 8;
+    pt[1] = (unsigned char)t; t >>= 8;
+    pt[0] = (unsigned char)t;
+}
+
+#endif
+
+/*
+** Perform AES key wrap.
+**	"cx" the context
+**	"output" the output buffer to store the encrypted data.
+**	"outputLen" how much data is stored in "output". Set by the routine
+**	   after some data is stored in output.
+**	"maxOutputLen" the maximum amount of data that can ever be
+**	   stored in "output"
+**	"input" the input data
+**	"inputLen" the amount of input data
+*/
+extern SECStatus 
+AESKeyWrap_Encrypt(AESKeyWrapContext *cx, unsigned char *output,
+            unsigned int *pOutputLen, unsigned int maxOutputLen,
+            const unsigned char *input, unsigned int inputLen)
+{
+    PRUint64 *     R          = NULL;
+    unsigned int   nBlocks;
+    unsigned int   i, j;
+    unsigned int   aesLen     = AES_BLOCK_SIZE;
+    unsigned int   outLen     = inputLen + AES_KEY_WRAP_BLOCK_SIZE;
+    SECStatus      s          = SECFailure;
+    /* These PRUint64s are ALWAYS big endian, regardless of CPU orientation. */
+    PRUint64       t;
+    PRUint64       B[2];
+
+#define A B[0]
+
+    /* Check args */
+    if (!inputLen || 0 != inputLen % AES_KEY_WRAP_BLOCK_SIZE) {
+	PORT_SetError(SEC_ERROR_INPUT_LEN);
+	return s;
+    }
+#ifdef maybe
+    if (!output && pOutputLen) {	/* caller is asking for output size */
+    	*pOutputLen = outLen;
+	return SECSuccess;
+    }
+#endif
+    if (maxOutputLen < outLen) {
+	PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+	return s;
+    }
+    if (cx == NULL || output == NULL || input == NULL) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return s;
+    }
+    nBlocks = inputLen / AES_KEY_WRAP_BLOCK_SIZE;
+    R = PORT_NewArray(PRUint64, nBlocks + 1);
+    if (!R)
+    	return s;	/* error is already set. */
+    /* 
+    ** 1) Initialize variables.
+    */
+    memcpy(&A, cx->iv, AES_KEY_WRAP_IV_BYTES);
+    memcpy(&R[1], input, inputLen);
+#if BIG_ENDIAN_WITH_64_BIT_REGISTERS
+    t = 0;
+#else
+    memset(&t, 0, sizeof t);
+#endif
+    /* 
+    ** 2) Calculate intermediate values.
+    */
+    for (j = 0; j < 6; ++j) {
+    	for (i = 1; i <= nBlocks; ++i) {
+	    B[1] = R[i];
+	    s = AES_Encrypt(&cx->aescx, (unsigned char *)B, &aesLen, 
+	                    sizeof B,  (unsigned char *)B, sizeof B);
+	    if (s != SECSuccess) 
+	        break;
+	    R[i] = B[1];
+	    /* here, increment t and XOR A with t (in big endian order); */
+#if BIG_ENDIAN_WITH_64_BIT_REGISTERS
+   	    A ^= ++t; 
+#else
+	    increment_and_xor((unsigned char *)&A, (unsigned char *)&t);
+#endif
+	}
+    }
+    /* 
+    ** 3) Output the results.
+    */
+    if (s == SECSuccess) {
+    	R[0] =  A;
+	memcpy(output, &R[0], outLen);
+	if (pOutputLen)
+	    *pOutputLen = outLen;
+    } else if (pOutputLen) {
+    	*pOutputLen = 0;
+    }
+    PORT_ZFree(R, outLen);
+    return s;
+}
+#undef A
+
+/*
+** Perform AES key unwrap.
+**	"cx" the context
+**	"output" the output buffer to store the decrypted data.
+**	"outputLen" how much data is stored in "output". Set by the routine
+**	   after some data is stored in output.
+**	"maxOutputLen" the maximum amount of data that can ever be
+**	   stored in "output"
+**	"input" the input data
+**	"inputLen" the amount of input data
+*/
+extern SECStatus 
+AESKeyWrap_Decrypt(AESKeyWrapContext *cx, unsigned char *output,
+            unsigned int *pOutputLen, unsigned int maxOutputLen,
+            const unsigned char *input, unsigned int inputLen)
+{
+    PRUint64 *     R          = NULL;
+    unsigned int   nBlocks;
+    unsigned int   i, j;
+    unsigned int   aesLen     = AES_BLOCK_SIZE;
+    unsigned int   outLen;
+    SECStatus      s          = SECFailure;
+    /* These PRUint64s are ALWAYS big endian, regardless of CPU orientation. */
+    PRUint64       t;
+    PRUint64       B[2];
+
+#define A B[0]
+
+    /* Check args */
+    if (inputLen < 3 * AES_KEY_WRAP_BLOCK_SIZE || 
+        0 != inputLen % AES_KEY_WRAP_BLOCK_SIZE) {
+	PORT_SetError(SEC_ERROR_INPUT_LEN);
+	return s;
+    }
+    outLen = inputLen - AES_KEY_WRAP_BLOCK_SIZE;
+#ifdef maybe
+    if (!output && pOutputLen) {	/* caller is asking for output size */
+    	*pOutputLen = outLen;
+	return SECSuccess;
+    }
+#endif
+    if (maxOutputLen < outLen) {
+	PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+	return s;
+    }
+    if (cx == NULL || output == NULL || input == NULL) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return s;
+    }
+    nBlocks = inputLen / AES_KEY_WRAP_BLOCK_SIZE;
+    R = PORT_NewArray(PRUint64, nBlocks);
+    if (!R)
+    	return s;	/* error is already set. */
+    nBlocks--;
+    /* 
+    ** 1) Initialize variables.
+    */
+    memcpy(&R[0], input, inputLen);
+    A = R[0];
+#if BIG_ENDIAN_WITH_64_BIT_REGISTERS
+    t = 6UL * nBlocks;
+#else
+    set_t((unsigned char *)&t, 6UL * nBlocks);
+#endif
+    /* 
+    ** 2) Calculate intermediate values.
+    */
+    for (j = 0; j < 6; ++j) {
+    	for (i = nBlocks; i; --i) {
+	    /* here, XOR A with t (in big endian order) and decrement t; */
+#if BIG_ENDIAN_WITH_64_BIT_REGISTERS
+   	    A ^= t--; 
+#else
+	    xor_and_decrement((unsigned char *)&A, (unsigned char *)&t);
+#endif
+	    B[1] = R[i];
+	    s = AES_Decrypt(&cx->aescx, (unsigned char *)B, &aesLen, 
+	                    sizeof B,  (unsigned char *)B, sizeof B);
+	    if (s != SECSuccess) 
+	        break;
+	    R[i] = B[1];
+	}
+    }
+    /* 
+    ** 3) Output the results.
+    */
+    if (s == SECSuccess) {
+	int bad = memcmp(&A, cx->iv, AES_KEY_WRAP_IV_BYTES);
+	if (!bad) {
+	    memcpy(output, &R[1], outLen);
+	    if (pOutputLen)
+		*pOutputLen = outLen;
+	} else {
+	    PORT_SetError(SEC_ERROR_BAD_DATA);
+	    if (pOutputLen) 
+		*pOutputLen = 0;
+    	}
+    } else if (pOutputLen) {
+    	*pOutputLen = 0;
+    }
+    PORT_ZFree(R, inputLen);
+    return s;
+}
+#undef A
diff --git a/security/nss/lib/freebl/alg2268.c b/security/nss/lib/freebl/alg2268.c
new file mode 100644
index 000000000..dcc5418dc
--- /dev/null
+++ b/security/nss/lib/freebl/alg2268.c
@@ -0,0 +1,515 @@
+/*
+ * alg2268.c - implementation of the algorithm in RFC 2268
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+/* $Id$ */
+
+#include "blapi.h"
+#include "secerr.h"
+#ifdef XP_UNIX_XXX
+#include <stddef.h>	/* for ptrdiff_t */
+#endif
+
+/*
+** RC2 symmetric block cypher
+*/
+
+typedef SECStatus (rc2Func)(RC2Context *cx, unsigned char *output,
+		           const unsigned char *input, unsigned int inputLen);
+
+/* forward declarations */
+static rc2Func rc2_EncryptECB;
+static rc2Func rc2_DecryptECB;
+static rc2Func rc2_EncryptCBC;
+static rc2Func rc2_DecryptCBC;
+
+typedef union {
+    PRUint32	l[2];
+    PRUint16	s[4];
+    PRUint8	b[8];
+} RC2Block;
+
+struct RC2ContextStr {
+    union {
+    	PRUint8  Kb[128];
+	PRUint16 Kw[64];
+    } u;
+    RC2Block     iv;
+    rc2Func      *enc;
+    rc2Func      *dec;
+};
+
+#define B u.Kb
+#define K u.Kw
+#define BYTESWAP(x) ((x) << 8 | (x) >> 8)
+#define SWAPK(i)  cx->K[i] = (tmpS = cx->K[i], BYTESWAP(tmpS))
+#define RC2_BLOCK_SIZE 8
+
+#define LOAD_HARD(R) \
+    R[0] = (PRUint16)input[1] << 8 | input[0]; \
+    R[1] = (PRUint16)input[3] << 8 | input[2]; \
+    R[2] = (PRUint16)input[5] << 8 | input[4]; \
+    R[3] = (PRUint16)input[7] << 8 | input[6];
+#define LOAD_EASY(R) \
+    R[0] = ((PRUint16 *)input)[0]; \
+    R[1] = ((PRUint16 *)input)[1]; \
+    R[2] = ((PRUint16 *)input)[2]; \
+    R[3] = ((PRUint16 *)input)[3];
+#define STORE_HARD(R) \
+    output[0] =  (PRUint8)(R[0]);   output[1] = (PRUint8)(R[0] >> 8); \
+    output[2] =  (PRUint8)(R[1]);   output[3] = (PRUint8)(R[1] >> 8); \
+    output[4] =  (PRUint8)(R[2]);   output[5] = (PRUint8)(R[2] >> 8); \
+    output[6] =  (PRUint8)(R[3]);   output[7] = (PRUint8)(R[3] >> 8);
+#define STORE_EASY(R) \
+    ((PRUint16 *)output)[0] =  R[0]; \
+    ((PRUint16 *)output)[1] =  R[1]; \
+    ((PRUint16 *)output)[2] =  R[2]; \
+    ((PRUint16 *)output)[3] =  R[3];   
+
+#if defined (_X86_)
+#define LOAD(R)  LOAD_EASY(R)
+#define STORE(R) STORE_EASY(R)
+#elif !defined(IS_LITTLE_ENDIAN)
+#define LOAD(R)  LOAD_HARD(R)
+#define STORE(R) STORE_HARD(R)
+#else
+#define LOAD(R) if ((ptrdiff_t)input & 1) { LOAD_HARD(R) } else { LOAD_EASY(R) }
+#define STORE(R) if ((ptrdiff_t)input & 1) { STORE_HARD(R) } else { STORE_EASY(R) }
+#endif
+
+static const PRUint8 S[256] = {
+0331,0170,0371,0304,0031,0335,0265,0355,0050,0351,0375,0171,0112,0240,0330,0235,
+0306,0176,0067,0203,0053,0166,0123,0216,0142,0114,0144,0210,0104,0213,0373,0242,
+0027,0232,0131,0365,0207,0263,0117,0023,0141,0105,0155,0215,0011,0201,0175,0062,
+0275,0217,0100,0353,0206,0267,0173,0013,0360,0225,0041,0042,0134,0153,0116,0202,
+0124,0326,0145,0223,0316,0140,0262,0034,0163,0126,0300,0024,0247,0214,0361,0334,
+0022,0165,0312,0037,0073,0276,0344,0321,0102,0075,0324,0060,0243,0074,0266,0046,
+0157,0277,0016,0332,0106,0151,0007,0127,0047,0362,0035,0233,0274,0224,0103,0003,
+0370,0021,0307,0366,0220,0357,0076,0347,0006,0303,0325,0057,0310,0146,0036,0327,
+0010,0350,0352,0336,0200,0122,0356,0367,0204,0252,0162,0254,0065,0115,0152,0052,
+0226,0032,0322,0161,0132,0025,0111,0164,0113,0237,0320,0136,0004,0030,0244,0354,
+0302,0340,0101,0156,0017,0121,0313,0314,0044,0221,0257,0120,0241,0364,0160,0071,
+0231,0174,0072,0205,0043,0270,0264,0172,0374,0002,0066,0133,0045,0125,0227,0061,
+0055,0135,0372,0230,0343,0212,0222,0256,0005,0337,0051,0020,0147,0154,0272,0311,
+0323,0000,0346,0317,0341,0236,0250,0054,0143,0026,0001,0077,0130,0342,0211,0251,
+0015,0070,0064,0033,0253,0063,0377,0260,0273,0110,0014,0137,0271,0261,0315,0056,
+0305,0363,0333,0107,0345,0245,0234,0167,0012,0246,0040,0150,0376,0177,0301,0255
+};
+
+RC2Context * RC2_AllocateContext(void)
+{
+    return PORT_ZNew(RC2Context);
+}
+SECStatus   
+RC2_InitContext(RC2Context *cx, const unsigned char *key, unsigned int len,
+	        const unsigned char *input, int mode, unsigned int efLen8, 
+		unsigned int unused)
+{
+    PRUint8    *L,*L2;
+    int         i;
+#if !defined(IS_LITTLE_ENDIAN)
+    PRUint16    tmpS;
+#endif
+    PRUint8     tmpB;
+
+    if (!key || !cx || !len || len > (sizeof cx->B) || 
+	efLen8 > (sizeof cx->B)) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+    	return SECFailure;
+    }
+    if (mode == NSS_RC2) {
+    	/* groovy */
+    } else if (mode == NSS_RC2_CBC) {
+    	if (!input) {
+	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	    return SECFailure;
+	}
+    } else {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+
+    if (mode == NSS_RC2_CBC) {
+    	cx->enc = & rc2_EncryptCBC;
+	cx->dec = & rc2_DecryptCBC;
+	LOAD(cx->iv.s);
+    } else {
+    	cx->enc = & rc2_EncryptECB;
+	cx->dec = & rc2_DecryptECB;
+    }
+
+    /* Step 0. Copy key into table. */
+    memcpy(cx->B, key, len);
+
+    /* Step 1. Compute all values to the right of the key. */
+    L2 = cx->B;
+    L = L2 + len;
+    tmpB = L[-1];
+    for (i = (sizeof cx->B) - len; i > 0; --i) {
+	*L++ = tmpB = S[ (PRUint8)(tmpB + *L2++) ];
+    }
+
+    /* step 2. Adjust left most byte of effective key. */
+    i = (sizeof cx->B) - efLen8;
+    L = cx->B + i;
+    *L = tmpB = S[*L];				/* mask is always 0xff */
+
+    /* step 3. Recompute all values to the left of effective key. */
+    L2 = --L + efLen8;
+    while(L >= cx->B) {
+	*L-- = tmpB = S[ tmpB ^ *L2-- ];
+    }
+
+#if !defined(IS_LITTLE_ENDIAN)
+    for (i = 63; i >= 0; --i) {
+        SWAPK(i);		/* candidate for unrolling */
+    }
+#endif
+    return SECSuccess;
+}
+
+/*
+** Create a new RC2 context suitable for RC2 encryption/decryption.
+** 	"key" raw key data
+** 	"len" the number of bytes of key data
+** 	"iv" is the CBC initialization vector (if mode is NSS_RC2_CBC)
+** 	"mode" one of NSS_RC2 or NSS_RC2_CBC
+**	"effectiveKeyLen" in bytes, not bits.
+**
+** When mode is set to NSS_RC2_CBC the RC2 cipher is run in "cipher block
+** chaining" mode.
+*/
+RC2Context *
+RC2_CreateContext(const unsigned char *key, unsigned int len,
+		  const unsigned char *iv, int mode, unsigned efLen8)
+{
+    RC2Context *cx = PORT_ZNew(RC2Context);
+    if (cx) {
+	SECStatus rv = RC2_InitContext(cx, key, len, iv, mode, efLen8, 0);
+	if (rv != SECSuccess) {
+	    RC2_DestroyContext(cx, PR_TRUE);
+	    cx = NULL;
+	}
+    }
+    return cx;
+}
+
+/*
+** Destroy an RC2 encryption/decryption context.
+**	"cx" the context
+**	"freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+void 
+RC2_DestroyContext(RC2Context *cx, PRBool freeit)
+{
+    if (cx) {
+	memset(cx, 0, sizeof *cx);
+	if (freeit) {
+	    PORT_Free(cx);
+	}
+    }
+}
+
+#define ROL(x,k) (x << k | x >> (16-k))
+#define MIX(j) \
+    R0 = R0 + cx->K[ 4*j+0] + (R3 & R2) + (~R3 & R1);  R0 = ROL(R0,1);\
+    R1 = R1 + cx->K[ 4*j+1] + (R0 & R3) + (~R0 & R2);  R1 = ROL(R1,2);\
+    R2 = R2 + cx->K[ 4*j+2] + (R1 & R0) + (~R1 & R3);  R2 = ROL(R2,3);\
+    R3 = R3 + cx->K[ 4*j+3] + (R2 & R1) + (~R2 & R0);  R3 = ROL(R3,5)
+#define MASH \
+    R0 = R0 + cx->K[R3 & 63];\
+    R1 = R1 + cx->K[R0 & 63];\
+    R2 = R2 + cx->K[R1 & 63];\
+    R3 = R3 + cx->K[R2 & 63]
+
+/* Encrypt one block */
+static void 
+rc2_Encrypt1Block(RC2Context *cx, RC2Block *output, RC2Block *input)
+{
+    register PRUint16 R0, R1, R2, R3;
+
+    /* step 1. Initialize input. */
+    R0 = input->s[0];
+    R1 = input->s[1];
+    R2 = input->s[2];
+    R3 = input->s[3];
+
+    /* step 2.  Expand Key (already done, in context) */
+    /* step 3.  j = 0 */
+    /* step 4.  Perform 5 mixing rounds. */
+
+    MIX(0);
+    MIX(1);
+    MIX(2);
+    MIX(3);
+    MIX(4);
+
+    /* step 5. Perform 1 mashing round. */
+    MASH;
+
+    /* step 6. Perform 6 mixing rounds. */
+
+    MIX(5);
+    MIX(6);
+    MIX(7);
+    MIX(8);
+    MIX(9);
+    MIX(10);
+
+    /* step 7. Perform 1 mashing round. */
+    MASH;
+
+    /* step 8. Perform 5 mixing rounds. */
+
+    MIX(11);
+    MIX(12);
+    MIX(13);
+    MIX(14);
+    MIX(15);
+
+    /* output results */
+    output->s[0] = R0;
+    output->s[1] = R1;
+    output->s[2] = R2;
+    output->s[3] = R3;
+}
+
+#define ROR(x,k) (x >> k | x << (16-k))
+#define R_MIX(j) \
+    R3 = ROR(R3,5); R3 = R3 - cx->K[ 4*j+3] - (R2 & R1) - (~R2 & R0);  \
+    R2 = ROR(R2,3); R2 = R2 - cx->K[ 4*j+2] - (R1 & R0) - (~R1 & R3);  \
+    R1 = ROR(R1,2); R1 = R1 - cx->K[ 4*j+1] - (R0 & R3) - (~R0 & R2);  \
+    R0 = ROR(R0,1); R0 = R0 - cx->K[ 4*j+0] - (R3 & R2) - (~R3 & R1)
+#define R_MASH \
+    R3 = R3 - cx->K[R2 & 63];\
+    R2 = R2 - cx->K[R1 & 63];\
+    R1 = R1 - cx->K[R0 & 63];\
+    R0 = R0 - cx->K[R3 & 63]
+
+/* Encrypt one block */
+static void 
+rc2_Decrypt1Block(RC2Context *cx, RC2Block *output, RC2Block *input)
+{
+    register PRUint16 R0, R1, R2, R3;
+
+    /* step 1. Initialize input. */
+    R0 = input->s[0];
+    R1 = input->s[1];
+    R2 = input->s[2];
+    R3 = input->s[3];
+
+    /* step 2.  Expand Key (already done, in context) */
+    /* step 3.  j = 63 */
+    /* step 4.  Perform 5 r_mixing rounds. */
+    R_MIX(15);
+    R_MIX(14);
+    R_MIX(13);
+    R_MIX(12);
+    R_MIX(11);
+
+    /* step 5.  Perform 1 r_mashing round. */
+    R_MASH;
+
+    /* step 6.  Perform 6 r_mixing rounds. */
+    R_MIX(10);
+    R_MIX(9);
+    R_MIX(8);
+    R_MIX(7);
+    R_MIX(6);
+    R_MIX(5);
+
+    /* step 7.  Perform 1 r_mashing round. */
+    R_MASH;
+
+    /* step 8.  Perform 5 r_mixing rounds. */
+    R_MIX(4);
+    R_MIX(3);
+    R_MIX(2);
+    R_MIX(1);
+    R_MIX(0);
+
+    /* output results */
+    output->s[0] = R0;
+    output->s[1] = R1;
+    output->s[2] = R2;
+    output->s[3] = R3;
+}
+
+static SECStatus
+rc2_EncryptECB(RC2Context *cx, unsigned char *output,
+	       const unsigned char *input, unsigned int inputLen)
+{
+    RC2Block  iBlock;
+
+    while (inputLen > 0) {
+    	LOAD(iBlock.s)
+	rc2_Encrypt1Block(cx, &iBlock, &iBlock);
+	STORE(iBlock.s)
+	output   += RC2_BLOCK_SIZE;
+	input    += RC2_BLOCK_SIZE;
+	inputLen -= RC2_BLOCK_SIZE;
+    }
+    return SECSuccess;
+}
+
+static SECStatus
+rc2_DecryptECB(RC2Context *cx, unsigned char *output,
+	       const unsigned char *input, unsigned int inputLen)
+{
+    RC2Block  iBlock;
+
+    while (inputLen > 0) {
+    	LOAD(iBlock.s)
+	rc2_Decrypt1Block(cx, &iBlock, &iBlock);
+	STORE(iBlock.s)
+	output   += RC2_BLOCK_SIZE;
+	input    += RC2_BLOCK_SIZE;
+	inputLen -= RC2_BLOCK_SIZE;
+    }
+    return SECSuccess;
+}
+
+static SECStatus
+rc2_EncryptCBC(RC2Context *cx, unsigned char *output,
+	       const unsigned char *input, unsigned int inputLen)
+{
+    RC2Block  iBlock;
+
+    while (inputLen > 0) {
+
+	LOAD(iBlock.s)
+	iBlock.l[0] ^= cx->iv.l[0];
+	iBlock.l[1] ^= cx->iv.l[1];
+	rc2_Encrypt1Block(cx, &iBlock, &iBlock);
+	cx->iv = iBlock;
+	STORE(iBlock.s)
+	output   += RC2_BLOCK_SIZE;
+	input    += RC2_BLOCK_SIZE;
+	inputLen -= RC2_BLOCK_SIZE;
+    }
+    return SECSuccess;
+}
+
+static SECStatus
+rc2_DecryptCBC(RC2Context *cx, unsigned char *output,
+	       const unsigned char *input, unsigned int inputLen)
+{
+    RC2Block  iBlock;
+    RC2Block  oBlock;
+
+    while (inputLen > 0) {
+	LOAD(iBlock.s)
+	rc2_Decrypt1Block(cx, &oBlock, &iBlock);
+	oBlock.l[0] ^= cx->iv.l[0];
+	oBlock.l[1] ^= cx->iv.l[1];
+	cx->iv = iBlock;
+	STORE(oBlock.s)
+	output   += RC2_BLOCK_SIZE;
+	input    += RC2_BLOCK_SIZE;
+	inputLen -= RC2_BLOCK_SIZE;
+    }
+    return SECSuccess;
+}
+
+
+/*
+** Perform RC2 encryption.
+**	"cx" the context
+**	"output" the output buffer to store the encrypted data.
+**	"outputLen" how much data is stored in "output". Set by the routine
+**	   after some data is stored in output.
+**	"maxOutputLen" the maximum amount of data that can ever be
+**	   stored in "output"
+**	"input" the input data
+**	"inputLen" the amount of input data
+*/
+SECStatus RC2_Encrypt(RC2Context *cx, unsigned char *output,
+		      unsigned int *outputLen, unsigned int maxOutputLen,
+		      const unsigned char *input, unsigned int inputLen)
+{
+    SECStatus rv = SECSuccess;
+    if (inputLen) {
+	if (inputLen % RC2_BLOCK_SIZE) {
+	    PORT_SetError(SEC_ERROR_INPUT_LEN);
+	    return SECFailure;
+	}
+	if (maxOutputLen < inputLen) {
+	    PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+	    return SECFailure;
+	}
+	rv = (*cx->enc)(cx, output, input, inputLen);
+    }
+    if (rv == SECSuccess) {
+    	*outputLen = inputLen;
+    }
+    return rv;
+}
+
+/*
+** Perform RC2 decryption.
+**	"cx" the context
+**	"output" the output buffer to store the decrypted data.
+**	"outputLen" how much data is stored in "output". Set by the routine
+**	   after some data is stored in output.
+**	"maxOutputLen" the maximum amount of data that can ever be
+**	   stored in "output"
+**	"input" the input data
+**	"inputLen" the amount of input data
+*/
+SECStatus RC2_Decrypt(RC2Context *cx, unsigned char *output,
+		      unsigned int *outputLen, unsigned int maxOutputLen,
+		      const unsigned char *input, unsigned int inputLen)
+{
+    SECStatus rv = SECSuccess;
+    if (inputLen) {
+	if (inputLen % RC2_BLOCK_SIZE) {
+	    PORT_SetError(SEC_ERROR_INPUT_LEN);
+	    return SECFailure;
+	}
+	if (maxOutputLen < inputLen) {
+	    PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+	    return SECFailure;
+	}
+	rv = (*cx->dec)(cx, output, input, inputLen);
+    }
+    if (rv == SECSuccess) {
+	*outputLen = inputLen;
+    }
+    return rv;
+}
+
diff --git a/security/nss/lib/freebl/alghmac.c b/security/nss/lib/freebl/alghmac.c
new file mode 100644
index 000000000..b1174f460
--- /dev/null
+++ b/security/nss/lib/freebl/alghmac.c
@@ -0,0 +1,193 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "secport.h"
+#include "hasht.h"
+#include "blapit.h"
+#include "alghmac.h"
+#include "secerr.h"
+
+#define HMAC_PAD_SIZE HASH_BLOCK_LENGTH_MAX
+
+struct HMACContextStr {
+    void *hash;
+    const SECHashObject *hashobj;
+    PRBool        wasAllocated;
+    unsigned char ipad[HMAC_PAD_SIZE];
+    unsigned char opad[HMAC_PAD_SIZE];
+};
+
+void
+HMAC_Destroy(HMACContext *cx, PRBool freeit)
+{
+    if (cx == NULL)
+	return;
+
+    PORT_Assert(!freeit == !cx->wasAllocated);
+    if (cx->hash != NULL) {
+	cx->hashobj->destroy(cx->hash, PR_TRUE);
+	PORT_Memset(cx, 0, sizeof *cx);
+    }
+    if (freeit)
+	PORT_Free(cx);
+}
+
+SECStatus
+HMAC_Init( HMACContext * cx, const SECHashObject *hash_obj, 
+	   const unsigned char *secret, unsigned int secret_len, PRBool isFIPS)
+{
+    unsigned int i;
+    unsigned char hashed_secret[HASH_LENGTH_MAX];
+
+    /* required by FIPS 198 Section 3 */
+    if (isFIPS && secret_len < hash_obj->length/2) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+    if (cx == NULL) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+    cx->wasAllocated = PR_FALSE;
+    cx->hashobj = hash_obj;
+    cx->hash = cx->hashobj->create();
+    if (cx->hash == NULL)
+	goto loser;
+
+    if (secret_len > cx->hashobj->blocklength) {
+	cx->hashobj->begin( cx->hash);
+	cx->hashobj->update(cx->hash, secret, secret_len);
+	PORT_Assert(cx->hashobj->length <= sizeof hashed_secret);
+	cx->hashobj->end(   cx->hash, hashed_secret, &secret_len, 
+	                 sizeof hashed_secret);
+	if (secret_len != cx->hashobj->length) {
+	    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+	    goto loser;
+	}
+	secret = (const unsigned char *)&hashed_secret[0];
+    }
+
+    PORT_Memset(cx->ipad, 0x36, cx->hashobj->blocklength);
+    PORT_Memset(cx->opad, 0x5c, cx->hashobj->blocklength);
+
+    /* fold secret into padding */
+    for (i = 0; i < secret_len; i++) {
+	cx->ipad[i] ^= secret[i];
+	cx->opad[i] ^= secret[i];
+    }
+    PORT_Memset(hashed_secret, 0, sizeof hashed_secret);
+    return SECSuccess;
+
+loser:
+    PORT_Memset(hashed_secret, 0, sizeof hashed_secret);
+    if (cx->hash != NULL)
+	cx->hashobj->destroy(cx->hash, PR_TRUE);
+    return SECFailure;
+}
+
+HMACContext *
+HMAC_Create(const SECHashObject *hash_obj, const unsigned char *secret, 
+            unsigned int secret_len, PRBool isFIPS)
+{
+    SECStatus rv;
+    HMACContext * cx = PORT_ZNew(HMACContext);
+    if (cx == NULL)
+	return NULL;
+    rv = HMAC_Init(cx, hash_obj, secret, secret_len, isFIPS);
+    cx->wasAllocated = PR_TRUE;
+    if (rv != SECSuccess) {
+	PORT_Free(cx); /* contains no secret info */
+	cx = NULL;
+    }
+    return cx;
+}
+
+void
+HMAC_Begin(HMACContext *cx)
+{
+    /* start inner hash */
+    cx->hashobj->begin(cx->hash);
+    cx->hashobj->update(cx->hash, cx->ipad, cx->hashobj->blocklength);
+}
+
+void
+HMAC_Update(HMACContext *cx, const unsigned char *data, unsigned int data_len)
+{
+    cx->hashobj->update(cx->hash, data, data_len);
+}
+
+SECStatus
+HMAC_Finish(HMACContext *cx, unsigned char *result, unsigned int *result_len,
+	    unsigned int max_result_len)
+{
+    if (max_result_len < cx->hashobj->length) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+
+    cx->hashobj->end(cx->hash, result, result_len, max_result_len);
+    if (*result_len != cx->hashobj->length)
+	return SECFailure;
+
+    cx->hashobj->begin(cx->hash);
+    cx->hashobj->update(cx->hash, cx->opad, cx->hashobj->blocklength);
+    cx->hashobj->update(cx->hash, result, *result_len);
+    cx->hashobj->end(cx->hash, result, result_len, max_result_len);
+    return SECSuccess;
+}
+
+HMACContext *
+HMAC_Clone(HMACContext *cx)
+{
+    HMACContext *newcx;
+
+    newcx = (HMACContext*)PORT_ZAlloc(sizeof(HMACContext));
+    if (newcx == NULL)
+	goto loser;
+
+    newcx->wasAllocated = PR_TRUE;
+    newcx->hashobj = cx->hashobj;
+    newcx->hash = cx->hashobj->clone(cx->hash);
+    if (newcx->hash == NULL)
+	goto loser;
+    PORT_Memcpy(newcx->ipad, cx->ipad, cx->hashobj->blocklength);
+    PORT_Memcpy(newcx->opad, cx->opad, cx->hashobj->blocklength);
+    return newcx;
+
+loser:
+    HMAC_Destroy(newcx, PR_TRUE);
+    return NULL;
+}
diff --git a/security/nss/lib/freebl/alghmac.h b/security/nss/lib/freebl/alghmac.h
new file mode 100644
index 000000000..81c5bfa50
--- /dev/null
+++ b/security/nss/lib/freebl/alghmac.h
@@ -0,0 +1,96 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#ifndef _ALGHMAC_H_
+#define _ALGHMAC_H_
+
+typedef struct HMACContextStr HMACContext;
+
+SEC_BEGIN_PROTOS
+
+/* destroy HMAC context */
+extern void
+HMAC_Destroy(HMACContext *cx, PRBool freeit);
+
+/* create HMAC context
+ *  hash_obj    hash object from SECRawHashObjects[]
+ *  secret	the secret with which the HMAC is performed.
+ *  secret_len	the length of the secret.
+ *  isFIPS	true if conforming to FIPS 198.
+ *
+ * NULL is returned if an error occurs.
+ */
+extern HMACContext *
+HMAC_Create(const SECHashObject *hash_obj, const unsigned char *secret, 
+	    unsigned int secret_len, PRBool isFIPS);
+
+/* like HMAC_Create, except caller allocates HMACContext. */
+SECStatus
+HMAC_Init(HMACContext *cx, const SECHashObject *hash_obj, 
+	  const unsigned char *secret, unsigned int secret_len, PRBool isFIPS);
+
+/* reset HMAC for a fresh round */
+extern void
+HMAC_Begin(HMACContext *cx);
+
+/* update HMAC 
+ *  cx		HMAC Context
+ *  data	the data to perform HMAC on
+ *  data_len	the length of the data to process
+ */
+extern void 
+HMAC_Update(HMACContext *cx, const unsigned char *data, unsigned int data_len);
+
+/* Finish HMAC -- place the results within result
+ *  cx		HMAC context
+ *  result	buffer for resulting hmac'd data
+ *  result_len	where the resultant hmac length is stored
+ *  max_result_len  maximum possible length that can be stored in result
+ */
+extern SECStatus
+HMAC_Finish(HMACContext *cx, unsigned char *result, unsigned int *result_len,
+	    unsigned int max_result_len);
+
+/* clone a copy of the HMAC state.  this is usefult when you would
+ * need to keep a running hmac but also need to extract portions 
+ * partway through the process.
+ */
+extern HMACContext *
+HMAC_Clone(HMACContext *cx);
+
+SEC_END_PROTOS
+
+#endif
diff --git a/security/nss/lib/freebl/arcfive.c b/security/nss/lib/freebl/arcfive.c
new file mode 100644
index 000000000..42e6bf7e3
--- /dev/null
+++ b/security/nss/lib/freebl/arcfive.c
@@ -0,0 +1,117 @@
+/*
+ * arcfive.c - stubs for RC5 - NOT a working implementation!
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include "blapi.h"
+#include "prerror.h"
+
+/******************************************/
+/*
+** RC5 symmetric block cypher -- 64-bit block size
+*/
+
+/*
+** Create a new RC5 context suitable for RC5 encryption/decryption.
+**      "key" raw key data
+**      "len" the number of bytes of key data
+**      "iv" is the CBC initialization vector (if mode is NSS_RC5_CBC)
+**      "mode" one of NSS_RC5 or NSS_RC5_CBC
+**
+** When mode is set to NSS_RC5_CBC the RC5 cipher is run in "cipher block
+** chaining" mode.
+*/
+RC5Context *
+RC5_CreateContext(const SECItem *key, unsigned int rounds,
+                  unsigned int wordSize, const unsigned char *iv, int mode)
+{
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+    return NULL;
+}
+
+/*
+** Destroy an RC5 encryption/decryption context.
+**      "cx" the context
+**      "freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+void 
+RC5_DestroyContext(RC5Context *cx, PRBool freeit) 
+{
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+}
+
+/*
+** Perform RC5 encryption.
+**      "cx" the context
+**      "output" the output buffer to store the encrypted data.
+**      "outputLen" how much data is stored in "output". Set by the routine
+**         after some data is stored in output.
+**      "maxOutputLen" the maximum amount of data that can ever be
+**         stored in "output"
+**      "input" the input data
+**      "inputLen" the amount of input data
+*/
+SECStatus 
+RC5_Encrypt(RC5Context *cx, unsigned char *output, unsigned int *outputLen, 
+	    unsigned int maxOutputLen, 
+	    const unsigned char *input, unsigned int inputLen)
+{
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+    return SECFailure;
+}
+
+/*
+** Perform RC5 decryption.
+**      "cx" the context
+**      "output" the output buffer to store the decrypted data.
+**      "outputLen" how much data is stored in "output". Set by the routine
+**         after some data is stored in output.
+**      "maxOutputLen" the maximum amount of data that can ever be
+**         stored in "output"
+**      "input" the input data
+**      "inputLen" the amount of input data
+*/
+SECStatus 
+RC5_Decrypt(RC5Context *cx, unsigned char *output, unsigned int *outputLen, 
+	    unsigned int maxOutputLen,
+            const unsigned char *input, unsigned int inputLen)
+{
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+    return SECFailure;
+}
+
diff --git a/security/nss/lib/freebl/arcfour-amd64-gas.s b/security/nss/lib/freebl/arcfour-amd64-gas.s
new file mode 100644
index 000000000..e131fd16a
--- /dev/null
+++ b/security/nss/lib/freebl/arcfour-amd64-gas.s
@@ -0,0 +1,120 @@
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is "Marc Bevand's fast AMD64 ARCFOUR source"
+#
+# The Initial Developer of the Original Code is
+# Marc Bevand <bevand_m@epita.fr> .
+# Portions created by the Initial Developer are 
+# Copyright (C) 2004 the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+# ** ARCFOUR implementation optimized for AMD64.
+# **
+# ** The throughput achieved by this code is about 320 MBytes/sec, on
+# ** a 1.8 GHz AMD Opteron (rev C0) processor.
+
+.text
+.align 16
+.globl ARCFOUR
+.type ARCFOUR,@function
+ARCFOUR:
+	pushq	%rbp
+	pushq	%rbx
+	movq	%rdi,		%rbp	# key = ARG(key)
+	movq	%rsi,		%rbx	# rbx = ARG(len)
+	movq	%rdx,		%rsi	# in = ARG(in)
+	movq	%rcx,		%rdi	# out = ARG(out)
+	movq	(%rbp),		%rcx	# x = key->x
+	movq	8(%rbp),	%rdx	# y = key->y
+	addq	$16,		%rbp	# d = key->data
+	incq	%rcx			# x++
+	andq	$255,		%rcx	# x &= 0xff
+	leaq	-8(%rbx,%rsi),	%rbx	# rbx = in+len-8
+	movq	%rbx,		%r9	# tmp = in+len-8
+	movq	0(%rbp,%rcx,8),	%rax	# tx = d[x]
+	cmpq	%rsi,		%rbx	# cmp in with in+len-8
+	jl	.Lend			# jump if (in+len-8 < in)
+
+.Lstart:
+	addq	$8,		%rsi		# increment in
+	addq	$8,		%rdi		# increment out
+
+	# generate the next 8 bytes of the rc4 stream into %r8
+	movq	$8,		%r11		# byte counter
+1:	addb	%al,		%dl		# y += tx
+	movl	0(%rbp,%rdx,8),	%ebx		# ty = d[y]
+	movl	%ebx,		0(%rbp,%rcx,8)	# d[x] = ty
+	addb	%al,		%bl		# val = ty + tx
+	movl	%eax,		0(%rbp,%rdx,8)	# d[y] = tx
+	incb	%cl				# x++		(NEXT ROUND)
+	movl	0(%rbp,%rcx,8),	%eax		# tx = d[x]	(NEXT ROUND)
+	movb	0(%rbp,%rbx,8),	%r8b		# val = d[val]
+	decb	%r11b
+	rorq	$8,		%r8		# (ror does not change ZF)
+	jnz 	1b
+
+	# xor 8 bytes
+	xorq	-8(%rsi),	%r8
+	cmpq	%r9,		%rsi		# cmp in+len-8 with in
+	movq	%r8,		-8(%rdi)
+	jle	.Lstart				# jump if (in <= in+len-8)
+
+.Lend:
+	addq	$8,		%r9		# tmp = in+len
+
+	# handle the last bytes, one by one
+1:	cmpq	%rsi,		%r9		# cmp in with in+len
+	jle	.Lfinished			# jump if (in+len <= in)
+	addb	%al,		%dl		# y += tx
+	movl	0(%rbp,%rdx,8),	%ebx		# ty = d[y]
+	movl	%ebx,		0(%rbp,%rcx,8)	# d[x] = ty
+	addb	%al,		%bl		# val = ty + tx
+	movl	%eax,		0(%rbp,%rdx,8)	# d[y] = tx
+	incb	%cl				# x++		(NEXT ROUND)
+	movl	0(%rbp,%rcx,8),	%eax		# tx = d[x]	(NEXT ROUND)
+	movb	0(%rbp,%rbx,8),	%r8b		# val = d[val]
+	xorb	(%rsi),		%r8b		# xor 1 byte
+	movb	%r8b,		(%rdi)
+	incq	%rsi				# in++
+	incq	%rdi				# out++
+	jmp 1b
+
+.Lfinished:
+	decq	%rcx				# x--
+	movb	%dl,		-8(%rbp)	# key->y = y
+	movb	%cl,		-16(%rbp)	# key->x = x
+	popq	%rbx
+	popq	%rbp
+	ret
+.L_ARCFOUR_end:
+.size ARCFOUR,.L_ARCFOUR_end-ARCFOUR
+
+# Magic indicating no need for an executable stack
+.section .note.GNU-stack,"",@progbits
+.previous
diff --git a/security/nss/lib/freebl/arcfour-amd64-sun.s b/security/nss/lib/freebl/arcfour-amd64-sun.s
new file mode 100644
index 000000000..7f684d222
--- /dev/null
+++ b/security/nss/lib/freebl/arcfour-amd64-sun.s
@@ -0,0 +1,116 @@
+/ ***** BEGIN LICENSE BLOCK *****
+/ Version: MPL 1.1/GPL 2.0/LGPL 2.1
+/
+/ The contents of this file are subject to the Mozilla Public License Version
+/ 1.1 (the "License"); you may not use this file except in compliance with
+/ the License. You may obtain a copy of the License at
+/ http://www.mozilla.org/MPL/
+/
+/ Software distributed under the License is distributed on an "AS IS" basis,
+/ WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+/ for the specific language governing rights and limitations under the
+/ License.
+/
+/ The Original Code is "Marc Bevand's fast AMD64 ARCFOUR source"
+/
+/ The Initial Developer of the Original Code is
+/ Marc Bevand <bevand_m@epita.fr> .
+/ Portions created by the Initial Developer are 
+/ Copyright (C) 2004 the Initial Developer. All Rights Reserved.
+/
+/ Contributor(s):
+/
+/ Alternatively, the contents of this file may be used under the terms of
+/ either the GNU General Public License Version 2 or later (the "GPL"), or
+/ the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+/ in which case the provisions of the GPL or the LGPL are applicable instead
+/ of those above. If you wish to allow use of your version of this file only
+/ under the terms of either the GPL or the LGPL, and not to allow others to
+/ use your version of this file under the terms of the MPL, indicate your
+/ decision by deleting the provisions above and replace them with the notice
+/ and other provisions required by the GPL or the LGPL. If you do not delete
+/ the provisions above, a recipient may use your version of this file under
+/ the terms of any one of the MPL, the GPL or the LGPL.
+/
+/ ***** END LICENSE BLOCK *****
+
+/ ** ARCFOUR implementation optimized for AMD64.
+/ **
+/ ** The throughput achieved by this code is about 320 MBytes/sec, on
+/ ** a 1.8 GHz AMD Opteron (rev C0) processor.
+
+.text
+.align 16
+.globl ARCFOUR
+.type ARCFOUR,@function
+ARCFOUR:
+	pushq	%rbp
+	pushq	%rbx
+	movq	%rdi,		%rbp	/ key = ARG(key)
+	movq	%rsi,		%rbx	/ rbx = ARG(len)
+	movq	%rdx,		%rsi	/ in = ARG(in)
+	movq	%rcx,		%rdi	/ out = ARG(out)
+	movq	(%rbp),		%rcx	/ x = key->x
+	movq	8(%rbp),	%rdx	/ y = key->y
+	addq	$16,		%rbp	/ d = key->data
+	incq	%rcx			/ x++
+	andq	$255,		%rcx	/ x &= 0xff
+	leaq	-8(%rbx,%rsi),	%rbx	/ rbx = in+len-8
+	movq	%rbx,		%r9	/ tmp = in+len-8
+	movq	0(%rbp,%rcx,8),	%rax	/ tx = d[x]
+	cmpq	%rsi,		%rbx	/ cmp in with in+len-8
+	jl	.Lend			/ jump if (in+len-8 < in)
+
+.Lstart:
+	addq	$8,		%rsi		/ increment in
+	addq	$8,		%rdi		/ increment out
+
+	/ generate the next 8 bytes of the rc4 stream into %r8
+	movq	$8,		%r11		/ byte counter
+1:	addb	%al,		%dl		/ y += tx
+	movl	0(%rbp,%rdx,8),	%ebx		/ ty = d[y]
+	movl	%ebx,		0(%rbp,%rcx,8)	/ d[x] = ty
+	addb	%al,		%bl		/ val = ty + tx
+	movl	%eax,		0(%rbp,%rdx,8)	/ d[y] = tx
+	incb	%cl				/ x++		(NEXT ROUND)
+	movl	0(%rbp,%rcx,8),	%eax		/ tx = d[x]	(NEXT ROUND)
+	movb	0(%rbp,%rbx,8),	%r8b		/ val = d[val]
+	decb	%r11b
+	rorq	$8,		%r8		/ (ror does not change ZF)
+	jnz 	1b
+
+	/ xor 8 bytes
+	xorq	-8(%rsi),	%r8
+	cmpq	%r9,		%rsi		/ cmp in+len-8 with in
+	movq	%r8,		-8(%rdi)
+	jle	.Lstart				/ jump if (in <= in+len-8)
+
+.Lend:
+	addq	$8,		%r9		/ tmp = in+len
+
+	/ handle the last bytes, one by one
+1:	cmpq	%rsi,		%r9		/ cmp in with in+len
+	jle	.Lfinished			/ jump if (in+len <= in)
+	addb	%al,		%dl		/ y += tx
+	movl	0(%rbp,%rdx,8),	%ebx		/ ty = d[y]
+	movl	%ebx,		0(%rbp,%rcx,8)	/ d[x] = ty
+	addb	%al,		%bl		/ val = ty + tx
+	movl	%eax,		0(%rbp,%rdx,8)	/ d[y] = tx
+	incb	%cl				/ x++		(NEXT ROUND)
+	movl	0(%rbp,%rcx,8),	%eax		/ tx = d[x]	(NEXT ROUND)
+	movb	0(%rbp,%rbx,8),	%r8b		/ val = d[val]
+	xorb	(%rsi),		%r8b		/ xor 1 byte
+	movb	%r8b,		(%rdi)
+	incq	%rsi				/ in++
+	incq	%rdi				/ out++
+	jmp 1b
+
+.Lfinished:
+	decq	%rcx				/ x--
+	movb	%dl,		-8(%rbp)	/ key->y = y
+	movb	%cl,		-16(%rbp)	/ key->x = x
+	popq	%rbx
+	popq	%rbp
+	ret
+.L_ARCFOUR_end:
+.size ARCFOUR,.L_ARCFOUR_end-ARCFOUR
diff --git a/security/nss/lib/freebl/arcfour.c b/security/nss/lib/freebl/arcfour.c
new file mode 100644
index 000000000..52329beda
--- /dev/null
+++ b/security/nss/lib/freebl/arcfour.c
@@ -0,0 +1,639 @@
+/* arcfour.c - the arc four algorithm.
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+/* See NOTES ON UMRs, Unititialized Memory Reads, below. */
+
+#include "prerr.h"
+#include "secerr.h"
+
+#include "prtypes.h"
+#include "blapi.h"
+
+/* Architecture-dependent defines */
+
+#if defined(SOLARIS) || defined(HPUX) || defined(i386) || defined(IRIX)
+/* Convert the byte-stream to a word-stream */
+#define CONVERT_TO_WORDS
+#endif
+
+#if defined(AIX) || defined(OSF1) || defined(NSS_BEVAND_ARCFOUR)
+/* Treat array variables as longs, not bytes, on CPUs that take 
+ * much longer to write bytes than to write longs, or when using 
+ * assembler code that required it.
+ */
+#define USE_LONG
+#endif
+
+#if defined(_WIN32_WCE)
+#undef WORD
+#define WORD ARC4WORD
+#endif
+
+#if defined(IS_64) && !defined(__sparc) && !defined(NSS_USE_64) 
+typedef unsigned long long WORD;
+#else
+typedef unsigned long WORD;
+#endif
+#define WORDSIZE sizeof(WORD)
+
+#ifdef USE_LONG
+typedef unsigned long Stype;
+#else
+typedef PRUint8 Stype;
+#endif
+
+#define ARCFOUR_STATE_SIZE 256
+
+#define MASK1BYTE (WORD)(0xff)
+
+#define SWAP(a, b) \
+	tmp = a; \
+	a = b; \
+	b = tmp;
+
+/*
+ * State information for stream cipher.
+ */
+struct RC4ContextStr
+{
+#if defined(NSS_ARCFOUR_IJ_B4_S) || defined(NSS_BEVAND_ARCFOUR)
+	Stype i;
+	Stype j;
+	Stype S[ARCFOUR_STATE_SIZE];
+#else
+	Stype S[ARCFOUR_STATE_SIZE];
+	Stype i;
+	Stype j;
+#endif
+};
+
+/*
+ * array indices [0..255] to initialize cx->S array (faster than loop).
+ */
+static const Stype Kinit[256] = {
+	0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+	0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+	0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+	0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+	0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+	0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+	0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+	0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+	0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+	0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+	0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+	0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
+	0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
+	0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+	0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
+	0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
+	0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+	0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+	0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+	0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
+	0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
+	0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
+	0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+	0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
+	0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+	0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
+	0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
+	0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
+	0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
+	0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
+	0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+	0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
+};
+
+RC4Context *
+RC4_AllocateContext(void)
+{
+    return PORT_ZNew(RC4Context);
+}
+
+SECStatus   
+RC4_InitContext(RC4Context *cx, const unsigned char *key, unsigned int len,
+	        const unsigned char * unused1, int unused2, 
+		unsigned int unused3, unsigned int unused4)
+{
+	int i;
+	PRUint8 j, tmp;
+	PRUint8 K[256];
+	PRUint8 *L;
+	/* verify the key length. */
+	PORT_Assert(len > 0 && len < ARCFOUR_STATE_SIZE);
+	if (len < 0 || len >= ARCFOUR_STATE_SIZE) {
+		PORT_SetError(SEC_ERROR_INVALID_ARGS);
+		return SECFailure;
+	}
+	if (cx == NULL) {
+	    PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	    return SECFailure;
+	}
+	/* Initialize the state using array indices. */
+	memcpy(cx->S, Kinit, sizeof cx->S);
+	/* Fill in K repeatedly with values from key. */
+	L = K;
+	for (i = sizeof K; i > len; i-= len) {
+		memcpy(L, key, len);
+		L += len;
+	}
+	memcpy(L, key, i);
+	/* Stir the state of the generator.  At this point it is assumed
+	 * that the key is the size of the state buffer.  If this is not
+	 * the case, the key bytes are repeated to fill the buffer.
+	 */
+	j = 0;
+#define ARCFOUR_STATE_STIR(ii) \
+	j = j + cx->S[ii] + K[ii]; \
+	SWAP(cx->S[ii], cx->S[j]);
+	for (i=0; i<ARCFOUR_STATE_SIZE; i++) {
+		ARCFOUR_STATE_STIR(i);
+	}
+	cx->i = 0;
+	cx->j = 0;
+	return SECSuccess;
+}
+
+
+/*
+ * Initialize a new generator.
+ */
+RC4Context *
+RC4_CreateContext(const unsigned char *key, int len)
+{
+    RC4Context *cx = RC4_AllocateContext();
+    if (cx) {
+	SECStatus rv = RC4_InitContext(cx, key, len, NULL, 0, 0, 0);
+	if (rv != SECSuccess) {
+	    PORT_ZFree(cx, sizeof(*cx));
+	    cx = NULL;
+	}
+    }
+    return cx;
+}
+
+void 
+RC4_DestroyContext(RC4Context *cx, PRBool freeit)
+{
+	if (freeit)
+		PORT_ZFree(cx, sizeof(*cx));
+}
+
+#if defined(NSS_BEVAND_ARCFOUR)
+extern void ARCFOUR(RC4Context *cx, unsigned long inputLen, 
+	const unsigned char *input, unsigned char *output);
+#else
+/*
+ * Generate the next byte in the stream.
+ */
+#define ARCFOUR_NEXT_BYTE() \
+	tmpSi = cx->S[++tmpi]; \
+	tmpj += tmpSi; \
+	tmpSj = cx->S[tmpj]; \
+	cx->S[tmpi] = tmpSj; \
+	cx->S[tmpj] = tmpSi; \
+	t = tmpSi + tmpSj;
+
+#ifdef CONVERT_TO_WORDS
+/*
+ * Straight ARCFOUR op.  No optimization.
+ */
+static SECStatus 
+rc4_no_opt(RC4Context *cx, unsigned char *output,
+           unsigned int *outputLen, unsigned int maxOutputLen,
+           const unsigned char *input, unsigned int inputLen)
+{
+    PRUint8 t;
+	Stype tmpSi, tmpSj;
+	register PRUint8 tmpi = cx->i;
+	register PRUint8 tmpj = cx->j;
+	unsigned int index;
+	PORT_Assert(maxOutputLen >= inputLen);
+	if (maxOutputLen < inputLen) {
+		PORT_SetError(SEC_ERROR_INVALID_ARGS);
+		return SECFailure;
+	}
+	for (index=0; index < inputLen; index++) {
+		/* Generate next byte from stream. */
+		ARCFOUR_NEXT_BYTE();
+		/* output = next stream byte XOR next input byte */
+		output[index] = cx->S[t] ^ input[index];
+	}
+	*outputLen = inputLen;
+	cx->i = tmpi;
+	cx->j = tmpj;
+	return SECSuccess;
+}
+#endif
+
+#ifndef CONVERT_TO_WORDS
+/*
+ * Byte-at-a-time ARCFOUR, unrolling the loop into 8 pieces.
+ */
+static SECStatus 
+rc4_unrolled(RC4Context *cx, unsigned char *output,
+             unsigned int *outputLen, unsigned int maxOutputLen,
+             const unsigned char *input, unsigned int inputLen)
+{
+	PRUint8 t;
+	Stype tmpSi, tmpSj;
+	register PRUint8 tmpi = cx->i;
+	register PRUint8 tmpj = cx->j;
+	int index;
+	PORT_Assert(maxOutputLen >= inputLen);
+	if (maxOutputLen < inputLen) {
+		PORT_SetError(SEC_ERROR_INVALID_ARGS);
+		return SECFailure;
+	}
+	for (index = inputLen / 8; index-- > 0; input += 8, output += 8) {
+		ARCFOUR_NEXT_BYTE();
+		output[0] = cx->S[t] ^ input[0];
+		ARCFOUR_NEXT_BYTE();
+		output[1] = cx->S[t] ^ input[1];
+		ARCFOUR_NEXT_BYTE();
+		output[2] = cx->S[t] ^ input[2];
+		ARCFOUR_NEXT_BYTE();
+		output[3] = cx->S[t] ^ input[3];
+		ARCFOUR_NEXT_BYTE();
+		output[4] = cx->S[t] ^ input[4];
+		ARCFOUR_NEXT_BYTE();
+		output[5] = cx->S[t] ^ input[5];
+		ARCFOUR_NEXT_BYTE();
+		output[6] = cx->S[t] ^ input[6];
+		ARCFOUR_NEXT_BYTE();
+		output[7] = cx->S[t] ^ input[7];
+	}
+	index = inputLen % 8;
+	if (index) {
+		input += index;
+		output += index;
+		switch (index) {
+		case 7:
+			ARCFOUR_NEXT_BYTE();
+			output[-7] = cx->S[t] ^ input[-7]; /* FALLTHRU */
+		case 6:
+			ARCFOUR_NEXT_BYTE();
+			output[-6] = cx->S[t] ^ input[-6]; /* FALLTHRU */
+		case 5:
+			ARCFOUR_NEXT_BYTE();
+			output[-5] = cx->S[t] ^ input[-5]; /* FALLTHRU */
+		case 4:
+			ARCFOUR_NEXT_BYTE();
+			output[-4] = cx->S[t] ^ input[-4]; /* FALLTHRU */
+		case 3:
+			ARCFOUR_NEXT_BYTE();
+			output[-3] = cx->S[t] ^ input[-3]; /* FALLTHRU */
+		case 2:
+			ARCFOUR_NEXT_BYTE();
+			output[-2] = cx->S[t] ^ input[-2]; /* FALLTHRU */
+		case 1:
+			ARCFOUR_NEXT_BYTE();
+			output[-1] = cx->S[t] ^ input[-1]; /* FALLTHRU */
+		default:
+			/* FALLTHRU */
+			; /* hp-ux build breaks without this */
+		}
+	}
+	cx->i = tmpi;
+	cx->j = tmpj;
+	*outputLen = inputLen;
+	return SECSuccess;
+}
+#endif
+
+#ifdef IS_LITTLE_ENDIAN
+#define ARCFOUR_NEXT4BYTES_L(n) \
+	ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n     ); \
+	ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n +  8); \
+	ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n + 16); \
+	ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n + 24);
+#else
+#define ARCFOUR_NEXT4BYTES_B(n) \
+	ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n + 24); \
+	ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n + 16); \
+	ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n +  8); \
+	ARCFOUR_NEXT_BYTE(); streamWord |= (WORD)cx->S[t] << (n     );
+#endif
+
+#if (defined(IS_64) && !defined(__sparc)) || defined(NSS_USE_64)
+/* 64-bit wordsize */
+#ifdef IS_LITTLE_ENDIAN
+#define ARCFOUR_NEXT_WORD() \
+	{ streamWord = 0; ARCFOUR_NEXT4BYTES_L(0); ARCFOUR_NEXT4BYTES_L(32); }
+#else
+#define ARCFOUR_NEXT_WORD() \
+	{ streamWord = 0; ARCFOUR_NEXT4BYTES_B(32); ARCFOUR_NEXT4BYTES_B(0); }
+#endif
+#else
+/* 32-bit wordsize */
+#ifdef IS_LITTLE_ENDIAN
+#define ARCFOUR_NEXT_WORD() \
+	{ streamWord = 0; ARCFOUR_NEXT4BYTES_L(0); }
+#else
+#define ARCFOUR_NEXT_WORD() \
+	{ streamWord = 0; ARCFOUR_NEXT4BYTES_B(0); }
+#endif
+#endif
+
+#ifdef IS_LITTLE_ENDIAN
+#define RSH <<
+#define LSH >>
+#else
+#define RSH >>
+#define LSH <<
+#endif
+
+#ifdef CONVERT_TO_WORDS
+/* NOTE about UMRs, Uninitialized Memory Reads.
+ *
+ * This code reads all input data a WORD at a time, rather than byte at 
+ * a time, and writes all output data a WORD at a time.  Shifting and 
+ * masking is used to remove unwanted data and realign bytes when 
+ * needed.  The first and last words of output are read, modified, and
+ * written when needed to preserve any unchanged bytes.  This is a huge
+ * win on machines with high memory latency.  
+ *
+ * However, when the input and output buffers do not begin and end on WORD 
+ * boundaries, and the WORDS in memory that contain the first and last 
+ * bytes of those buffers contain uninitialized data, then this code will 
+ * read those uninitialized bytes, causing a UMR error to be reported by 
+ * some tools.  
+ *
+ * These UMRs are NOT a problem, NOT errors, and do NOT need to be "fixed".
+ * 
+ * All the words read and written contain at least one byte that is 
+ * part of the input data or output data.  No words are read or written
+ * that do not contain data that is part of the buffer.  Therefore, 
+ * these UMRs cannot cause page faults or other problems unless the 
+ * buffers have been assigned to improper addresses that would cause
+ * page faults with or without UMRs.  
+ */
+static SECStatus 
+rc4_wordconv(RC4Context *cx, unsigned char *output,
+             unsigned int *outputLen, unsigned int maxOutputLen,
+             const unsigned char *input, unsigned int inputLen)
+{
+	ptrdiff_t inOffset = (ptrdiff_t)input % WORDSIZE;
+	ptrdiff_t outOffset = (ptrdiff_t)output % WORDSIZE;
+	register WORD streamWord, mask;
+	register WORD *pInWord, *pOutWord;
+	register WORD inWord, nextInWord;
+	PRUint8 t;
+	register Stype tmpSi, tmpSj;
+	register PRUint8 tmpi = cx->i;
+	register PRUint8 tmpj = cx->j;
+	unsigned int byteCount;
+	unsigned int bufShift, invBufShift;
+	int i;
+
+	PORT_Assert(maxOutputLen >= inputLen);
+	if (maxOutputLen < inputLen) {
+		PORT_SetError(SEC_ERROR_INVALID_ARGS);
+		return SECFailure;
+	}
+	if (inputLen < 2*WORDSIZE) {
+		/* Ignore word conversion, do byte-at-a-time */
+		return rc4_no_opt(cx, output, outputLen, maxOutputLen, input, inputLen);
+	}
+	*outputLen = inputLen;
+	pInWord = (WORD *)(input - inOffset);
+	if (inOffset < outOffset) {
+		bufShift = 8*(outOffset - inOffset);
+		invBufShift = 8*WORDSIZE - bufShift;
+	} else {
+		invBufShift = 8*(inOffset - outOffset);
+		bufShift = 8*WORDSIZE - invBufShift;
+	}
+	/*****************************************************************/
+	/* Step 1:                                                       */
+	/* If the first output word is partial, consume the bytes in the */
+	/* first partial output word by loading one or two words of      */
+	/* input and shifting them accordingly.  Otherwise, just load    */
+	/* in the first word of input.  At the end of this block, at     */
+	/* least one partial word of input should ALWAYS be loaded.      */
+	/*****************************************************************/
+	if (outOffset) {
+		/* Generate input and stream words aligned relative to the
+		 * partial output buffer.
+		 */
+		byteCount = WORDSIZE - outOffset; 
+		pOutWord = (WORD *)(output - outOffset);
+		mask = streamWord = 0;
+#ifdef IS_LITTLE_ENDIAN
+		for (i = WORDSIZE - byteCount; i < WORDSIZE; i++) {
+#else
+		for (i = byteCount - 1; i >= 0; --i) {
+#endif
+			ARCFOUR_NEXT_BYTE();
+			streamWord |= (WORD)(cx->S[t]) << 8*i;
+			mask |= MASK1BYTE << 8*i;
+		} /* } */
+		inWord = *pInWord++; /* UMR? see comments above. */
+		/* If buffers are relatively misaligned, shift the bytes in inWord
+		 * to be aligned to the output buffer.
+		 */
+		nextInWord = 0;
+		if (inOffset < outOffset) {
+			/* Have more bytes than needed, shift remainder into nextInWord */
+			nextInWord = inWord LSH 8*(inOffset + byteCount);
+			inWord = inWord RSH bufShift;
+		} else if (inOffset > outOffset) {
+			/* Didn't get enough bytes from current input word, load another
+			 * word and then shift remainder into nextInWord.
+			 */
+			nextInWord = *pInWord++;
+			inWord = (inWord LSH invBufShift) | 
+			         (nextInWord RSH bufShift);
+			nextInWord = nextInWord LSH invBufShift;
+		}
+		/* Store output of first partial word */
+		*pOutWord = (*pOutWord & ~mask) | ((inWord ^ streamWord) & mask);
+		/* UMR?  See comments above. */
+
+		/* Consumed byteCount bytes of input */
+		inputLen -= byteCount;
+		/* move to next word of output */
+		pOutWord++;
+		/* inWord has been consumed, but there may be bytes in nextInWord */
+		inWord = nextInWord;
+	} else {
+		/* output is word-aligned */
+		pOutWord = (WORD *)output;
+		if (inOffset) {
+			/* Input is not word-aligned.  The first word load of input 
+			 * will not produce a full word of input bytes, so one word
+			 * must be pre-loaded.  The main loop below will load in the
+			 * next input word and shift some of its bytes into inWord
+			 * in order to create a full input word.  Note that the main
+			 * loop must execute at least once because the input must
+			 * be at least two words.
+			 */
+			inWord = *pInWord++; /* UMR? see comments above. */
+			inWord = inWord LSH invBufShift;
+		} else {
+			/* Input is word-aligned.  The first word load of input 
+			 * will produce a full word of input bytes, so nothing
+			 * needs to be loaded here.
+			 */
+			inWord = 0;
+		}
+	}
+	/* Output buffer is aligned, inOffset is now measured relative to
+	 * outOffset (and not a word boundary).
+	 */
+	inOffset = (inOffset + WORDSIZE - outOffset) % WORDSIZE;
+	/*****************************************************************/
+	/* Step 2: main loop                                             */
+	/* At this point the output buffer is word-aligned.  Any unused  */
+	/* bytes from above will be in inWord (shifted correctly).  If   */
+	/* the input buffer is unaligned relative to the output buffer,  */
+	/* shifting has to be done.                                      */
+	/*****************************************************************/
+	if (inOffset) {
+		for (; inputLen >= WORDSIZE; inputLen -= WORDSIZE) {
+			nextInWord = *pInWord++;
+			inWord |= nextInWord RSH bufShift;
+			nextInWord = nextInWord LSH invBufShift;
+			ARCFOUR_NEXT_WORD();
+			*pOutWord++ = inWord ^ streamWord;
+			inWord = nextInWord;
+		}
+		if (inputLen == 0) {
+			/* Nothing left to do. */
+			cx->i = tmpi;
+			cx->j = tmpj;
+			return SECSuccess;
+		}
+		/* If the amount of remaining input is greater than the amount
+		 * bytes pulled from the current input word, need to do another
+		 * word load.  What's left in inWord will be consumed in step 3.
+		 */
+		if (inputLen > WORDSIZE - inOffset)
+			inWord |= *pInWord RSH bufShift; /* UMR?  See above. */
+	} else {
+		for (; inputLen >= WORDSIZE; inputLen -= WORDSIZE) {
+			inWord = *pInWord++;
+			ARCFOUR_NEXT_WORD();
+			*pOutWord++ = inWord ^ streamWord;
+		}
+		if (inputLen == 0) {
+			/* Nothing left to do. */
+			cx->i = tmpi;
+			cx->j = tmpj;
+			return SECSuccess;
+		} else {
+			/* A partial input word remains at the tail.  Load it. 
+			 * The relevant bytes will be consumed in step 3.
+			 */
+			inWord = *pInWord; /* UMR?  See comments above */
+		}
+	}
+	/*****************************************************************/
+	/* Step 3:                                                       */
+	/* A partial word of input remains, and it is already loaded     */
+	/* into nextInWord.  Shift appropriately and consume the bytes   */
+	/* used in the partial word.                                     */
+	/*****************************************************************/
+	mask = streamWord = 0;
+#ifdef IS_LITTLE_ENDIAN
+	for (i = 0; i < inputLen; ++i) {
+#else
+	for (i = WORDSIZE - 1; i >= WORDSIZE - inputLen; --i) {
+#endif
+		ARCFOUR_NEXT_BYTE();
+		streamWord |= (WORD)(cx->S[t]) << 8*i;
+		mask |= MASK1BYTE << 8*i;
+	} /* } */
+	/* UMR?  See comments above. */
+	*pOutWord = (*pOutWord & ~mask) | ((inWord ^ streamWord) & mask);
+	cx->i = tmpi;
+	cx->j = tmpj;
+	return SECSuccess;
+}
+#endif
+#endif /* NSS_BEVAND_ARCFOUR */
+
+SECStatus 
+RC4_Encrypt(RC4Context *cx, unsigned char *output,
+            unsigned int *outputLen, unsigned int maxOutputLen,
+            const unsigned char *input, unsigned int inputLen)
+{
+	PORT_Assert(maxOutputLen >= inputLen);
+	if (maxOutputLen < inputLen) {
+		PORT_SetError(SEC_ERROR_INVALID_ARGS);
+		return SECFailure;
+	}
+#if defined(NSS_BEVAND_ARCFOUR)
+	ARCFOUR(cx, inputLen, input, output);
+        *outputLen = inputLen;
+	return SECSuccess;
+#elif defined( CONVERT_TO_WORDS )
+	/* Convert the byte-stream to a word-stream */
+	return rc4_wordconv(cx, output, outputLen, maxOutputLen, input, inputLen);
+#else
+	/* Operate on bytes, but unroll the main loop */
+	return rc4_unrolled(cx, output, outputLen, maxOutputLen, input, inputLen);
+#endif
+}
+
+SECStatus RC4_Decrypt(RC4Context *cx, unsigned char *output,
+                      unsigned int *outputLen, unsigned int maxOutputLen,
+                      const unsigned char *input, unsigned int inputLen)
+{
+	PORT_Assert(maxOutputLen >= inputLen);
+	if (maxOutputLen < inputLen) {
+		PORT_SetError(SEC_ERROR_INVALID_ARGS);
+		return SECFailure;
+	}
+	/* decrypt and encrypt are same operation. */
+#if defined(NSS_BEVAND_ARCFOUR)
+	ARCFOUR(cx, inputLen, input, output);
+        *outputLen = inputLen;
+	return SECSuccess;
+#elif defined( CONVERT_TO_WORDS )
+	/* Convert the byte-stream to a word-stream */
+	return rc4_wordconv(cx, output, outputLen, maxOutputLen, input, inputLen);
+#else
+	/* Operate on bytes, but unroll the main loop */
+	return rc4_unrolled(cx, output, outputLen, maxOutputLen, input, inputLen);
+#endif
+}
+
+#undef CONVERT_TO_WORDS
+#undef USE_LONG
diff --git a/security/nss/lib/freebl/blapi.h b/security/nss/lib/freebl/blapi.h
new file mode 100644
index 000000000..50771adc4
--- /dev/null
+++ b/security/nss/lib/freebl/blapi.h
@@ -0,0 +1,1174 @@
+/*
+ * crypto.h - public data structures and prototypes for the crypto library
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#ifndef _BLAPI_H_
+#define _BLAPI_H_
+
+#include "blapit.h"
+#include "hasht.h"
+#include "alghmac.h"
+
+SEC_BEGIN_PROTOS
+
+/*
+** RSA encryption/decryption. When encrypting/decrypting the output
+** buffer must be at least the size of the public key modulus.
+*/
+
+/*
+** Generate and return a new RSA public and private key.
+**	Both keys are encoded in a single RSAPrivateKey structure.
+**	"cx" is the random number generator context
+**	"keySizeInBits" is the size of the key to be generated, in bits.
+**	   512, 1024, etc.
+**	"publicExponent" when not NULL is a pointer to some data that
+**	   represents the public exponent to use. The data is a byte
+**	   encoded integer, in "big endian" order.
+*/
+extern RSAPrivateKey *RSA_NewKey(int         keySizeInBits,
+				 SECItem *   publicExponent);
+
+/*
+** Perform a raw public-key operation 
+**	Length of input and output buffers are equal to key's modulus len.
+*/
+extern SECStatus RSA_PublicKeyOp(RSAPublicKey *   key,
+				 unsigned char *  output,
+				 const unsigned char *  input);
+
+/*
+** Perform a raw private-key operation 
+**	Length of input and output buffers are equal to key's modulus len.
+*/
+extern SECStatus RSA_PrivateKeyOp(RSAPrivateKey *  key,
+				  unsigned char *  output,
+				  const unsigned char *  input);
+
+/*
+** Perform a raw private-key operation, and check the parameters used in
+** the operation for validity by performing a test operation first.
+**	Length of input and output buffers are equal to key's modulus len.
+*/
+extern SECStatus RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey *  key,
+				               unsigned char *  output,
+				               const unsigned char *  input);
+
+/*
+** Perform a check of private key parameters for consistency.
+*/
+extern SECStatus RSA_PrivateKeyCheck(RSAPrivateKey *key);
+
+
+/********************************************************************
+** DSA signing algorithm
+*/
+
+/*
+** Generate and return a new DSA public and private key pair,
+**	both of which are encoded into a single DSAPrivateKey struct.
+**	"params" is a pointer to the PQG parameters for the domain
+**	Uses a random seed.
+*/
+extern SECStatus DSA_NewKey(const PQGParams *     params, 
+		            DSAPrivateKey **      privKey);
+
+/* signature is caller-supplied buffer of at least 20 bytes.
+** On input,  signature->len == size of buffer to hold signature.
+**            digest->len    == size of digest.
+** On output, signature->len == size of signature in buffer.
+** Uses a random seed.
+*/
+extern SECStatus DSA_SignDigest(DSAPrivateKey *   key,
+				SECItem *         signature,
+				const SECItem *   digest);
+
+/* signature is caller-supplied buffer of at least 20 bytes.
+** On input,  signature->len == size of buffer to hold signature.
+**            digest->len    == size of digest.
+*/
+extern SECStatus DSA_VerifyDigest(DSAPublicKey *  key,
+				  const SECItem * signature,
+				  const SECItem * digest);
+
+/* For FIPS compliance testing. Seed must be exactly 20 bytes long */
+extern SECStatus DSA_NewKeyFromSeed(const PQGParams *params, 
+                                    const unsigned char * seed,
+                                    DSAPrivateKey **privKey);
+
+/* For FIPS compliance testing. Seed must be exactly 20 bytes. */
+extern SECStatus DSA_SignDigestWithSeed(DSAPrivateKey * key,
+                                        SECItem *       signature,
+                                        const SECItem * digest,
+                                        const unsigned char * seed);
+
+/******************************************************
+** Diffie Helman key exchange algorithm 
+*/
+
+/* Generates parameters for Diffie-Helman key generation.
+**	primeLen is the length in bytes of prime P to be generated.
+*/
+extern SECStatus DH_GenParam(int primeLen, DHParams ** params);
+
+/* Generates a public and private key, both of which are encoded in a single
+**	DHPrivateKey struct. Params is input, privKey are output.  
+**	This is Phase 1 of Diffie Hellman.
+*/
+extern SECStatus DH_NewKey(DHParams *           params, 
+                           DHPrivateKey **	privKey);
+
+/* 
+** DH_Derive does the Diffie-Hellman phase 2 calculation, using the 
+** other party's publicValue, and the prime and our privateValue.
+** maxOutBytes is the requested length of the generated secret in bytes.  
+** A zero value means produce a value of any length up to the size of 
+** the prime.   If successful, derivedSecret->data is set 
+** to the address of the newly allocated buffer containing the derived 
+** secret, and derivedSecret->len is the size of the secret produced.
+** The size of the secret produced will never be larger than the length
+** of the prime, and it may be smaller than maxOutBytes.
+** It is the caller's responsibility to free the allocated buffer 
+** containing the derived secret.
+*/
+extern SECStatus DH_Derive(SECItem *    publicValue, 
+		           SECItem *    prime, 
+			   SECItem *    privateValue, 
+			   SECItem *    derivedSecret,
+			   unsigned int maxOutBytes);
+
+/* 
+** KEA_CalcKey returns octet string with the private key for a dual
+** Diffie-Helman  key generation as specified for government key exchange.
+*/
+extern SECStatus KEA_Derive(SECItem *prime, 
+                            SECItem *public1, 
+                            SECItem *public2, 
+			    SECItem *private1, 
+			    SECItem *private2,
+			    SECItem *derivedSecret);
+
+/*
+ * verify that a KEA or DSA public key is a valid key for this prime and
+ * subprime domain.
+ */
+extern PRBool KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime);
+
+/******************************************************
+** Elliptic Curve algorithms
+*/
+
+/* Generates a public and private key, both of which are encoded 
+** in a single ECPrivateKey struct. Params is input, privKey are
+** output.
+*/
+extern SECStatus EC_NewKey(ECParams *          params, 
+                           ECPrivateKey **     privKey);
+
+extern SECStatus EC_NewKeyFromSeed(ECParams *  params, 
+                           ECPrivateKey **     privKey,
+                           const unsigned char* seed,
+                           int                 seedlen);
+
+/* Validates an EC public key as described in Section 5.2.2 of
+ * X9.62. Such validation prevents against small subgroup attacks
+ * when the ECDH primitive is used with the cofactor.
+ */
+extern SECStatus EC_ValidatePublicKey(ECParams * params, 
+                           SECItem *           publicValue);
+
+/* 
+** ECDH_Derive performs a scalar point multiplication of a point
+** representing a (peer's) public key and a large integer representing
+** a private key (its own). Both keys must use the same elliptic curve
+** parameters. If the withCofactor parameter is true, the
+** multiplication also uses the cofactor associated with the curve
+** parameters.  The output of this scheme is the x-coordinate of the
+** resulting point. If successful, derivedSecret->data is set to the
+** address of the newly allocated buffer containing the derived
+** secret, and derivedSecret->len is the size of the secret
+** produced. It is the caller's responsibility to free the allocated
+** buffer containing the derived secret.
+*/
+extern SECStatus ECDH_Derive(SECItem *       publicValue,
+                             ECParams *      params,
+                             SECItem *       privateValue,
+                             PRBool          withCofactor,
+                             SECItem *       derivedSecret);
+
+/* On input,  signature->len == size of buffer to hold signature.
+**            digest->len    == size of digest.
+** On output, signature->len == size of signature in buffer.
+** Uses a random seed.
+*/
+extern SECStatus ECDSA_SignDigest(ECPrivateKey  *key, 
+                                  SECItem       *signature, 
+                                  const SECItem *digest);
+
+/* On input,  signature->len == size of buffer to hold signature.
+**            digest->len    == size of digest.
+*/
+extern SECStatus ECDSA_VerifyDigest(ECPublicKey   *key, 
+                                    const SECItem *signature, 
+                                    const SECItem *digest);
+
+/* Uses the provided seed. */
+extern SECStatus ECDSA_SignDigestWithSeed(ECPrivateKey        *key,
+                                          SECItem             *signature,
+                                          const SECItem       *digest,
+                                          const unsigned char *seed, 
+                                          const int           seedlen);
+
+/******************************************/
+/*
+** RC4 symmetric stream cypher
+*/
+
+/*
+** Create a new RC4 context suitable for RC4 encryption/decryption.
+**	"key" raw key data
+**	"len" the number of bytes of key data
+*/
+extern RC4Context *RC4_CreateContext(const unsigned char *key, int len);
+
+extern RC4Context *RC4_AllocateContext(void);
+extern SECStatus   RC4_InitContext(RC4Context *cx, 
+				   const unsigned char *key, 
+				   unsigned int keylen,
+				   const unsigned char *, 
+				   int, 
+				   unsigned int ,
+				   unsigned int );
+
+/*
+** Destroy an RC4 encryption/decryption context.
+**	"cx" the context
+**	"freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void RC4_DestroyContext(RC4Context *cx, PRBool freeit);
+
+/*
+** Perform RC4 encryption.
+**	"cx" the context
+**	"output" the output buffer to store the encrypted data.
+**	"outputLen" how much data is stored in "output". Set by the routine
+**	   after some data is stored in output.
+**	"maxOutputLen" the maximum amount of data that can ever be
+**	   stored in "output"
+**	"input" the input data
+**	"inputLen" the amount of input data
+*/
+extern SECStatus RC4_Encrypt(RC4Context *cx, unsigned char *output,
+			    unsigned int *outputLen, unsigned int maxOutputLen,
+			    const unsigned char *input, unsigned int inputLen);
+
+/*
+** Perform RC4 decryption.
+**	"cx" the context
+**	"output" the output buffer to store the decrypted data.
+**	"outputLen" how much data is stored in "output". Set by the routine
+**	   after some data is stored in output.
+**	"maxOutputLen" the maximum amount of data that can ever be
+**	   stored in "output"
+**	"input" the input data
+**	"inputLen" the amount of input data
+*/
+extern SECStatus RC4_Decrypt(RC4Context *cx, unsigned char *output,
+			    unsigned int *outputLen, unsigned int maxOutputLen,
+			    const unsigned char *input, unsigned int inputLen);
+
+/******************************************/
+/*
+** RC2 symmetric block cypher
+*/
+
+/*
+** Create a new RC2 context suitable for RC2 encryption/decryption.
+** 	"key" raw key data
+** 	"len" the number of bytes of key data
+** 	"iv" is the CBC initialization vector (if mode is NSS_RC2_CBC)
+** 	"mode" one of NSS_RC2 or NSS_RC2_CBC
+**	"effectiveKeyLen" is the effective key length (as specified in 
+**	    RFC 2268) in bytes (not bits).
+**
+** When mode is set to NSS_RC2_CBC the RC2 cipher is run in "cipher block
+** chaining" mode.
+*/
+extern RC2Context *RC2_CreateContext(const unsigned char *key, unsigned int len,
+				     const unsigned char *iv, int mode, 
+				     unsigned effectiveKeyLen);
+extern RC2Context *RC2_AllocateContext(void);
+extern SECStatus   RC2_InitContext(RC2Context *cx,
+				   const unsigned char *key, 
+				   unsigned int keylen,
+				   const unsigned char *iv, 
+				   int mode, 
+				   unsigned int effectiveKeyLen,
+				   unsigned int );
+
+/*
+** Destroy an RC2 encryption/decryption context.
+**	"cx" the context
+**	"freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void RC2_DestroyContext(RC2Context *cx, PRBool freeit);
+
+/*
+** Perform RC2 encryption.
+**	"cx" the context
+**	"output" the output buffer to store the encrypted data.
+**	"outputLen" how much data is stored in "output". Set by the routine
+**	   after some data is stored in output.
+**	"maxOutputLen" the maximum amount of data that can ever be
+**	   stored in "output"
+**	"input" the input data
+**	"inputLen" the amount of input data
+*/
+extern SECStatus RC2_Encrypt(RC2Context *cx, unsigned char *output,
+			    unsigned int *outputLen, unsigned int maxOutputLen,
+			    const unsigned char *input, unsigned int inputLen);
+
+/*
+** Perform RC2 decryption.
+**	"cx" the context
+**	"output" the output buffer to store the decrypted data.
+**	"outputLen" how much data is stored in "output". Set by the routine
+**	   after some data is stored in output.
+**	"maxOutputLen" the maximum amount of data that can ever be
+**	   stored in "output"
+**	"input" the input data
+**	"inputLen" the amount of input data
+*/
+extern SECStatus RC2_Decrypt(RC2Context *cx, unsigned char *output,
+			    unsigned int *outputLen, unsigned int maxOutputLen,
+			    const unsigned char *input, unsigned int inputLen);
+
+/******************************************/
+/*
+** RC5 symmetric block cypher -- 64-bit block size
+*/
+
+/*
+** Create a new RC5 context suitable for RC5 encryption/decryption.
+**      "key" raw key data
+**      "len" the number of bytes of key data
+**      "iv" is the CBC initialization vector (if mode is NSS_RC5_CBC)
+**      "mode" one of NSS_RC5 or NSS_RC5_CBC
+**
+** When mode is set to NSS_RC5_CBC the RC5 cipher is run in "cipher block
+** chaining" mode.
+*/
+extern RC5Context *RC5_CreateContext(const SECItem *key, unsigned int rounds,
+                     unsigned int wordSize, const unsigned char *iv, int mode);
+extern RC5Context *RC5_AllocateContext(void);
+extern SECStatus   RC5_InitContext(RC5Context *cx, 
+				   const unsigned char *key, 
+				   unsigned int keylen,
+				   const unsigned char *iv, 
+				   int mode,
+				   unsigned int rounds, 
+				   unsigned int wordSize);
+
+/*
+** Destroy an RC5 encryption/decryption context.
+**      "cx" the context
+**      "freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void RC5_DestroyContext(RC5Context *cx, PRBool freeit);
+
+/*
+** Perform RC5 encryption.
+**      "cx" the context
+**      "output" the output buffer to store the encrypted data.
+**      "outputLen" how much data is stored in "output". Set by the routine
+**         after some data is stored in output.
+**      "maxOutputLen" the maximum amount of data that can ever be
+**         stored in "output"
+**      "input" the input data
+**      "inputLen" the amount of input data
+*/
+extern SECStatus RC5_Encrypt(RC5Context *cx, unsigned char *output,
+                            unsigned int *outputLen, unsigned int maxOutputLen,
+                            const unsigned char *input, unsigned int inputLen);
+
+/*
+** Perform RC5 decryption.
+**      "cx" the context
+**      "output" the output buffer to store the decrypted data.
+**      "outputLen" how much data is stored in "output". Set by the routine
+**         after some data is stored in output.
+**      "maxOutputLen" the maximum amount of data that can ever be
+**         stored in "output"
+**      "input" the input data
+**      "inputLen" the amount of input data
+*/
+
+extern SECStatus RC5_Decrypt(RC5Context *cx, unsigned char *output,
+                            unsigned int *outputLen, unsigned int maxOutputLen,
+                            const unsigned char *input, unsigned int inputLen);
+
+
+
+/******************************************/
+/*
+** DES symmetric block cypher
+*/
+
+/*
+** Create a new DES context suitable for DES encryption/decryption.
+** 	"key" raw key data
+** 	"len" the number of bytes of key data
+** 	"iv" is the CBC initialization vector (if mode is NSS_DES_CBC or
+** 	   mode is DES_EDE3_CBC)
+** 	"mode" one of NSS_DES, NSS_DES_CBC, NSS_DES_EDE3 or NSS_DES_EDE3_CBC
+**	"encrypt" is PR_TRUE if the context will be used for encryption
+**
+** When mode is set to NSS_DES_CBC or NSS_DES_EDE3_CBC then the DES
+** cipher is run in "cipher block chaining" mode.
+*/
+extern DESContext *DES_CreateContext(const unsigned char *key, 
+                                     const unsigned char *iv,
+				     int mode, PRBool encrypt);
+extern DESContext *DES_AllocateContext(void);
+extern SECStatus   DES_InitContext(DESContext *cx,
+				   const unsigned char *key, 
+				   unsigned int keylen,
+				   const unsigned char *iv, 
+				   int mode,
+				   unsigned int encrypt,
+				   unsigned int );
+
+/*
+** Destroy an DES encryption/decryption context.
+**	"cx" the context
+**	"freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void DES_DestroyContext(DESContext *cx, PRBool freeit);
+
+/*
+** Perform DES encryption.
+**	"cx" the context
+**	"output" the output buffer to store the encrypted data.
+**	"outputLen" how much data is stored in "output". Set by the routine
+**	   after some data is stored in output.
+**	"maxOutputLen" the maximum amount of data that can ever be
+**	   stored in "output"
+**	"input" the input data
+**	"inputLen" the amount of input data
+**
+** NOTE: the inputLen must be a multiple of DES_KEY_LENGTH
+*/
+extern SECStatus DES_Encrypt(DESContext *cx, unsigned char *output,
+			    unsigned int *outputLen, unsigned int maxOutputLen,
+			    const unsigned char *input, unsigned int inputLen);
+
+/*
+** Perform DES decryption.
+**	"cx" the context
+**	"output" the output buffer to store the decrypted data.
+**	"outputLen" how much data is stored in "output". Set by the routine
+**	   after some data is stored in output.
+**	"maxOutputLen" the maximum amount of data that can ever be
+**	   stored in "output"
+**	"input" the input data
+**	"inputLen" the amount of input data
+**
+** NOTE: the inputLen must be a multiple of DES_KEY_LENGTH
+*/
+extern SECStatus DES_Decrypt(DESContext *cx, unsigned char *output,
+			    unsigned int *outputLen, unsigned int maxOutputLen,
+			    const unsigned char *input, unsigned int inputLen);
+
+/******************************************/
+/*
+** AES symmetric block cypher (Rijndael)
+*/
+
+/*
+** Create a new AES context suitable for AES encryption/decryption.
+** 	"key" raw key data
+** 	"keylen" the number of bytes of key data (16, 24, or 32)
+**      "blocklen" is the blocksize to use (16, 24, or 32)
+**                        XXX currently only blocksize==16 has been tested!
+*/
+extern AESContext *
+AES_CreateContext(const unsigned char *key, const unsigned char *iv, 
+                  int mode, int encrypt,
+                  unsigned int keylen, unsigned int blocklen);
+extern AESContext *AES_AllocateContext(void);
+extern SECStatus   AES_InitContext(AESContext *cx,
+				   const unsigned char *key, 
+				   unsigned int keylen, 
+				   const unsigned char *iv, 
+				   int mode, 
+				   unsigned int encrypt,
+				   unsigned int blocklen);
+
+/*
+** Destroy a AES encryption/decryption context.
+**	"cx" the context
+**	"freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void 
+AES_DestroyContext(AESContext *cx, PRBool freeit);
+
+/*
+** Perform AES encryption.
+**	"cx" the context
+**	"output" the output buffer to store the encrypted data.
+**	"outputLen" how much data is stored in "output". Set by the routine
+**	   after some data is stored in output.
+**	"maxOutputLen" the maximum amount of data that can ever be
+**	   stored in "output"
+**	"input" the input data
+**	"inputLen" the amount of input data
+*/
+extern SECStatus 
+AES_Encrypt(AESContext *cx, unsigned char *output,
+            unsigned int *outputLen, unsigned int maxOutputLen,
+            const unsigned char *input, unsigned int inputLen);
+
+/*
+** Perform AES decryption.
+**	"cx" the context
+**	"output" the output buffer to store the decrypted data.
+**	"outputLen" how much data is stored in "output". Set by the routine
+**	   after some data is stored in output.
+**	"maxOutputLen" the maximum amount of data that can ever be
+**	   stored in "output"
+**	"input" the input data
+**	"inputLen" the amount of input data
+*/
+extern SECStatus 
+AES_Decrypt(AESContext *cx, unsigned char *output,
+            unsigned int *outputLen, unsigned int maxOutputLen,
+            const unsigned char *input, unsigned int inputLen);
+
+/******************************************/
+/*
+** AES key wrap algorithm, RFC 3394
+*/
+
+/*
+** Create a new AES context suitable for AES encryption/decryption.
+** 	"key" raw key data
+**      "iv"  The 8 byte "initial value"
+**      "encrypt", a boolean, true for key wrapping, false for unwrapping.
+** 	"keylen" the number of bytes of key data (16, 24, or 32)
+*/
+extern AESKeyWrapContext *
+AESKeyWrap_CreateContext(const unsigned char *key, const unsigned char *iv, 
+                         int encrypt, unsigned int keylen);
+extern AESKeyWrapContext * AESKeyWrap_AllocateContext(void);
+extern SECStatus  
+     AESKeyWrap_InitContext(AESKeyWrapContext *cx, 
+				   const unsigned char *key, 
+				   unsigned int keylen,
+				   const unsigned char *iv, 
+				   int ,
+				   unsigned int encrypt,
+				   unsigned int );
+
+/*
+** Destroy a AES KeyWrap context.
+**	"cx" the context
+**	"freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void 
+AESKeyWrap_DestroyContext(AESKeyWrapContext *cx, PRBool freeit);
+
+/*
+** Perform AES key wrap.
+**	"cx" the context
+**	"output" the output buffer to store the encrypted data.
+**	"outputLen" how much data is stored in "output". Set by the routine
+**	   after some data is stored in output.
+**	"maxOutputLen" the maximum amount of data that can ever be
+**	   stored in "output"
+**	"input" the input data
+**	"inputLen" the amount of input data
+*/
+extern SECStatus 
+AESKeyWrap_Encrypt(AESKeyWrapContext *cx, unsigned char *output,
+            unsigned int *outputLen, unsigned int maxOutputLen,
+            const unsigned char *input, unsigned int inputLen);
+
+/*
+** Perform AES key unwrap.
+**	"cx" the context
+**	"output" the output buffer to store the decrypted data.
+**	"outputLen" how much data is stored in "output". Set by the routine
+**	   after some data is stored in output.
+**	"maxOutputLen" the maximum amount of data that can ever be
+**	   stored in "output"
+**	"input" the input data
+**	"inputLen" the amount of input data
+*/
+extern SECStatus 
+AESKeyWrap_Decrypt(AESKeyWrapContext *cx, unsigned char *output,
+            unsigned int *outputLen, unsigned int maxOutputLen,
+            const unsigned char *input, unsigned int inputLen);
+
+ /******************************************/
+/*
+** Camellia symmetric block cypher
+*/
+
+/*
+** Create a new Camellia context suitable for Camellia encryption/decryption.
+** 	"key" raw key data
+** 	"keylen" the number of bytes of key data (16, 24, or 32)
+*/
+extern CamelliaContext *
+Camellia_CreateContext(const unsigned char *key, const unsigned char *iv, 
+		       int mode, int encrypt, unsigned int keylen);
+
+extern CamelliaContext *Camellia_AllocateContext(void);
+extern SECStatus   Camellia_InitContext(CamelliaContext *cx,
+					const unsigned char *key, 
+					unsigned int keylen, 
+					const unsigned char *iv, 
+					int mode, 
+					unsigned int encrypt,
+					unsigned int unused);
+/*
+** Destroy a Camellia encryption/decryption context.
+**	"cx" the context
+**	"freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void 
+Camellia_DestroyContext(CamelliaContext *cx, PRBool freeit);
+
+/*
+** Perform Camellia encryption.
+**	"cx" the context
+**	"output" the output buffer to store the encrypted data.
+**	"outputLen" how much data is stored in "output". Set by the routine
+**	   after some data is stored in output.
+**	"maxOutputLen" the maximum amount of data that can ever be
+**	   stored in "output"
+**	"input" the input data
+**	"inputLen" the amount of input data
+*/
+extern SECStatus 
+Camellia_Encrypt(CamelliaContext *cx, unsigned char *output,
+		 unsigned int *outputLen, unsigned int maxOutputLen,
+		 const unsigned char *input, unsigned int inputLen);
+
+/*
+** Perform Camellia decryption.
+**	"cx" the context
+**	"output" the output buffer to store the decrypted data.
+**	"outputLen" how much data is stored in "output". Set by the routine
+**	   after some data is stored in output.
+**	"maxOutputLen" the maximum amount of data that can ever be
+**	   stored in "output"
+**	"input" the input data
+**	"inputLen" the amount of input data
+*/
+extern SECStatus 
+Camellia_Decrypt(CamelliaContext *cx, unsigned char *output,
+		 unsigned int *outputLen, unsigned int maxOutputLen,
+		 const unsigned char *input, unsigned int inputLen);
+
+
+/******************************************/
+/*
+** MD5 secure hash function
+*/
+
+/*
+** Hash a null terminated string "src" into "dest" using MD5
+*/
+extern SECStatus MD5_Hash(unsigned char *dest, const char *src);
+
+/*
+** Hash a non-null terminated string "src" into "dest" using MD5
+*/
+extern SECStatus MD5_HashBuf(unsigned char *dest, const unsigned char *src,
+			     uint32 src_length);
+
+/*
+** Create a new MD5 context
+*/
+extern MD5Context *MD5_NewContext(void);
+
+
+/*
+** Destroy an MD5 secure hash context.
+**	"cx" the context
+**	"freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void MD5_DestroyContext(MD5Context *cx, PRBool freeit);
+
+/*
+** Reset an MD5 context, preparing it for a fresh round of hashing
+*/
+extern void MD5_Begin(MD5Context *cx);
+
+/*
+** Update the MD5 hash function with more data.
+**	"cx" the context
+**	"input" the data to hash
+**	"inputLen" the amount of data to hash
+*/
+extern void MD5_Update(MD5Context *cx,
+		       const unsigned char *input, unsigned int inputLen);
+
+/*
+** Finish the MD5 hash function. Produce the digested results in "digest"
+**	"cx" the context
+**	"digest" where the 16 bytes of digest data are stored
+**	"digestLen" where the digest length (16) is stored
+**	"maxDigestLen" the maximum amount of data that can ever be
+**	   stored in "digest"
+*/
+extern void MD5_End(MD5Context *cx, unsigned char *digest,
+		    unsigned int *digestLen, unsigned int maxDigestLen);
+
+/*
+ * Return the the size of a buffer needed to flatten the MD5 Context into
+ *    "cx" the context
+ *  returns size;
+ */
+extern unsigned int MD5_FlattenSize(MD5Context *cx);
+
+/*
+ * Flatten the MD5 Context into a buffer:
+ *    "cx" the context
+ *    "space" the buffer to flatten to
+ *  returns status;
+ */
+extern SECStatus MD5_Flatten(MD5Context *cx,unsigned char *space);
+
+/*
+ * Resurrect a flattened context into a MD5 Context
+ *    "space" the buffer of the flattend buffer
+ *    "arg" ptr to void used by cryptographic resurrect
+ *  returns resurected context;
+ */
+extern MD5Context * MD5_Resurrect(unsigned char *space, void *arg);
+extern void MD5_Clone(MD5Context *dest, MD5Context *src);
+
+/*
+** trace the intermediate state info of the MD5 hash.
+*/
+extern void MD5_TraceState(MD5Context *cx);
+
+
+/******************************************/
+/*
+** MD2 secure hash function
+*/
+
+/*
+** Hash a null terminated string "src" into "dest" using MD2
+*/
+extern SECStatus MD2_Hash(unsigned char *dest, const char *src);
+
+/*
+** Create a new MD2 context
+*/
+extern MD2Context *MD2_NewContext(void);
+
+
+/*
+** Destroy an MD2 secure hash context.
+**	"cx" the context
+**	"freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void MD2_DestroyContext(MD2Context *cx, PRBool freeit);
+
+/*
+** Reset an MD2 context, preparing it for a fresh round of hashing
+*/
+extern void MD2_Begin(MD2Context *cx);
+
+/*
+** Update the MD2 hash function with more data.
+**	"cx" the context
+**	"input" the data to hash
+**	"inputLen" the amount of data to hash
+*/
+extern void MD2_Update(MD2Context *cx,
+		       const unsigned char *input, unsigned int inputLen);
+
+/*
+** Finish the MD2 hash function. Produce the digested results in "digest"
+**	"cx" the context
+**	"digest" where the 16 bytes of digest data are stored
+**	"digestLen" where the digest length (16) is stored
+**	"maxDigestLen" the maximum amount of data that can ever be
+**	   stored in "digest"
+*/
+extern void MD2_End(MD2Context *cx, unsigned char *digest,
+		    unsigned int *digestLen, unsigned int maxDigestLen);
+
+/*
+ * Return the the size of a buffer needed to flatten the MD2 Context into
+ *    "cx" the context
+ *  returns size;
+ */
+extern unsigned int MD2_FlattenSize(MD2Context *cx);
+
+/*
+ * Flatten the MD2 Context into a buffer:
+ *    "cx" the context
+ *    "space" the buffer to flatten to
+ *  returns status;
+ */
+extern SECStatus MD2_Flatten(MD2Context *cx,unsigned char *space);
+
+/*
+ * Resurrect a flattened context into a MD2 Context
+ *    "space" the buffer of the flattend buffer
+ *    "arg" ptr to void used by cryptographic resurrect
+ *  returns resurected context;
+ */
+extern MD2Context * MD2_Resurrect(unsigned char *space, void *arg);
+extern void MD2_Clone(MD2Context *dest, MD2Context *src);
+
+/******************************************/
+/*
+** SHA-1 secure hash function
+*/
+
+/*
+** Hash a null terminated string "src" into "dest" using SHA-1
+*/
+extern SECStatus SHA1_Hash(unsigned char *dest, const char *src);
+
+/*
+** Hash a non-null terminated string "src" into "dest" using SHA-1
+*/
+extern SECStatus SHA1_HashBuf(unsigned char *dest, const unsigned char *src,
+			      uint32 src_length);
+
+/*
+** Create a new SHA-1 context
+*/
+extern SHA1Context *SHA1_NewContext(void);
+
+
+/*
+** Destroy a SHA-1 secure hash context.
+**	"cx" the context
+**	"freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void SHA1_DestroyContext(SHA1Context *cx, PRBool freeit);
+
+/*
+** Reset a SHA-1 context, preparing it for a fresh round of hashing
+*/
+extern void SHA1_Begin(SHA1Context *cx);
+
+/*
+** Update the SHA-1 hash function with more data.
+**	"cx" the context
+**	"input" the data to hash
+**	"inputLen" the amount of data to hash
+*/
+extern void SHA1_Update(SHA1Context *cx, const unsigned char *input,
+			unsigned int inputLen);
+
+/*
+** Finish the SHA-1 hash function. Produce the digested results in "digest"
+**	"cx" the context
+**	"digest" where the 16 bytes of digest data are stored
+**	"digestLen" where the digest length (20) is stored
+**	"maxDigestLen" the maximum amount of data that can ever be
+**	   stored in "digest"
+*/
+extern void SHA1_End(SHA1Context *cx, unsigned char *digest,
+		     unsigned int *digestLen, unsigned int maxDigestLen);
+
+/*
+** trace the intermediate state info of the SHA1 hash.
+*/
+extern void SHA1_TraceState(SHA1Context *cx);
+
+/*
+ * Return the the size of a buffer needed to flatten the SHA-1 Context into
+ *    "cx" the context
+ *  returns size;
+ */
+extern unsigned int SHA1_FlattenSize(SHA1Context *cx);
+
+/*
+ * Flatten the SHA-1 Context into a buffer:
+ *    "cx" the context
+ *    "space" the buffer to flatten to
+ *  returns status;
+ */
+extern SECStatus SHA1_Flatten(SHA1Context *cx,unsigned char *space);
+
+/*
+ * Resurrect a flattened context into a SHA-1 Context
+ *    "space" the buffer of the flattend buffer
+ *    "arg" ptr to void used by cryptographic resurrect
+ *  returns resurected context;
+ */
+extern SHA1Context * SHA1_Resurrect(unsigned char *space, void *arg);
+extern void SHA1_Clone(SHA1Context *dest, SHA1Context *src);
+
+/******************************************/
+
+extern SHA256Context *SHA256_NewContext(void);
+extern void SHA256_DestroyContext(SHA256Context *cx, PRBool freeit);
+extern void SHA256_Begin(SHA256Context *cx);
+extern void SHA256_Update(SHA256Context *cx, const unsigned char *input,
+			unsigned int inputLen);
+extern void SHA256_End(SHA256Context *cx, unsigned char *digest,
+		     unsigned int *digestLen, unsigned int maxDigestLen);
+extern SECStatus SHA256_HashBuf(unsigned char *dest, const unsigned char *src,
+			      uint32 src_length);
+extern SECStatus SHA256_Hash(unsigned char *dest, const char *src);
+extern void SHA256_TraceState(SHA256Context *cx);
+extern unsigned int SHA256_FlattenSize(SHA256Context *cx);
+extern SECStatus SHA256_Flatten(SHA256Context *cx,unsigned char *space);
+extern SHA256Context * SHA256_Resurrect(unsigned char *space, void *arg);
+extern void SHA256_Clone(SHA256Context *dest, SHA256Context *src);
+
+/******************************************/
+
+extern SHA512Context *SHA512_NewContext(void);
+extern void SHA512_DestroyContext(SHA512Context *cx, PRBool freeit);
+extern void SHA512_Begin(SHA512Context *cx);
+extern void SHA512_Update(SHA512Context *cx, const unsigned char *input,
+			unsigned int inputLen);
+extern void SHA512_End(SHA512Context *cx, unsigned char *digest,
+		     unsigned int *digestLen, unsigned int maxDigestLen);
+extern SECStatus SHA512_HashBuf(unsigned char *dest, const unsigned char *src,
+			      uint32 src_length);
+extern SECStatus SHA512_Hash(unsigned char *dest, const char *src);
+extern void SHA512_TraceState(SHA512Context *cx);
+extern unsigned int SHA512_FlattenSize(SHA512Context *cx);
+extern SECStatus SHA512_Flatten(SHA512Context *cx,unsigned char *space);
+extern SHA512Context * SHA512_Resurrect(unsigned char *space, void *arg);
+extern void SHA512_Clone(SHA512Context *dest, SHA512Context *src);
+
+/******************************************/
+
+extern SHA384Context *SHA384_NewContext(void);
+extern void SHA384_DestroyContext(SHA384Context *cx, PRBool freeit);
+extern void SHA384_Begin(SHA384Context *cx);
+extern void SHA384_Update(SHA384Context *cx, const unsigned char *input,
+			unsigned int inputLen);
+extern void SHA384_End(SHA384Context *cx, unsigned char *digest,
+		     unsigned int *digestLen, unsigned int maxDigestLen);
+extern SECStatus SHA384_HashBuf(unsigned char *dest, const unsigned char *src,
+			      uint32 src_length);
+extern SECStatus SHA384_Hash(unsigned char *dest, const char *src);
+extern void SHA384_TraceState(SHA384Context *cx);
+extern unsigned int SHA384_FlattenSize(SHA384Context *cx);
+extern SECStatus SHA384_Flatten(SHA384Context *cx,unsigned char *space);
+extern SHA384Context * SHA384_Resurrect(unsigned char *space, void *arg);
+extern void SHA384_Clone(SHA384Context *dest, SHA384Context *src);
+
+/****************************************
+ * implement TLS Pseudo Random Function (PRF)
+ */
+
+extern SECStatus
+TLS_PRF(const SECItem *secret, const char *label, SECItem *seed, 
+         SECItem *result, PRBool isFIPS);
+
+/******************************************/
+/*
+** Pseudo Random Number Generation.  FIPS compliance desirable.
+*/
+
+/*
+** Initialize the global RNG context and give it some seed input taken
+** from the system.  This function is thread-safe and will only allow
+** the global context to be initialized once.  The seed input is likely
+** small, so it is imperative that RNG_RandomUpdate() be called with
+** additional seed data before the generator is used.  A good way to
+** provide the generator with additional entropy is to call
+** RNG_SystemInfoForRNG().  Note that NSS_Init() does exactly that.
+*/
+extern SECStatus RNG_RNGInit(void);
+
+/*
+** Update the global random number generator with more seeding
+** material
+*/
+extern SECStatus RNG_RandomUpdate(const void *data, size_t bytes);
+
+/*
+** Generate some random bytes, using the global random number generator
+** object.
+*/
+extern SECStatus RNG_GenerateGlobalRandomBytes(void *dest, size_t len);
+
+/* Destroy the global RNG context.  After a call to RNG_RNGShutdown()
+** a call to RNG_RNGInit() is required in order to use the generator again,
+** along with seed data (see the comment above RNG_RNGInit()).
+*/
+extern void  RNG_RNGShutdown(void);
+
+extern void RNG_SystemInfoForRNG(void);
+
+/*
+ * FIPS 186-2 Change Notice 1 RNG Algorithm 1, used both to
+ * generate the DSA X parameter and as a generic purpose RNG.
+ *
+ * The following two FIPS186Change functions are needed for
+ * NIST RNG Validation System.
+ */
+
+/*
+ * Given the seed-key and the seed, generate the random output.
+ *
+ * Parameters:
+ *   XKEY [input/output]: the state of the RNG (seed-key)
+ *   XSEEDj [input]: optional user input (seed)
+ *   x_j [output]: output of the RNG
+ *
+ * Return value:
+ * This function usually returns SECSuccess.  The only reason
+ * this function returns SECFailure is that XSEEDj equals
+ * XKEY, including the intermediate XKEY value between the two
+ * iterations.  (This test is actually a FIPS 140-2 requirement
+ * and not required for FIPS algorithm testing, but it is too
+ * hard to separate from this function.)  If this function fails,
+ * XKEY is not updated, but some data may have been written to
+ * x_j, which should be ignored.
+ */
+extern SECStatus
+FIPS186Change_GenerateX(unsigned char *XKEY,
+                        const unsigned char *XSEEDj,
+                        unsigned char *x_j);
+
+/*
+ * When generating the DSA X parameter, we generate 2*GSIZE bytes
+ * of random output and reduce it mod q.
+ *
+ * Input: w, 2*GSIZE bytes
+ *        q, DSA_SUBPRIME_LEN bytes
+ * Output: xj, DSA_SUBPRIME_LEN bytes
+ */
+extern SECStatus
+FIPS186Change_ReduceModQForDSA(const unsigned char *w,
+                               const unsigned char *q,
+                               unsigned char *xj);
+
+/* Generate PQGParams and PQGVerify structs.
+ * Length of seed and length of h both equal length of P. 
+ * All lengths are specified by "j", according to the table above.
+ */
+extern SECStatus
+PQG_ParamGen(unsigned int j, 	   /* input : determines length of P. */
+             PQGParams **pParams,  /* output: P Q and G returned here */
+	     PQGVerify **pVfy);    /* output: counter and seed. */
+
+/* Generate PQGParams and PQGVerify structs.
+ * Length of P specified by j.  Length of h will match length of P.
+ * Length of SEED in bytes specified in seedBytes.
+ * seedBbytes must be in the range [20..255] or an error will result.
+ */
+extern SECStatus
+PQG_ParamGenSeedLen(
+             unsigned int j, 	     /* input : determines length of P. */
+	     unsigned int seedBytes, /* input : length of seed in bytes.*/
+             PQGParams **pParams,    /* output: P Q and G returned here */
+	     PQGVerify **pVfy);      /* output: counter and seed. */
+
+
+/*  Test PQGParams for validity as DSS PQG values.
+ *  If vfy is non-NULL, test PQGParams to make sure they were generated
+ *       using the specified seed, counter, and h values.
+ *
+ *  Return value indicates whether Verification operation ran succesfully
+ *  to completion, but does not indicate if PQGParams are valid or not.
+ *  If return value is SECSuccess, then *pResult has these meanings:
+ *       SECSuccess: PQGParams are valid.
+ *       SECFailure: PQGParams are invalid.
+ *
+ * Verify the following 12 facts about PQG counter SEED g and h
+ * 1.  Q is 160 bits long.
+ * 2.  P is one of the 9 valid lengths.
+ * 3.  G < P
+ * 4.  P % Q == 1
+ * 5.  Q is prime
+ * 6.  P is prime
+ * Steps 7-12 are done only if the optional PQGVerify is supplied.
+ * 7.  counter < 4096
+ * 8.  g >= 160 and g < 2048   (g is length of seed in bits)
+ * 9.  Q generated from SEED matches Q in PQGParams.
+ * 10. P generated from (L, counter, g, SEED, Q) matches P in PQGParams.
+ * 11. 1 < h < P-1
+ * 12. G generated from h matches G in PQGParams.
+ */
+
+extern SECStatus   PQG_VerifyParams(const PQGParams *params, 
+                                    const PQGVerify *vfy, SECStatus *result);
+
+extern void PQG_DestroyParams(PQGParams *params);
+
+extern void PQG_DestroyVerify(PQGVerify *vfy);
+
+
+/*
+ * clean-up any global tables freebl may have allocated after it starts up.
+ * This function is not thread safe and should be called only after the
+ * library has been quiessed.
+ */
+extern void BL_Cleanup(void);
+
+/* unload freebl shared library from memory */
+extern void BL_Unload(void);
+
+/**************************************************************************
+ *  Verify a given Shared library signature                               *
+ **************************************************************************/
+PRBool BLAPI_SHVerify(const char *name, PRFuncPtr addr);
+
+/**************************************************************************
+ *  Verify Are Own Shared library signature                               *
+ **************************************************************************/
+PRBool BLAPI_VerifySelf(const char *name);
+
+/*********************************************************************/
+extern const SECHashObject * HASH_GetRawHashObject(HASH_HashType hashType);
+
+SEC_END_PROTOS
+
+#endif /* _BLAPI_H_ */
diff --git a/security/nss/lib/freebl/blapit.h b/security/nss/lib/freebl/blapit.h
new file mode 100644
index 000000000..ba7f7a470
--- /dev/null
+++ b/security/nss/lib/freebl/blapit.h
@@ -0,0 +1,380 @@
+/*
+ * blapit.h - public data structures for the crypto library
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Dr Vipul Gupta <vipul.gupta@sun.com> and
+ *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#ifndef _BLAPIT_H_
+#define _BLAPIT_H_
+
+#include "seccomon.h"
+#include "prlink.h"
+#include "plarena.h"
+#include "ecl-exp.h"
+
+
+/* RC2 operation modes */
+#define NSS_RC2			0
+#define NSS_RC2_CBC		1
+
+/* RC5 operation modes */
+#define NSS_RC5                 0
+#define NSS_RC5_CBC             1
+
+/* DES operation modes */
+#define NSS_DES			0
+#define NSS_DES_CBC		1
+#define NSS_DES_EDE3		2
+#define NSS_DES_EDE3_CBC	3
+
+#define DES_KEY_LENGTH		8	/* Bytes */
+
+/* AES operation modes */
+#define NSS_AES                 0
+#define NSS_AES_CBC             1
+
+/* Camellia operation modes */
+#define NSS_CAMELLIA                 0
+#define NSS_CAMELLIA_CBC             1
+
+#define DSA_SIGNATURE_LEN 	40	/* Bytes */
+#define DSA_SUBPRIME_LEN	20	/* Bytes */
+
+/* XXX We shouldn't have to hard code this limit. For
+ * now, this is the quickest way to support ECDSA signature
+ * processing (ECDSA signature lengths depend on curve
+ * size). This limit is sufficient for curves upto
+ * 576 bits.
+ */
+#define MAX_ECKEY_LEN 	        72	/* Bytes */
+
+/*
+ * Number of bytes each hash algorithm produces
+ */
+#define MD2_LENGTH		16	/* Bytes */
+#define MD5_LENGTH		16	/* Bytes */
+#define SHA1_LENGTH		20	/* Bytes */
+#define SHA256_LENGTH 		32 	/* bytes */
+#define SHA384_LENGTH 		48 	/* bytes */
+#define SHA512_LENGTH 		64 	/* bytes */
+#define HASH_LENGTH_MAX         SHA512_LENGTH
+
+/*
+ * Input block size for each hash algorithm.
+ */
+
+#define MD2_BLOCK_LENGTH 	 64 	/* bytes */
+#define MD5_BLOCK_LENGTH 	 64 	/* bytes */
+#define SHA1_BLOCK_LENGTH 	 64 	/* bytes */
+#define SHA256_BLOCK_LENGTH 	 64 	/* bytes */
+#define SHA384_BLOCK_LENGTH 	128 	/* bytes */
+#define SHA512_BLOCK_LENGTH 	128 	/* bytes */
+#define HASH_BLOCK_LENGTH_MAX 	SHA512_BLOCK_LENGTH
+
+#define AES_KEY_WRAP_IV_BYTES    8
+#define AES_KEY_WRAP_BLOCK_SIZE  8  /* bytes */
+#define AES_BLOCK_SIZE          16  /* bytes */
+
+#define CAMELLIA_BLOCK_SIZE          16  /* bytes */
+
+#define NSS_FREEBL_DEFAULT_CHUNKSIZE 2048
+
+/*
+ * These values come from the initial key size limits from the PKCS #11
+ * module. They may be arbitrarily adjusted to any value freebl supports.
+ */
+#define RSA_MIN_MODULUS_BITS   128
+#define RSA_MAX_MODULUS_BITS  8192
+#define RSA_MAX_EXPONENT_BITS   64
+#define DH_MIN_P_BITS	       128
+#define DH_MAX_P_BITS         2236
+
+/*
+ * The FIPS 186 algorithm for generating primes P and Q allows only 9
+ * distinct values for the length of P, and only one value for the
+ * length of Q.
+ * The algorithm uses a variable j to indicate which of the 9 lengths
+ * of P is to be used.
+ * The following table relates j to the lengths of P and Q in bits.
+ *
+ *	j	bits in P	bits in Q
+ *	_	_________	_________
+ *	0	 512		160
+ *	1	 576		160
+ *	2	 640		160
+ *	3	 704		160
+ *	4	 768		160
+ *	5	 832		160
+ *	6	 896		160
+ *	7	 960		160
+ *	8	1024		160
+ *
+ * The FIPS-186 compliant PQG generator takes j as an input parameter.
+ */
+
+#define DSA_Q_BITS       160
+#define DSA_MAX_P_BITS	1024
+#define DSA_MIN_P_BITS	 512
+
+/*
+ * function takes desired number of bits in P,
+ * returns index (0..8) or -1 if number of bits is invalid.
+ */
+#define PQG_PBITS_TO_INDEX(bits) \
+    (((bits) < 512 || (bits) > 1024 || (bits) % 64) ? \
+    -1 : (int)((bits)-512)/64)
+
+/*
+ * function takes index (0-8)
+ * returns number of bits in P for that index, or -1 if index is invalid.
+ */
+#define PQG_INDEX_TO_PBITS(j) (((unsigned)(j) > 8) ? -1 : (512 + 64 * (j)))
+
+
+/***************************************************************************
+** Opaque objects 
+*/
+
+struct DESContextStr        ;
+struct RC2ContextStr        ;
+struct RC4ContextStr        ;
+struct RC5ContextStr        ;
+struct AESContextStr        ;
+struct CamelliaContextStr   ;
+struct MD2ContextStr        ;
+struct MD5ContextStr        ;
+struct SHA1ContextStr       ;
+struct SHA256ContextStr     ;
+struct SHA512ContextStr     ;
+struct AESKeyWrapContextStr ;
+
+typedef struct DESContextStr        DESContext;
+typedef struct RC2ContextStr        RC2Context;
+typedef struct RC4ContextStr        RC4Context;
+typedef struct RC5ContextStr        RC5Context;
+typedef struct AESContextStr        AESContext;
+typedef struct CamelliaContextStr   CamelliaContext;
+typedef struct MD2ContextStr        MD2Context;
+typedef struct MD5ContextStr        MD5Context;
+typedef struct SHA1ContextStr       SHA1Context;
+typedef struct SHA256ContextStr     SHA256Context;
+typedef struct SHA512ContextStr     SHA512Context;
+/* SHA384Context is really a SHA512ContextStr.  This is not a mistake. */
+typedef struct SHA512ContextStr     SHA384Context;
+typedef struct AESKeyWrapContextStr AESKeyWrapContext;
+
+/***************************************************************************
+** RSA Public and Private Key structures
+*/
+
+/* member names from PKCS#1, section 7.1 */
+struct RSAPublicKeyStr {
+    PLArenaPool * arena;
+    SECItem modulus;
+    SECItem publicExponent;
+};
+typedef struct RSAPublicKeyStr RSAPublicKey;
+
+/* member names from PKCS#1, section 7.2 */
+struct RSAPrivateKeyStr {
+    PLArenaPool * arena;
+    SECItem version;
+    SECItem modulus;
+    SECItem publicExponent;
+    SECItem privateExponent;
+    SECItem prime1;
+    SECItem prime2;
+    SECItem exponent1;
+    SECItem exponent2;
+    SECItem coefficient;
+};
+typedef struct RSAPrivateKeyStr RSAPrivateKey;
+
+
+/***************************************************************************
+** DSA Public and Private Key and related structures
+*/
+
+struct PQGParamsStr {
+    PLArenaPool *arena;
+    SECItem prime;    /* p */
+    SECItem subPrime; /* q */
+    SECItem base;     /* g */
+    /* XXX chrisk: this needs to be expanded to hold j and validationParms (RFC2459 7.3.2) */
+};
+typedef struct PQGParamsStr PQGParams;
+
+struct PQGVerifyStr {
+    PLArenaPool * arena;	/* includes this struct, seed, & h. */
+    unsigned int  counter;
+    SECItem       seed;
+    SECItem       h;
+};
+typedef struct PQGVerifyStr PQGVerify;
+
+struct DSAPublicKeyStr {
+    PQGParams params;
+    SECItem publicValue;
+};
+typedef struct DSAPublicKeyStr DSAPublicKey;
+
+struct DSAPrivateKeyStr {
+    PQGParams params;
+    SECItem publicValue;
+    SECItem privateValue;
+};
+typedef struct DSAPrivateKeyStr DSAPrivateKey;
+
+/***************************************************************************
+** Diffie-Hellman Public and Private Key and related structures
+** Structure member names suggested by PKCS#3.
+*/
+
+struct DHParamsStr {
+    PLArenaPool * arena;
+    SECItem prime; /* p */
+    SECItem base; /* g */
+};
+typedef struct DHParamsStr DHParams;
+
+struct DHPublicKeyStr {
+    PLArenaPool * arena;
+    SECItem prime;
+    SECItem base;
+    SECItem publicValue;
+};
+typedef struct DHPublicKeyStr DHPublicKey;
+
+struct DHPrivateKeyStr {
+    PLArenaPool * arena;
+    SECItem prime;
+    SECItem base;
+    SECItem publicValue;
+    SECItem privateValue;
+};
+typedef struct DHPrivateKeyStr DHPrivateKey;
+
+/***************************************************************************
+** Data structures used for elliptic curve parameters and
+** public and private keys.
+*/
+
+/*
+** The ECParams data structures can encode elliptic curve 
+** parameters for both GFp and GF2m curves.
+*/
+
+typedef enum { ec_params_explicit,
+	       ec_params_named
+} ECParamsType;
+
+typedef enum { ec_field_GFp = 1,
+               ec_field_GF2m
+} ECFieldType;
+
+struct ECFieldIDStr {
+    int         size;   /* field size in bits */
+    ECFieldType type;
+    union {
+        SECItem  prime; /* prime p for (GFp) */
+        SECItem  poly;  /* irreducible binary polynomial for (GF2m) */
+    } u;
+    int         k1;     /* first coefficient of pentanomial or
+                         * the only coefficient of trinomial 
+                         */
+    int         k2;     /* two remaining coefficients of pentanomial */
+    int         k3;
+};
+typedef struct ECFieldIDStr ECFieldID;
+
+struct ECCurveStr {
+    SECItem a;          /* contains octet stream encoding of
+                         * field element (X9.62 section 4.3.3) 
+			 */
+    SECItem b;
+    SECItem seed;
+};
+typedef struct ECCurveStr ECCurve;
+
+struct ECParamsStr {
+    PLArenaPool * arena;
+    ECParamsType  type;
+    ECFieldID     fieldID;
+    ECCurve       curve; 
+    SECItem       base;
+    SECItem       order; 
+    int           cofactor;
+    SECItem       DEREncoding;
+    ECCurveName   name;
+    SECItem       curveOID;
+};
+typedef struct ECParamsStr ECParams;
+
+struct ECPublicKeyStr {
+    ECParams ecParams;   
+    SECItem publicValue;   /* elliptic curve point encoded as 
+			    * octet stream.
+			    */
+};
+typedef struct ECPublicKeyStr ECPublicKey;
+
+struct ECPrivateKeyStr {
+    ECParams ecParams;   
+    SECItem publicValue;   /* encoded ec point */
+    SECItem privateValue;  /* private big integer */
+    SECItem version;       /* As per SEC 1, Appendix C, Section C.4 */
+};
+typedef struct ECPrivateKeyStr ECPrivateKey;
+
+typedef void * (*BLapiAllocateFunc)(void);
+typedef void (*BLapiDestroyContextFunc)(void *cx, PRBool freeit);
+typedef SECStatus (*BLapiInitContextFunc)(void *cx, 
+				   const unsigned char *key, 
+				   unsigned int keylen,
+				   const unsigned char *, 
+				   int, 
+				   unsigned int ,
+				   unsigned int );
+typedef SECStatus (*BLapiEncrypt)(void *cx, unsigned char *output,
+				unsigned int *outputLen, 
+				unsigned int maxOutputLen,
+				const unsigned char *input, 
+				unsigned int inputLen);
+
+#endif /* _BLAPIT_H_ */
diff --git a/security/nss/lib/freebl/camellia.c b/security/nss/lib/freebl/camellia.c
new file mode 100644
index 000000000..f02e515cd
--- /dev/null
+++ b/security/nss/lib/freebl/camellia.c
@@ -0,0 +1,1791 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Camellia code.
+ *
+ * The Initial Developer of the Original Code is
+ * NTT(Nippon Telegraph and Telephone Corporation).
+ *
+ * Portions created by the Initial Developer are Copyright (C) 2006
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+/*
+ * $Id$
+ */
+
+#include "prinit.h"
+#include "prerr.h"
+#include "secerr.h"
+
+#include "prtypes.h"
+#include "blapi.h"
+#include "camellia.h"
+
+
+/* key constants */
+
+#define CAMELLIA_SIGMA1L (0xA09E667FL)
+#define CAMELLIA_SIGMA1R (0x3BCC908BL)
+#define CAMELLIA_SIGMA2L (0xB67AE858L)
+#define CAMELLIA_SIGMA2R (0x4CAA73B2L)
+#define CAMELLIA_SIGMA3L (0xC6EF372FL)
+#define CAMELLIA_SIGMA3R (0xE94F82BEL)
+#define CAMELLIA_SIGMA4L (0x54FF53A5L)
+#define CAMELLIA_SIGMA4R (0xF1D36F1CL)
+#define CAMELLIA_SIGMA5L (0x10E527FAL)
+#define CAMELLIA_SIGMA5R (0xDE682D1DL)
+#define CAMELLIA_SIGMA6L (0xB05688C2L)
+#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
+
+/*
+ *  macros
+ */
+
+
+#if defined(_MSC_VER)
+
+# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
+# define GETU32(p) SWAP(*((PRUint32 *)(p)))
+# define PUTU32(ct, st) {*((PRUint32 *)(ct)) = SWAP((st));}
+
+#else /* not MS-VC */
+
+# define GETU32(pt)					\
+    (((PRUint32)(pt)[0] << 24)				\
+     ^ ((PRUint32)(pt)[1] << 16)			\
+     ^ ((PRUint32)(pt)[2] <<  8)			\
+     ^ ((PRUint32)(pt)[3]))
+
+# define PUTU32(ct, st)  {				\
+	(ct)[0] = (PRUint8)((st) >> 24);		\
+	(ct)[1] = (PRUint8)((st) >> 16);		\
+	(ct)[2] = (PRUint8)((st) >>  8);		\
+	(ct)[3] = (PRUint8)(st); }
+
+#endif
+
+#define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
+#define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
+
+/* rotation right shift 1byte */
+#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
+/* rotation left shift 1bit */
+#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
+/* rotation left shift 1byte */
+#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
+
+#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits)	\
+    do {						\
+	w0 = ll;					\
+	ll = (ll << bits) + (lr >> (32 - bits));	\
+	lr = (lr << bits) + (rl >> (32 - bits));	\
+	rl = (rl << bits) + (rr >> (32 - bits));	\
+	rr = (rr << bits) + (w0 >> (32 - bits));	\
+    } while(0)
+
+#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits)	\
+    do {						\
+	w0 = ll;					\
+	w1 = lr;					\
+	ll = (lr << (bits - 32)) + (rl >> (64 - bits));	\
+	lr = (rl << (bits - 32)) + (rr >> (64 - bits));	\
+	rl = (rr << (bits - 32)) + (w0 >> (64 - bits));	\
+	rr = (w0 << (bits - 32)) + (w1 >> (64 - bits));	\
+    } while(0)
+
+#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
+#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
+#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
+#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
+
+#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1)	\
+    do {							\
+	il = xl ^ kl;						\
+	ir = xr ^ kr;						\
+	t0 = il >> 16;						\
+	t1 = ir >> 16;						\
+	yl = CAMELLIA_SP1110(ir & 0xff)				\
+	    ^ CAMELLIA_SP0222((t1 >> 8) & 0xff)			\
+	    ^ CAMELLIA_SP3033(t1 & 0xff)			\
+	    ^ CAMELLIA_SP4404((ir >> 8) & 0xff);		\
+	yr = CAMELLIA_SP1110((t0 >> 8) & 0xff)			\
+	    ^ CAMELLIA_SP0222(t0 & 0xff)			\
+	    ^ CAMELLIA_SP3033((il >> 8) & 0xff)			\
+	    ^ CAMELLIA_SP4404(il & 0xff);			\
+	yl ^= yr;						\
+	yr = CAMELLIA_RR8(yr);					\
+	yr ^= yl;						\
+    } while(0)
+
+
+/*
+ * for speed up
+ *
+ */
+#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
+    do {								\
+	t0 = kll;							\
+	t0 &= ll;							\
+	lr ^= CAMELLIA_RL1(t0);						\
+	t1 = klr;							\
+	t1 |= lr;							\
+	ll ^= t1;							\
+									\
+	t2 = krr;							\
+	t2 |= rr;							\
+	rl ^= t2;							\
+	t3 = krl;							\
+	t3 &= rl;							\
+	rr ^= CAMELLIA_RL1(t3);						\
+    } while(0)
+
+#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1)	\
+    do {								\
+	ir = CAMELLIA_SP1110(xr & 0xff)					\
+	    ^ CAMELLIA_SP0222((xr >> 24) & 0xff)			\
+	    ^ CAMELLIA_SP3033((xr >> 16) & 0xff)			\
+	    ^ CAMELLIA_SP4404((xr >> 8) & 0xff);			\
+	il = CAMELLIA_SP1110((xl >> 24) & 0xff)				\
+	    ^ CAMELLIA_SP0222((xl >> 16) & 0xff)			\
+	    ^ CAMELLIA_SP3033((xl >> 8) & 0xff)				\
+	    ^ CAMELLIA_SP4404(xl & 0xff);				\
+	il ^= kl;							\
+	ir ^= kr;							\
+	ir ^= il;							\
+	il = CAMELLIA_RR8(il);						\
+	il ^= ir;							\
+	yl ^= ir;							\
+	yr ^= il;							\
+    } while(0)
+
+
+static const PRUint32 camellia_sp1110[256] = {
+    0x70707000,0x82828200,0x2c2c2c00,0xececec00,
+    0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
+    0xe4e4e400,0x85858500,0x57575700,0x35353500,
+    0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
+    0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
+    0x45454500,0x19191900,0xa5a5a500,0x21212100,
+    0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
+    0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
+    0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
+    0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
+    0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
+    0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
+    0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
+    0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
+    0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
+    0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
+    0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
+    0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
+    0x74747400,0x12121200,0x2b2b2b00,0x20202000,
+    0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
+    0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
+    0x34343400,0x7e7e7e00,0x76767600,0x05050500,
+    0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
+    0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
+    0x14141400,0x58585800,0x3a3a3a00,0x61616100,
+    0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
+    0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
+    0x53535300,0x18181800,0xf2f2f200,0x22222200,
+    0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
+    0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
+    0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
+    0x60606000,0xfcfcfc00,0x69696900,0x50505000,
+    0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
+    0xa1a1a100,0x89898900,0x62626200,0x97979700,
+    0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
+    0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
+    0x10101000,0xc4c4c400,0x00000000,0x48484800,
+    0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
+    0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
+    0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
+    0x87878700,0x5c5c5c00,0x83838300,0x02020200,
+    0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
+    0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
+    0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
+    0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
+    0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
+    0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
+    0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
+    0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
+    0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
+    0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
+    0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
+    0x78787800,0x98989800,0x06060600,0x6a6a6a00,
+    0xe7e7e700,0x46464600,0x71717100,0xbababa00,
+    0xd4d4d400,0x25252500,0xababab00,0x42424200,
+    0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
+    0x72727200,0x07070700,0xb9b9b900,0x55555500,
+    0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
+    0x36363600,0x49494900,0x2a2a2a00,0x68686800,
+    0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
+    0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
+    0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
+    0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
+    0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
+};
+
+static const PRUint32 camellia_sp0222[256] = {
+    0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
+    0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
+    0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
+    0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
+    0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
+    0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
+    0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
+    0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
+    0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
+    0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
+    0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
+    0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
+    0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
+    0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
+    0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
+    0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
+    0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
+    0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
+    0x00e8e8e8,0x00242424,0x00565656,0x00404040,
+    0x00e1e1e1,0x00636363,0x00090909,0x00333333,
+    0x00bfbfbf,0x00989898,0x00979797,0x00858585,
+    0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
+    0x00dadada,0x006f6f6f,0x00535353,0x00626262,
+    0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
+    0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
+    0x00bdbdbd,0x00363636,0x00222222,0x00383838,
+    0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
+    0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
+    0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
+    0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
+    0x00484848,0x00101010,0x00d1d1d1,0x00515151,
+    0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
+    0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
+    0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
+    0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
+    0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
+    0x00202020,0x00898989,0x00000000,0x00909090,
+    0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
+    0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
+    0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
+    0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
+    0x009b9b9b,0x00949494,0x00212121,0x00666666,
+    0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
+    0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
+    0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
+    0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
+    0x00030303,0x002d2d2d,0x00dedede,0x00969696,
+    0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
+    0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
+    0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
+    0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
+    0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
+    0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
+    0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
+    0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
+    0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
+    0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
+    0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
+    0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
+    0x00787878,0x00707070,0x00e3e3e3,0x00494949,
+    0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
+    0x00777777,0x00939393,0x00868686,0x00838383,
+    0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
+    0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
+};
+
+static const PRUint32 camellia_sp3033[256] = {
+    0x38003838,0x41004141,0x16001616,0x76007676,
+    0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
+    0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
+    0x75007575,0x06000606,0x57005757,0xa000a0a0,
+    0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
+    0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
+    0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
+    0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
+    0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
+    0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
+    0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
+    0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
+    0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
+    0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
+    0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
+    0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
+    0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
+    0xfd00fdfd,0x66006666,0x58005858,0x96009696,
+    0x3a003a3a,0x09000909,0x95009595,0x10001010,
+    0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
+    0xef00efef,0x26002626,0xe500e5e5,0x61006161,
+    0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
+    0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
+    0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
+    0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
+    0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
+    0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
+    0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
+    0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
+    0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
+    0x12001212,0x04000404,0x74007474,0x54005454,
+    0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
+    0x55005555,0x68006868,0x50005050,0xbe00bebe,
+    0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
+    0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
+    0x70007070,0xff00ffff,0x32003232,0x69006969,
+    0x08000808,0x62006262,0x00000000,0x24002424,
+    0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
+    0x45004545,0x81008181,0x73007373,0x6d006d6d,
+    0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
+    0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
+    0xe600e6e6,0x25002525,0x48004848,0x99009999,
+    0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
+    0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
+    0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
+    0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
+    0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
+    0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
+    0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
+    0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
+    0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
+    0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
+    0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
+    0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
+    0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
+    0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
+    0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
+    0x7c007c7c,0x77007777,0x56005656,0x05000505,
+    0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
+    0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
+    0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
+    0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
+    0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
+    0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
+};
+
+static const PRUint32 camellia_sp4404[256] = {
+    0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
+    0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
+    0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
+    0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
+    0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
+    0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
+    0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
+    0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
+    0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
+    0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
+    0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
+    0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
+    0x14140014,0x3a3a003a,0xdede00de,0x11110011,
+    0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
+    0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
+    0x24240024,0xe8e800e8,0x60600060,0x69690069,
+    0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
+    0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
+    0x10100010,0x00000000,0xa3a300a3,0x75750075,
+    0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
+    0x87870087,0x83830083,0xcdcd00cd,0x90900090,
+    0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
+    0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
+    0x81810081,0x6f6f006f,0x13130013,0x63630063,
+    0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
+    0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
+    0x78780078,0x06060006,0xe7e700e7,0x71710071,
+    0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
+    0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
+    0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
+    0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
+    0x15150015,0xadad00ad,0x77770077,0x80800080,
+    0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
+    0x85850085,0x35350035,0x0c0c000c,0x41410041,
+    0xefef00ef,0x93930093,0x19190019,0x21210021,
+    0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
+    0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
+    0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
+    0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
+    0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
+    0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
+    0x12120012,0x20200020,0xb1b100b1,0x99990099,
+    0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
+    0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
+    0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
+    0x0f0f000f,0x16160016,0x18180018,0x22220022,
+    0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
+    0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
+    0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
+    0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
+    0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
+    0x03030003,0xdada00da,0x3f3f003f,0x94940094,
+    0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
+    0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
+    0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
+    0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
+    0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
+    0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
+    0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
+    0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
+    0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
+    0x49490049,0x68680068,0x38380038,0xa4a400a4,
+    0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
+    0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
+};
+
+
+/**
+ * Stuff related to the Camellia key schedule
+ */
+#define subl(x) subL[(x)]
+#define subr(x) subR[(x)]
+
+void camellia_setup128(const unsigned char *key, PRUint32 *subkey)
+{
+    PRUint32 kll, klr, krl, krr;
+    PRUint32 il, ir, t0, t1, w0, w1;
+    PRUint32 kw4l, kw4r, dw, tl, tr;
+    PRUint32 subL[26];
+    PRUint32 subR[26];
+
+    /**
+     *  k == kll || klr || krl || krr (|| is concatination)
+     */
+    kll = GETU32(key     );
+    klr = GETU32(key +  4);
+    krl = GETU32(key +  8);
+    krr = GETU32(key + 12);
+    /**
+     * generate KL dependent subkeys
+     */
+    subl(0) = kll; subr(0) = klr;
+    subl(1) = krl; subr(1) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(4) = kll; subr(4) = klr;
+    subl(5) = krl; subr(5) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
+    subl(10) = kll; subr(10) = klr;
+    subl(11) = krl; subr(11) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(13) = krl; subr(13) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+    subl(16) = kll; subr(16) = klr;
+    subl(17) = krl; subr(17) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+    subl(18) = kll; subr(18) = klr;
+    subl(19) = krl; subr(19) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+    subl(22) = kll; subr(22) = klr;
+    subl(23) = krl; subr(23) = krr;
+
+    /* generate KA */
+    kll = subl(0); klr = subr(0);
+    krl = subl(1); krr = subr(1);
+    CAMELLIA_F(kll, klr,
+	       CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
+	       w0, w1, il, ir, t0, t1);
+    krl ^= w0; krr ^= w1;
+    CAMELLIA_F(krl, krr,
+	       CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
+	       kll, klr, il, ir, t0, t1);
+    CAMELLIA_F(kll, klr,
+	       CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
+	       krl, krr, il, ir, t0, t1);
+    krl ^= w0; krr ^= w1;
+    CAMELLIA_F(krl, krr,
+	       CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
+	       w0, w1, il, ir, t0, t1);
+    kll ^= w0; klr ^= w1;
+
+    /* generate KA dependent subkeys */
+    subl(2) = kll; subr(2) = klr;
+    subl(3) = krl; subr(3) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(6) = kll; subr(6) = klr;
+    subl(7) = krl; subr(7) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(8) = kll; subr(8) = klr;
+    subl(9) = krl; subr(9) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(12) = kll; subr(12) = klr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(14) = kll; subr(14) = klr;
+    subl(15) = krl; subr(15) = krr;
+    CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
+    subl(20) = kll; subr(20) = klr;
+    subl(21) = krl; subr(21) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+    subl(24) = kll; subr(24) = klr;
+    subl(25) = krl; subr(25) = krr;
+
+
+    /* absorb kw2 to other subkeys */
+    subl(3) ^= subl(1); subr(3) ^= subr(1);
+    subl(5) ^= subl(1); subr(5) ^= subr(1);
+    subl(7) ^= subl(1); subr(7) ^= subr(1);
+    subl(1) ^= subr(1) & ~subr(9);
+    dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
+    subl(11) ^= subl(1); subr(11) ^= subr(1);
+    subl(13) ^= subl(1); subr(13) ^= subr(1);
+    subl(15) ^= subl(1); subr(15) ^= subr(1);
+    subl(1) ^= subr(1) & ~subr(17);
+    dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
+    subl(19) ^= subl(1); subr(19) ^= subr(1);
+    subl(21) ^= subl(1); subr(21) ^= subr(1);
+    subl(23) ^= subl(1); subr(23) ^= subr(1);
+    subl(24) ^= subl(1); subr(24) ^= subr(1);
+
+    /* absorb kw4 to other subkeys */
+    kw4l = subl(25); kw4r = subr(25);
+    subl(22) ^= kw4l; subr(22) ^= kw4r;
+    subl(20) ^= kw4l; subr(20) ^= kw4r;
+    subl(18) ^= kw4l; subr(18) ^= kw4r;
+    kw4l ^= kw4r & ~subr(16);
+    dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
+    subl(14) ^= kw4l; subr(14) ^= kw4r;
+    subl(12) ^= kw4l; subr(12) ^= kw4r;
+    subl(10) ^= kw4l; subr(10) ^= kw4r;
+    kw4l ^= kw4r & ~subr(8);
+    dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
+    subl(6) ^= kw4l; subr(6) ^= kw4r;
+    subl(4) ^= kw4l; subr(4) ^= kw4r;
+    subl(2) ^= kw4l; subr(2) ^= kw4r;
+    subl(0) ^= kw4l; subr(0) ^= kw4r;
+
+    /* key XOR is end of F-function */
+    CamelliaSubkeyL(0) = subl(0) ^ subl(2);
+    CamelliaSubkeyR(0) = subr(0) ^ subr(2);
+    CamelliaSubkeyL(2) = subl(3);
+    CamelliaSubkeyR(2) = subr(3);
+    CamelliaSubkeyL(3) = subl(2) ^ subl(4);
+    CamelliaSubkeyR(3) = subr(2) ^ subr(4);
+    CamelliaSubkeyL(4) = subl(3) ^ subl(5);
+    CamelliaSubkeyR(4) = subr(3) ^ subr(5);
+    CamelliaSubkeyL(5) = subl(4) ^ subl(6);
+    CamelliaSubkeyR(5) = subr(4) ^ subr(6);
+    CamelliaSubkeyL(6) = subl(5) ^ subl(7);
+    CamelliaSubkeyR(6) = subr(5) ^ subr(7);
+    tl = subl(10) ^ (subr(10) & ~subr(8));
+    dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
+    CamelliaSubkeyL(7) = subl(6) ^ tl;
+    CamelliaSubkeyR(7) = subr(6) ^ tr;
+    CamelliaSubkeyL(8) = subl(8);
+    CamelliaSubkeyR(8) = subr(8);
+    CamelliaSubkeyL(9) = subl(9);
+    CamelliaSubkeyR(9) = subr(9);
+    tl = subl(7) ^ (subr(7) & ~subr(9));
+    dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
+    CamelliaSubkeyL(10) = tl ^ subl(11);
+    CamelliaSubkeyR(10) = tr ^ subr(11);
+    CamelliaSubkeyL(11) = subl(10) ^ subl(12);
+    CamelliaSubkeyR(11) = subr(10) ^ subr(12);
+    CamelliaSubkeyL(12) = subl(11) ^ subl(13);
+    CamelliaSubkeyR(12) = subr(11) ^ subr(13);
+    CamelliaSubkeyL(13) = subl(12) ^ subl(14);
+    CamelliaSubkeyR(13) = subr(12) ^ subr(14);
+    CamelliaSubkeyL(14) = subl(13) ^ subl(15);
+    CamelliaSubkeyR(14) = subr(13) ^ subr(15);
+    tl = subl(18) ^ (subr(18) & ~subr(16));
+    dw = tl & subl(16),	tr = subr(18) ^ CAMELLIA_RL1(dw);
+    CamelliaSubkeyL(15) = subl(14) ^ tl;
+    CamelliaSubkeyR(15) = subr(14) ^ tr;
+    CamelliaSubkeyL(16) = subl(16);
+    CamelliaSubkeyR(16) = subr(16);
+    CamelliaSubkeyL(17) = subl(17);
+    CamelliaSubkeyR(17) = subr(17);
+    tl = subl(15) ^ (subr(15) & ~subr(17));
+    dw = tl & subl(17),	tr = subr(15) ^ CAMELLIA_RL1(dw);
+    CamelliaSubkeyL(18) = tl ^ subl(19);
+    CamelliaSubkeyR(18) = tr ^ subr(19);
+    CamelliaSubkeyL(19) = subl(18) ^ subl(20);
+    CamelliaSubkeyR(19) = subr(18) ^ subr(20);
+    CamelliaSubkeyL(20) = subl(19) ^ subl(21);
+    CamelliaSubkeyR(20) = subr(19) ^ subr(21);
+    CamelliaSubkeyL(21) = subl(20) ^ subl(22);
+    CamelliaSubkeyR(21) = subr(20) ^ subr(22);
+    CamelliaSubkeyL(22) = subl(21) ^ subl(23);
+    CamelliaSubkeyR(22) = subr(21) ^ subr(23);
+    CamelliaSubkeyL(23) = subl(22);
+    CamelliaSubkeyR(23) = subr(22);
+    CamelliaSubkeyL(24) = subl(24) ^ subl(23);
+    CamelliaSubkeyR(24) = subr(24) ^ subr(23);
+
+    /* apply the inverse of the last half of P-function */
+    dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
+    dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
+    dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
+    dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
+    dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
+    dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
+    dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
+    dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
+    dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
+    dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
+    dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
+    dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
+    dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
+    dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
+    dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
+    dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
+    dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
+    dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
+
+    return;
+}
+
+void camellia_setup256(const unsigned char *key, PRUint32 *subkey)
+{
+    PRUint32 kll,klr,krl,krr;           /* left half of key */
+    PRUint32 krll,krlr,krrl,krrr;       /* right half of key */
+    PRUint32 il, ir, t0, t1, w0, w1;    /* temporary variables */
+    PRUint32 kw4l, kw4r, dw, tl, tr;
+    PRUint32 subL[34];
+    PRUint32 subR[34];
+
+    /**
+     *  key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
+     *  (|| is concatination)
+     */
+
+    kll  = GETU32(key     );
+    klr  = GETU32(key +  4);
+    krl  = GETU32(key +  8);
+    krr  = GETU32(key + 12);
+    krll = GETU32(key + 16);
+    krlr = GETU32(key + 20);
+    krrl = GETU32(key + 24);
+    krrr = GETU32(key + 28);
+
+    /* generate KL dependent subkeys */
+    subl(0) = kll; subr(0) = klr;
+    subl(1) = krl; subr(1) = krr;
+    CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
+    subl(12) = kll; subr(12) = klr;
+    subl(13) = krl; subr(13) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(16) = kll; subr(16) = klr;
+    subl(17) = krl; subr(17) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+    subl(22) = kll; subr(22) = klr;
+    subl(23) = krl; subr(23) = krr;
+    CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
+    subl(30) = kll; subr(30) = klr;
+    subl(31) = krl; subr(31) = krr;
+
+    /* generate KR dependent subkeys */
+    CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
+    subl(4) = krll; subr(4) = krlr;
+    subl(5) = krrl; subr(5) = krrr;
+    CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
+    subl(8) = krll; subr(8) = krlr;
+    subl(9) = krrl; subr(9) = krrr;
+    CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
+    subl(18) = krll; subr(18) = krlr;
+    subl(19) = krrl; subr(19) = krrr;
+    CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
+    subl(26) = krll; subr(26) = krlr;
+    subl(27) = krrl; subr(27) = krrr;
+    CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
+
+    /* generate KA */
+    kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
+    krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
+    CAMELLIA_F(kll, klr,
+	       CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
+	       w0, w1, il, ir, t0, t1);
+    krl ^= w0; krr ^= w1;
+    CAMELLIA_F(krl, krr,
+	       CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
+	       kll, klr, il, ir, t0, t1);
+    kll ^= krll; klr ^= krlr;
+    CAMELLIA_F(kll, klr,
+	       CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
+	       krl, krr, il, ir, t0, t1);
+    krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
+    CAMELLIA_F(krl, krr,
+	       CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
+	       w0, w1, il, ir, t0, t1);
+    kll ^= w0; klr ^= w1;
+
+    /* generate KB */
+    krll ^= kll; krlr ^= klr;
+    krrl ^= krl; krrr ^= krr;
+    CAMELLIA_F(krll, krlr,
+	       CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
+	       w0, w1, il, ir, t0, t1);
+    krrl ^= w0; krrr ^= w1;
+    CAMELLIA_F(krrl, krrr,
+	       CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
+	       w0, w1, il, ir, t0, t1);
+    krll ^= w0; krlr ^= w1;
+
+    /* generate KA dependent subkeys */
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(6) = kll; subr(6) = klr;
+    subl(7) = krl; subr(7) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
+    subl(14) = kll; subr(14) = klr;
+    subl(15) = krl; subr(15) = krr;
+    subl(24) = klr; subr(24) = krl;
+    subl(25) = krr; subr(25) = kll;
+    CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
+    subl(28) = kll; subr(28) = klr;
+    subl(29) = krl; subr(29) = krr;
+
+    /* generate KB dependent subkeys */
+    subl(2) = krll; subr(2) = krlr;
+    subl(3) = krrl; subr(3) = krrr;
+    CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
+    subl(10) = krll; subr(10) = krlr;
+    subl(11) = krrl; subr(11) = krrr;
+    CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
+    subl(20) = krll; subr(20) = krlr;
+    subl(21) = krrl; subr(21) = krrr;
+    CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
+    subl(32) = krll; subr(32) = krlr;
+    subl(33) = krrl; subr(33) = krrr;
+
+    /* absorb kw2 to other subkeys */
+    subl(3) ^= subl(1); subr(3) ^= subr(1);
+    subl(5) ^= subl(1); subr(5) ^= subr(1);
+    subl(7) ^= subl(1); subr(7) ^= subr(1);
+    subl(1) ^= subr(1) & ~subr(9);
+    dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
+    subl(11) ^= subl(1); subr(11) ^= subr(1);
+    subl(13) ^= subl(1); subr(13) ^= subr(1);
+    subl(15) ^= subl(1); subr(15) ^= subr(1);
+    subl(1) ^= subr(1) & ~subr(17);
+    dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
+    subl(19) ^= subl(1); subr(19) ^= subr(1);
+    subl(21) ^= subl(1); subr(21) ^= subr(1);
+    subl(23) ^= subl(1); subr(23) ^= subr(1);
+    subl(1) ^= subr(1) & ~subr(25);
+    dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw);
+    subl(27) ^= subl(1); subr(27) ^= subr(1);
+    subl(29) ^= subl(1); subr(29) ^= subr(1);
+    subl(31) ^= subl(1); subr(31) ^= subr(1);
+    subl(32) ^= subl(1); subr(32) ^= subr(1);
+
+    /* absorb kw4 to other subkeys */
+    kw4l = subl(33); kw4r = subr(33);
+    subl(30) ^= kw4l; subr(30) ^= kw4r;
+    subl(28) ^= kw4l; subr(28) ^= kw4r;
+    subl(26) ^= kw4l; subr(26) ^= kw4r;
+    kw4l ^= kw4r & ~subr(24);
+    dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw);
+    subl(22) ^= kw4l; subr(22) ^= kw4r;
+    subl(20) ^= kw4l; subr(20) ^= kw4r;
+    subl(18) ^= kw4l; subr(18) ^= kw4r;
+    kw4l ^= kw4r & ~subr(16);
+    dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
+    subl(14) ^= kw4l; subr(14) ^= kw4r;
+    subl(12) ^= kw4l; subr(12) ^= kw4r;
+    subl(10) ^= kw4l; subr(10) ^= kw4r;
+    kw4l ^= kw4r & ~subr(8);
+    dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
+    subl(6) ^= kw4l; subr(6) ^= kw4r;
+    subl(4) ^= kw4l; subr(4) ^= kw4r;
+    subl(2) ^= kw4l; subr(2) ^= kw4r;
+    subl(0) ^= kw4l; subr(0) ^= kw4r;
+
+    /* key XOR is end of F-function */
+    CamelliaSubkeyL(0) = subl(0) ^ subl(2);
+    CamelliaSubkeyR(0) = subr(0) ^ subr(2);
+    CamelliaSubkeyL(2) = subl(3);
+    CamelliaSubkeyR(2) = subr(3);
+    CamelliaSubkeyL(3) = subl(2) ^ subl(4);
+    CamelliaSubkeyR(3) = subr(2) ^ subr(4);
+    CamelliaSubkeyL(4) = subl(3) ^ subl(5);
+    CamelliaSubkeyR(4) = subr(3) ^ subr(5);
+    CamelliaSubkeyL(5) = subl(4) ^ subl(6);
+    CamelliaSubkeyR(5) = subr(4) ^ subr(6);
+    CamelliaSubkeyL(6) = subl(5) ^ subl(7);
+    CamelliaSubkeyR(6) = subr(5) ^ subr(7);
+    tl = subl(10) ^ (subr(10) & ~subr(8));
+    dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
+    CamelliaSubkeyL(7) = subl(6) ^ tl;
+    CamelliaSubkeyR(7) = subr(6) ^ tr;
+    CamelliaSubkeyL(8) = subl(8);
+    CamelliaSubkeyR(8) = subr(8);
+    CamelliaSubkeyL(9) = subl(9);
+    CamelliaSubkeyR(9) = subr(9);
+    tl = subl(7) ^ (subr(7) & ~subr(9));
+    dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
+    CamelliaSubkeyL(10) = tl ^ subl(11);
+    CamelliaSubkeyR(10) = tr ^ subr(11);
+    CamelliaSubkeyL(11) = subl(10) ^ subl(12);
+    CamelliaSubkeyR(11) = subr(10) ^ subr(12);
+    CamelliaSubkeyL(12) = subl(11) ^ subl(13);
+    CamelliaSubkeyR(12) = subr(11) ^ subr(13);
+    CamelliaSubkeyL(13) = subl(12) ^ subl(14);
+    CamelliaSubkeyR(13) = subr(12) ^ subr(14);
+    CamelliaSubkeyL(14) = subl(13) ^ subl(15);
+    CamelliaSubkeyR(14) = subr(13) ^ subr(15);
+    tl = subl(18) ^ (subr(18) & ~subr(16));
+    dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
+    CamelliaSubkeyL(15) = subl(14) ^ tl;
+    CamelliaSubkeyR(15) = subr(14) ^ tr;
+    CamelliaSubkeyL(16) = subl(16);
+    CamelliaSubkeyR(16) = subr(16);
+    CamelliaSubkeyL(17) = subl(17);
+    CamelliaSubkeyR(17) = subr(17);
+    tl = subl(15) ^ (subr(15) & ~subr(17));
+    dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
+    CamelliaSubkeyL(18) = tl ^ subl(19);
+    CamelliaSubkeyR(18) = tr ^ subr(19);
+    CamelliaSubkeyL(19) = subl(18) ^ subl(20);
+    CamelliaSubkeyR(19) = subr(18) ^ subr(20);
+    CamelliaSubkeyL(20) = subl(19) ^ subl(21);
+    CamelliaSubkeyR(20) = subr(19) ^ subr(21);
+    CamelliaSubkeyL(21) = subl(20) ^ subl(22);
+    CamelliaSubkeyR(21) = subr(20) ^ subr(22);
+    CamelliaSubkeyL(22) = subl(21) ^ subl(23);
+    CamelliaSubkeyR(22) = subr(21) ^ subr(23);
+    tl = subl(26) ^ (subr(26) & ~subr(24));
+    dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw);
+    CamelliaSubkeyL(23) = subl(22) ^ tl;
+    CamelliaSubkeyR(23) = subr(22) ^ tr;
+    CamelliaSubkeyL(24) = subl(24);
+    CamelliaSubkeyR(24) = subr(24);
+    CamelliaSubkeyL(25) = subl(25);
+    CamelliaSubkeyR(25) = subr(25);
+    tl = subl(23) ^ (subr(23) &  ~subr(25));
+    dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw);
+    CamelliaSubkeyL(26) = tl ^ subl(27);
+    CamelliaSubkeyR(26) = tr ^ subr(27);
+    CamelliaSubkeyL(27) = subl(26) ^ subl(28);
+    CamelliaSubkeyR(27) = subr(26) ^ subr(28);
+    CamelliaSubkeyL(28) = subl(27) ^ subl(29);
+    CamelliaSubkeyR(28) = subr(27) ^ subr(29);
+    CamelliaSubkeyL(29) = subl(28) ^ subl(30);
+    CamelliaSubkeyR(29) = subr(28) ^ subr(30);
+    CamelliaSubkeyL(30) = subl(29) ^ subl(31);
+    CamelliaSubkeyR(30) = subr(29) ^ subr(31);
+    CamelliaSubkeyL(31) = subl(30);
+    CamelliaSubkeyR(31) = subr(30);
+    CamelliaSubkeyL(32) = subl(32) ^ subl(31);
+    CamelliaSubkeyR(32) = subr(32) ^ subr(31);
+
+    /* apply the inverse of the last half of P-function */
+    dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
+    dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
+    dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
+    dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
+    dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
+    dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
+    dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
+    dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
+    dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
+    dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
+    dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
+    dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
+    dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
+    dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
+    dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
+    dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
+    dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
+    dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
+    dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, CamelliaSubkeyL(26) = dw;
+    dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, CamelliaSubkeyL(27) = dw;
+    dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, CamelliaSubkeyL(28) = dw;
+    dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, CamelliaSubkeyL(29) = dw;
+    dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw;
+    dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,CamelliaSubkeyL(31) = dw;
+    
+    return;
+}
+
+void camellia_setup192(const unsigned char *key, PRUint32 *subkey)
+{
+    unsigned char kk[32];
+    PRUint32 krll, krlr, krrl,krrr;
+
+    memcpy(kk, key, 24);
+    memcpy((unsigned char *)&krll, key+16,4);
+    memcpy((unsigned char *)&krlr, key+20,4);
+    krrl = ~krll;
+    krrr = ~krlr;
+    memcpy(kk+24, (unsigned char *)&krrl, 4);
+    memcpy(kk+28, (unsigned char *)&krrr, 4);
+    camellia_setup256(kk, subkey);
+    return;
+}
+
+
+/**
+ * Stuff related to camellia encryption/decryption
+ *
+ */
+SECStatus
+camellia_encrypt128(const PRUint32 *subkey,
+		    unsigned char *output,
+		    const unsigned char *input)
+{
+    PRUint32 il, ir, t0, t1;
+    PRUint32 io[4];
+
+    io[0] = GETU32(input);
+    io[1] = GETU32(input+4);
+    io[2] = GETU32(input+8);
+    io[3] = GETU32(input+12);
+
+    /* pre whitening but absorb kw2*/
+    io[0] ^= CamelliaSubkeyL(0);
+    io[1] ^= CamelliaSubkeyR(0);
+    /* main iteration */
+
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(2),CamelliaSubkeyR(2),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(3),CamelliaSubkeyR(3),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(4),CamelliaSubkeyR(4),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(5),CamelliaSubkeyR(5),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(6),CamelliaSubkeyR(6),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(7),CamelliaSubkeyR(7),
+		     io[0],io[1],il,ir,t0,t1);
+
+    CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+		 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
+		 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
+		 t0,t1,il,ir);
+
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(10),CamelliaSubkeyR(10),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(11),CamelliaSubkeyR(11),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(12),CamelliaSubkeyR(12),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(13),CamelliaSubkeyR(13),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(14),CamelliaSubkeyR(14),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(15),CamelliaSubkeyR(15),
+		     io[0],io[1],il,ir,t0,t1);
+
+    CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+		 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
+		 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
+		 t0,t1,il,ir);
+
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(18),CamelliaSubkeyR(18),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(19),CamelliaSubkeyR(19),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(20),CamelliaSubkeyR(20),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(21),CamelliaSubkeyR(21),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(22),CamelliaSubkeyR(22),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(23),CamelliaSubkeyR(23),
+		     io[0],io[1],il,ir,t0,t1);
+
+    /* post whitening but kw4 */
+    io[2] ^= CamelliaSubkeyL(24);
+    io[3] ^= CamelliaSubkeyR(24);
+
+    t0 = io[0];
+    t1 = io[1];
+    io[0] = io[2];
+    io[1] = io[3];
+    io[2] = t0;
+    io[3] = t1;
+
+    PUTU32(output, io[0]);
+    PUTU32(output+4, io[1]);
+    PUTU32(output+8, io[2]);
+    PUTU32(output+12, io[3]);
+
+    return SECSuccess;
+}
+
+SECStatus
+camellia_decrypt128(const PRUint32 *subkey,
+		    unsigned char *output,
+		    const unsigned char *input)
+{
+    PRUint32 il,ir,t0,t1;               /* temporary valiables */
+    PRUint32 io[4];
+
+    io[0] = GETU32(input);
+    io[1] = GETU32(input+4);
+    io[2] = GETU32(input+8);
+    io[3] = GETU32(input+12);
+
+    /* pre whitening but absorb kw2*/
+    io[0] ^= CamelliaSubkeyL(24);
+    io[1] ^= CamelliaSubkeyR(24);
+
+    /* main iteration */
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(23),CamelliaSubkeyR(23),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(22),CamelliaSubkeyR(22),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(21),CamelliaSubkeyR(21),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(20),CamelliaSubkeyR(20),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(19),CamelliaSubkeyR(19),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(18),CamelliaSubkeyR(18),
+		     io[0],io[1],il,ir,t0,t1);
+
+    CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+		 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
+		 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
+		 t0,t1,il,ir);
+
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(15),CamelliaSubkeyR(15),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(14),CamelliaSubkeyR(14),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(13),CamelliaSubkeyR(13),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(12),CamelliaSubkeyR(12),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(11),CamelliaSubkeyR(11),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(10),CamelliaSubkeyR(10),
+		     io[0],io[1],il,ir,t0,t1);
+
+    CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+		 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
+		 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
+		 t0,t1,il,ir);
+
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(7),CamelliaSubkeyR(7),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(6),CamelliaSubkeyR(6),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(5),CamelliaSubkeyR(5),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(4),CamelliaSubkeyR(4),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(3),CamelliaSubkeyR(3),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(2),CamelliaSubkeyR(2),
+		     io[0],io[1],il,ir,t0,t1);
+
+    /* post whitening but kw4 */
+    io[2] ^= CamelliaSubkeyL(0);
+    io[3] ^= CamelliaSubkeyR(0);
+
+    t0 = io[0];
+    t1 = io[1];
+    io[0] = io[2];
+    io[1] = io[3];
+    io[2] = t0;
+    io[3] = t1;
+
+    PUTU32(output, io[0]);
+    PUTU32(output+4, io[1]);
+    PUTU32(output+8, io[2]);
+    PUTU32(output+12, io[3]);
+
+    return SECSuccess;
+}
+
+/**
+ * stuff for 192 and 256bit encryption/decryption
+ */
+SECStatus
+camellia_encrypt256(const PRUint32 *subkey,
+		    unsigned char *output,
+		    const unsigned char *input)
+{
+    PRUint32 il,ir,t0,t1;           /* temporary valiables */
+    PRUint32 io[4];
+
+    io[0] = GETU32(input);
+    io[1] = GETU32(input+4);
+    io[2] = GETU32(input+8);
+    io[3] = GETU32(input+12);
+
+    /* pre whitening but absorb kw2*/
+    io[0] ^= CamelliaSubkeyL(0);
+    io[1] ^= CamelliaSubkeyR(0);
+
+    /* main iteration */
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(2),CamelliaSubkeyR(2),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(3),CamelliaSubkeyR(3),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(4),CamelliaSubkeyR(4),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(5),CamelliaSubkeyR(5),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(6),CamelliaSubkeyR(6),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(7),CamelliaSubkeyR(7),
+		     io[0],io[1],il,ir,t0,t1);
+
+    CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+		 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
+		 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
+		 t0,t1,il,ir);
+
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(10),CamelliaSubkeyR(10),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(11),CamelliaSubkeyR(11),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(12),CamelliaSubkeyR(12),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(13),CamelliaSubkeyR(13),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(14),CamelliaSubkeyR(14),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(15),CamelliaSubkeyR(15),
+		     io[0],io[1],il,ir,t0,t1);
+
+    CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+		 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
+		 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
+		 t0,t1,il,ir);
+
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(18),CamelliaSubkeyR(18),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(19),CamelliaSubkeyR(19),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(20),CamelliaSubkeyR(20),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(21),CamelliaSubkeyR(21),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(22),CamelliaSubkeyR(22),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(23),CamelliaSubkeyR(23),
+		     io[0],io[1],il,ir,t0,t1);
+
+    CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+		 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
+		 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
+		 t0,t1,il,ir);
+
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(26),CamelliaSubkeyR(26),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(27),CamelliaSubkeyR(27),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(28),CamelliaSubkeyR(28),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(29),CamelliaSubkeyR(29),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(30),CamelliaSubkeyR(30),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(31),CamelliaSubkeyR(31),
+		     io[0],io[1],il,ir,t0,t1);
+
+    /* post whitening but kw4 */
+    io[2] ^= CamelliaSubkeyL(32);
+    io[3] ^= CamelliaSubkeyR(32);
+
+    t0 = io[0];
+    t1 = io[1];
+    io[0] = io[2];
+    io[1] = io[3];
+    io[2] = t0;
+    io[3] = t1;
+
+    PUTU32(output, io[0]);
+    PUTU32(output+4, io[1]);
+    PUTU32(output+8, io[2]);
+    PUTU32(output+12, io[3]);
+
+    return SECSuccess;
+}
+
+SECStatus
+camellia_decrypt256(const PRUint32 *subkey,
+		    unsigned char *output,
+		    const unsigned char *input)
+{
+    PRUint32 il,ir,t0,t1;           /* temporary valiables */
+    PRUint32 io[4];
+
+    io[0] = GETU32(input);
+    io[1] = GETU32(input+4);
+    io[2] = GETU32(input+8);
+    io[3] = GETU32(input+12);
+
+    /* pre whitening but absorb kw2*/
+    io[0] ^= CamelliaSubkeyL(32);
+    io[1] ^= CamelliaSubkeyR(32);
+	
+    /* main iteration */
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(31),CamelliaSubkeyR(31),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(30),CamelliaSubkeyR(30),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(29),CamelliaSubkeyR(29),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(28),CamelliaSubkeyR(28),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(27),CamelliaSubkeyR(27),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(26),CamelliaSubkeyR(26),
+		     io[0],io[1],il,ir,t0,t1);
+
+    CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+		 CamelliaSubkeyL(25),CamelliaSubkeyR(25),
+		 CamelliaSubkeyL(24),CamelliaSubkeyR(24),
+		 t0,t1,il,ir);
+
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(23),CamelliaSubkeyR(23),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(22),CamelliaSubkeyR(22),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(21),CamelliaSubkeyR(21),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(20),CamelliaSubkeyR(20),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(19),CamelliaSubkeyR(19),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(18),CamelliaSubkeyR(18),
+		     io[0],io[1],il,ir,t0,t1);
+
+    CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+		 CamelliaSubkeyL(17),CamelliaSubkeyR(17),
+		 CamelliaSubkeyL(16),CamelliaSubkeyR(16),
+		 t0,t1,il,ir);
+
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(15),CamelliaSubkeyR(15),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(14),CamelliaSubkeyR(14),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(13),CamelliaSubkeyR(13),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(12),CamelliaSubkeyR(12),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(11),CamelliaSubkeyR(11),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(10),CamelliaSubkeyR(10),
+		     io[0],io[1],il,ir,t0,t1);
+
+    CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+		 CamelliaSubkeyL(9),CamelliaSubkeyR(9),
+		 CamelliaSubkeyL(8),CamelliaSubkeyR(8),
+		 t0,t1,il,ir);
+
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(7),CamelliaSubkeyR(7),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(6),CamelliaSubkeyR(6),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(5),CamelliaSubkeyR(5),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(4),CamelliaSubkeyR(4),
+		     io[0],io[1],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[0],io[1],
+		     CamelliaSubkeyL(3),CamelliaSubkeyR(3),
+		     io[2],io[3],il,ir,t0,t1);
+    CAMELLIA_ROUNDSM(io[2],io[3],
+		     CamelliaSubkeyL(2),CamelliaSubkeyR(2),
+		     io[0],io[1],il,ir,t0,t1);
+
+    /* post whitening but kw4 */
+    io[2] ^= CamelliaSubkeyL(0);
+    io[3] ^= CamelliaSubkeyR(0);
+
+    t0 = io[0];
+    t1 = io[1];
+    io[0] = io[2];
+    io[1] = io[3];
+    io[2] = t0;
+    io[3] = t1;
+
+    PUTU32(output, io[0]);
+    PUTU32(output+4, io[1]);
+    PUTU32(output+8, io[2]);
+    PUTU32(output+12, io[3]);
+
+    return SECSuccess;
+}
+
+
+/**************************************************************************
+ *
+ * Stuff related to the Camellia key schedule
+ *
+ *************************************************************************/
+
+SECStatus 
+camellia_key_expansion(CamelliaContext *cx, 
+                       const unsigned char *key, 
+                       const unsigned int keysize)
+{
+    cx->keysize = keysize;
+
+    switch(keysize) {
+    case 16:
+	camellia_setup128(key, cx->expandedKey);
+	break;
+    case 24:
+	camellia_setup192(key, cx->expandedKey);
+	break;
+    case 32:
+	camellia_setup256(key, cx->expandedKey);
+	break;
+    default:
+	break;
+    }
+    return SECSuccess;
+}
+
+
+/**************************************************************************
+ *
+ *  Camellia modes of operation (ECB and CBC)
+ *
+ *************************************************************************/
+
+SECStatus 
+camellia_encryptECB(CamelliaContext *cx, unsigned char *output,
+                    unsigned int *outputLen, unsigned int maxOutputLen,
+                    const unsigned char *input, unsigned int inputLen)
+{
+    CamelliaBlockFunc *encryptor;
+
+    encryptor = (cx->keysize == 16)
+	? &camellia_encrypt128
+	: &camellia_encrypt256;
+
+    while (inputLen > 0) {
+	(*encryptor)(cx->expandedKey, output, input);
+    
+	output += CAMELLIA_BLOCK_SIZE;
+	input += CAMELLIA_BLOCK_SIZE;
+	inputLen -= CAMELLIA_BLOCK_SIZE;
+    }
+    return SECSuccess;
+}
+
+SECStatus 
+camellia_encryptCBC(CamelliaContext *cx, unsigned char *output,
+                    unsigned int *outputLen, unsigned int maxOutputLen,
+                    const unsigned char *input, unsigned int inputLen)
+{
+    unsigned int j;
+    unsigned char *lastblock;
+    unsigned char inblock[CAMELLIA_BLOCK_SIZE];
+    CamelliaBlockFunc *encryptor;
+
+    if (!inputLen)
+	return SECSuccess;
+    lastblock = cx->iv;
+
+    encryptor = (cx->keysize == 16)
+	? &camellia_encrypt128
+	: &camellia_encrypt256;
+
+    while (inputLen > 0) {
+	/* XOR with the last block (IV if first block) */
+	for (j=0; j<CAMELLIA_BLOCK_SIZE; ++j)
+	    inblock[j] = input[j] ^ lastblock[j];
+	/* encrypt */
+	(*encryptor)(cx->expandedKey, output, inblock);
+
+	/* move to the next block */
+	lastblock = output;
+	output += CAMELLIA_BLOCK_SIZE;
+	input += CAMELLIA_BLOCK_SIZE;
+	inputLen -= CAMELLIA_BLOCK_SIZE;
+    }
+    memcpy(cx->iv, lastblock, CAMELLIA_BLOCK_SIZE);
+    return SECSuccess;
+}
+
+SECStatus 
+camellia_decryptECB(CamelliaContext *cx, unsigned char *output,
+                    unsigned int *outputLen, unsigned int maxOutputLen,
+                    const unsigned char *input, unsigned int inputLen)
+{
+    CamelliaBlockFunc *decryptor;
+
+    decryptor = (cx->keysize == 16)
+	? &camellia_decrypt128
+	: &camellia_decrypt256;
+
+
+    while (inputLen > 0) {
+
+	(*decryptor)(cx->expandedKey, output, input);
+
+	output += CAMELLIA_BLOCK_SIZE;
+	input += CAMELLIA_BLOCK_SIZE;
+	inputLen -= CAMELLIA_BLOCK_SIZE;
+    }
+    return SECSuccess;
+}
+
+SECStatus 
+camellia_decryptCBC(CamelliaContext *cx, unsigned char *output,
+                    unsigned int *outputLen, unsigned int maxOutputLen,
+                    const unsigned char *input, unsigned int inputLen)
+{
+    const unsigned char *in;
+    unsigned char *out;
+    unsigned int j;
+    unsigned char newIV[CAMELLIA_BLOCK_SIZE];
+    CamelliaBlockFunc *decryptor;
+
+
+
+    if (!inputLen) 
+	return SECSuccess;
+
+    PORT_Assert(output - input >= 0 || input - output >= (int)inputLen );
+
+    in  = input  + (inputLen - CAMELLIA_BLOCK_SIZE);
+    memcpy(newIV, in, CAMELLIA_BLOCK_SIZE);
+    out = output + (inputLen - CAMELLIA_BLOCK_SIZE);
+
+    decryptor = (cx->keysize == 16)
+	? &camellia_decrypt128
+	: &camellia_decrypt256;
+
+    while (inputLen > CAMELLIA_BLOCK_SIZE) {
+	(*decryptor)(cx->expandedKey, out, in);
+
+	for (j=0; j<CAMELLIA_BLOCK_SIZE; ++j)
+	    out[j] ^= in[(int)(j - CAMELLIA_BLOCK_SIZE)];
+
+	out -= CAMELLIA_BLOCK_SIZE;
+	in -= CAMELLIA_BLOCK_SIZE;
+	inputLen -= CAMELLIA_BLOCK_SIZE;
+    }
+    if (in == input) {
+	(*decryptor)(cx->expandedKey, out, in);
+
+	for (j=0; j<CAMELLIA_BLOCK_SIZE; ++j)
+	    out[j] ^= cx->iv[j];
+    }
+    memcpy(cx->iv, newIV, CAMELLIA_BLOCK_SIZE);
+    return SECSuccess;
+}
+
+/**************************************************************************
+ *
+ * BLAPI Interface functions
+ *
+ *************************************************************************/
+
+CamelliaContext *
+Camellia_AllocateContext(void)
+{
+    return PORT_ZNew(CamelliaContext);
+}
+
+SECStatus   
+Camellia_InitContext(CamelliaContext *cx, const unsigned char *key,
+		     unsigned int keysize, 
+		     const unsigned char *iv, int mode, unsigned int encrypt,
+		     unsigned int unused)
+{
+    if (key == NULL ||
+	(keysize != 16 && keysize != 24 && keysize != 32)) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+    if (mode != NSS_CAMELLIA && mode != NSS_CAMELLIA_CBC) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+    if (mode == NSS_CAMELLIA_CBC && iv == NULL) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+    if (!cx) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+    	return SECFailure;
+    }
+    if (mode == NSS_CAMELLIA_CBC) {
+	memcpy(cx->iv, iv, CAMELLIA_BLOCK_SIZE);
+	cx->worker = (encrypt) ? &camellia_encryptCBC : &camellia_decryptCBC;
+    } else {
+	cx->worker = (encrypt) ? &camellia_encryptECB : &camellia_decryptECB;
+    }
+
+    /* Generate expanded key */
+    if (camellia_key_expansion(cx, key, keysize) != SECSuccess)
+	goto cleanup;
+
+    return SECSuccess;
+cleanup:
+    return SECFailure;
+}
+
+/*
+ * Camellia_CreateContext
+ * create a new context for Camellia operations
+ */
+
+
+CamelliaContext *
+Camellia_CreateContext(const unsigned char *key, const unsigned char *iv, 
+                       int mode, int encrypt,
+                       unsigned int keysize)
+{
+    CamelliaContext *cx;
+
+    if (key == NULL ||
+	(keysize != 16 && keysize != 24 && keysize != 32)) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return NULL;
+    }
+    if (mode != NSS_CAMELLIA && mode != NSS_CAMELLIA_CBC) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return NULL;
+    }
+    if (mode == NSS_CAMELLIA_CBC && iv == NULL) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return NULL;
+    }
+    cx = PORT_ZNew(CamelliaContext);
+    if (!cx) {
+	PORT_SetError(SEC_ERROR_NO_MEMORY);
+	return NULL;
+    }
+
+    /* copy in the iv, if neccessary */
+    if (mode == NSS_CAMELLIA_CBC) {
+	memcpy(cx->iv, iv, CAMELLIA_BLOCK_SIZE);
+	cx->worker = (encrypt) ? &camellia_encryptCBC : &camellia_decryptCBC;
+    } else {
+	cx->worker = (encrypt) ? &camellia_encryptECB : &camellia_decryptECB;
+    }
+    /* copy keysize */
+    cx->keysize = keysize;
+
+    /* Generate expanded key */
+    if (camellia_key_expansion(cx, key, keysize) != SECSuccess)
+	goto cleanup;
+
+    return cx;
+  cleanup:
+    PORT_ZFree(cx, sizeof *cx);
+    return NULL;
+}
+
+/*
+ * Camellia_DestroyContext
+ * 
+ * Zero an Camellia cipher context.  If freeit is true, also free the pointer
+ * to the context.
+ */
+void 
+Camellia_DestroyContext(CamelliaContext *cx, PRBool freeit)
+{
+    if (cx)
+	memset(cx, 0, sizeof *cx);
+    if (freeit)
+	PORT_Free(cx);
+}
+
+/*
+ * Camellia_Encrypt
+ *
+ * Encrypt an arbitrary-length buffer.  The output buffer must already be
+ * allocated to at least inputLen.
+ */
+SECStatus 
+Camellia_Encrypt(CamelliaContext *cx, unsigned char *output,
+                 unsigned int *outputLen, unsigned int maxOutputLen,
+                 const unsigned char *input, unsigned int inputLen)
+{
+
+    /* Check args */
+    if (cx == NULL || output == NULL || input == NULL ||
+	outputLen == NULL) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+
+    if (inputLen % CAMELLIA_BLOCK_SIZE != 0) {
+	PORT_SetError(SEC_ERROR_INPUT_LEN);
+	return SECFailure;
+    }
+    if (maxOutputLen < inputLen) {
+	PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+	return SECFailure;
+    }
+    *outputLen = inputLen;
+
+    return (*cx->worker)(cx, output, outputLen, maxOutputLen,	
+			 input, inputLen);
+}
+
+/*
+ * Camellia_Decrypt
+ *
+ * Decrypt and arbitrary-length buffer.  The output buffer must already be
+ * allocated to at least inputLen.
+ */
+SECStatus 
+Camellia_Decrypt(CamelliaContext *cx, unsigned char *output,
+                 unsigned int *outputLen, unsigned int maxOutputLen,
+                 const unsigned char *input, unsigned int inputLen)
+{
+
+    /* Check args */
+    if (cx == NULL || output == NULL || input == NULL
+	|| outputLen == NULL) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+    if (inputLen % CAMELLIA_BLOCK_SIZE != 0) {
+	PORT_SetError(SEC_ERROR_INPUT_LEN);
+	return SECFailure;
+    }
+    if (maxOutputLen < inputLen) {
+	PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+	return SECFailure;
+    }
+    *outputLen = inputLen;
+
+    return (*cx->worker)(cx, output, outputLen, maxOutputLen,	
+			 input, inputLen);
+}
diff --git a/security/nss/lib/freebl/camellia.h b/security/nss/lib/freebl/camellia.h
new file mode 100644
index 000000000..dc5e195ae
--- /dev/null
+++ b/security/nss/lib/freebl/camellia.h
@@ -0,0 +1,79 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Camellia code.
+ *
+ * The Initial Developer of the Original Code is
+ * NTT(Nippon Telegraph and Telephone Corporation).
+ *
+ * Portions created by the Initial Developer are Copyright (C) 2006
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/*
+ * $Id$
+ */
+
+#ifndef _CAMELLIA_H_
+#define _CAMELLIA_H_ 1
+
+#define CAMELLIA_BLOCK_SIZE 16  /* bytes */
+#define CAMELLIA_MIN_KEYSIZE 16 /* bytes */
+#define CAMELLIA_MAX_KEYSIZE 32 /* bytes */
+
+#define CAMELLIA_MAX_EXPANDEDKEY (34*2) /* 32bit unit */
+
+typedef PRUint32 KEY_TABLE_TYPE[CAMELLIA_MAX_EXPANDEDKEY];
+
+typedef SECStatus CamelliaFunc(CamelliaContext *cx, unsigned char *output,
+			       unsigned int *outputLen,
+			       unsigned int maxOutputLen,
+			       const unsigned char *input,
+			       unsigned int inputLen);
+
+typedef SECStatus CamelliaBlockFunc(const PRUint32 *subkey, 
+				    unsigned char *output,
+				    const unsigned char *input);
+
+/* CamelliaContextStr
+ *
+ * Values which maintain the state for Camellia encryption/decryption.
+ *
+ * keysize     - the number of key bits
+ * worker      - the encryption/decryption function to use with this context
+ * iv          - initialization vector for CBC mode
+ * expandedKey - the round keys in 4-byte words
+ */
+struct CamelliaContextStr
+{
+    PRUint32  keysize; /* bytes */
+    CamelliaFunc  *worker;
+    PRUint32      expandedKey[CAMELLIA_MAX_EXPANDEDKEY];
+    PRUint8 iv[CAMELLIA_BLOCK_SIZE];
+};
+
+#endif /* _CAMELLIA_H_ */
diff --git a/security/nss/lib/freebl/config.mk b/security/nss/lib/freebl/config.mk
new file mode 100644
index 000000000..dc2797ea0
--- /dev/null
+++ b/security/nss/lib/freebl/config.mk
@@ -0,0 +1,117 @@
+#
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the Netscape security libraries.
+#
+# The Initial Developer of the Original Code is
+# Netscape Communications Corporation.
+# Portions created by the Initial Developer are Copyright (C) 1994-2000
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+# only do this in the outermost freebl build.
+ifndef FREEBL_CHILD_BUILD
+
+# We're going to change this build so that it builds libfreebl.a with
+# just loader.c.  Then we have to build this directory twice again to 
+# build the two DSOs.
+# To build libfreebl.a with just loader.c, we must now override many
+# of the make variables setup by the prior inclusion of CORECONF's config.mk
+
+CSRCS		= loader.c 
+SIMPLE_OBJS 	= $(CSRCS:.c=$(OBJ_SUFFIX))
+OBJS 		= $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(SIMPLE_OBJS))
+ALL_TRASH :=    $(TARGETS) $(OBJS) $(OBJDIR) LOGS TAGS $(GARBAGE) \
+                $(NOSUCHFILE) so_locations 
+
+# this is not a recursive child make.  We make a static lib. (archive)
+
+# Override the values defined in coreconf's ruleset.mk.
+#
+# - (1) LIBRARY: a static (archival) library
+# - (2) SHARED_LIBRARY: a shared (dynamic link) library
+# - (3) IMPORT_LIBRARY: an import library, used only on Windows
+# - (4) PROGRAM: an executable binary
+#
+# override these variables to prevent building a DSO/DLL.
+  TARGETS        = $(LIBRARY)
+  SHARED_LIBRARY =
+  IMPORT_LIBRARY =
+  PROGRAM        =
+
+else
+# This is a recursive child make. We build the shared lib.
+
+TARGETS      = $(SHARED_LIBRARY)
+LIBRARY      =
+IMPORT_LIBRARY =
+PROGRAM      =
+
+ifeq ($(OS_TARGET), SunOS)
+OS_LIBS += -lkstat
+endif
+
+ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+
+# don't want the 32 in the shared library name
+SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX)
+
+RES     = $(OBJDIR)/$(LIBRARY_NAME).res
+RESNAME = freebl.rc
+
+ifdef NS_USE_GCC
+EXTRA_SHARED_LIBS += \
+	-L$(DIST)/lib \
+	-lnssutil3 \
+	-L$(NSPR_LIB_DIR) \
+	-lnspr4 \
+	$(NULL)
+else # ! NS_USE_GCC
+EXTRA_SHARED_LIBS += \
+	$(DIST)/lib/nssutil3.lib \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.lib \
+	$(NULL)
+endif # NS_USE_GCC
+
+else
+
+EXTRA_SHARED_LIBS += \
+	-L$(DIST)/lib \
+	-lnssutil3 \
+	-L$(NSPR_LIB_DIR) \
+	-lnspr4 \
+	$(NULL)
+
+endif
+
+ifeq ($(OS_ARCH), Darwin)
+EXTRA_SHARED_LIBS += -dylib_file @executable_path/libplc4.dylib:$(DIST)/lib/libplc4.dylib -dylib_file @executable_path/libplds4.dylib:$(DIST)/lib/libplds4.dylib
+endif
+
+endif
diff --git a/security/nss/lib/freebl/des.c b/security/nss/lib/freebl/des.c
new file mode 100644
index 000000000..92c84692b
--- /dev/null
+++ b/security/nss/lib/freebl/des.c
@@ -0,0 +1,689 @@
+/*
+ *  des.c
+ *
+ *  core source file for DES-150 library
+ *  Make key schedule from DES key.
+ *  Encrypt/Decrypt one 8-byte block.
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the DES-150 library.
+ *
+ * The Initial Developer of the Original Code is
+ * Nelson B. Bolyard, nelsonb@iname.com.
+ * Portions created by the Initial Developer are Copyright (C) 1990
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "des.h"
+#include <stddef.h>	/* for ptrdiff_t */
+/* #define USE_INDEXING 1 */
+
+/*
+ * The tables below are the 8 sbox functions, with the 6-bit input permutation 
+ * and the 32-bit output permutation pre-computed.
+ * They are shifted circularly to the left 3 bits, which removes 2 shifts
+ * and an or from each round by reducing the number of sboxes whose
+ * indices cross word broundaries from 2 to 1.  
+ */
+
+static const HALF SP[8][64] = {
+/* Box S1 */ { 
+	0x04041000, 0x00000000, 0x00040000, 0x04041010, 
+	0x04040010, 0x00041010, 0x00000010, 0x00040000, 
+	0x00001000, 0x04041000, 0x04041010, 0x00001000, 
+	0x04001010, 0x04040010, 0x04000000, 0x00000010, 
+	0x00001010, 0x04001000, 0x04001000, 0x00041000, 
+	0x00041000, 0x04040000, 0x04040000, 0x04001010, 
+	0x00040010, 0x04000010, 0x04000010, 0x00040010, 
+	0x00000000, 0x00001010, 0x00041010, 0x04000000, 
+	0x00040000, 0x04041010, 0x00000010, 0x04040000, 
+	0x04041000, 0x04000000, 0x04000000, 0x00001000, 
+	0x04040010, 0x00040000, 0x00041000, 0x04000010, 
+	0x00001000, 0x00000010, 0x04001010, 0x00041010, 
+	0x04041010, 0x00040010, 0x04040000, 0x04001010, 
+	0x04000010, 0x00001010, 0x00041010, 0x04041000, 
+	0x00001010, 0x04001000, 0x04001000, 0x00000000, 
+	0x00040010, 0x00041000, 0x00000000, 0x04040010
+    },
+/* Box S2 */ { 
+	0x00420082, 0x00020002, 0x00020000, 0x00420080, 
+	0x00400000, 0x00000080, 0x00400082, 0x00020082, 
+	0x00000082, 0x00420082, 0x00420002, 0x00000002, 
+	0x00020002, 0x00400000, 0x00000080, 0x00400082, 
+	0x00420000, 0x00400080, 0x00020082, 0x00000000, 
+	0x00000002, 0x00020000, 0x00420080, 0x00400002, 
+	0x00400080, 0x00000082, 0x00000000, 0x00420000, 
+	0x00020080, 0x00420002, 0x00400002, 0x00020080, 
+	0x00000000, 0x00420080, 0x00400082, 0x00400000, 
+	0x00020082, 0x00400002, 0x00420002, 0x00020000, 
+	0x00400002, 0x00020002, 0x00000080, 0x00420082, 
+	0x00420080, 0x00000080, 0x00020000, 0x00000002, 
+	0x00020080, 0x00420002, 0x00400000, 0x00000082, 
+	0x00400080, 0x00020082, 0x00000082, 0x00400080, 
+	0x00420000, 0x00000000, 0x00020002, 0x00020080, 
+	0x00000002, 0x00400082, 0x00420082, 0x00420000 
+    },
+/* Box S3 */ { 
+	0x00000820, 0x20080800, 0x00000000, 0x20080020, 
+	0x20000800, 0x00000000, 0x00080820, 0x20000800, 
+	0x00080020, 0x20000020, 0x20000020, 0x00080000, 
+	0x20080820, 0x00080020, 0x20080000, 0x00000820, 
+	0x20000000, 0x00000020, 0x20080800, 0x00000800, 
+	0x00080800, 0x20080000, 0x20080020, 0x00080820, 
+	0x20000820, 0x00080800, 0x00080000, 0x20000820, 
+	0x00000020, 0x20080820, 0x00000800, 0x20000000, 
+	0x20080800, 0x20000000, 0x00080020, 0x00000820, 
+	0x00080000, 0x20080800, 0x20000800, 0x00000000, 
+	0x00000800, 0x00080020, 0x20080820, 0x20000800, 
+	0x20000020, 0x00000800, 0x00000000, 0x20080020, 
+	0x20000820, 0x00080000, 0x20000000, 0x20080820, 
+	0x00000020, 0x00080820, 0x00080800, 0x20000020, 
+	0x20080000, 0x20000820, 0x00000820, 0x20080000, 
+	0x00080820, 0x00000020, 0x20080020, 0x00080800 
+    },
+/* Box S4 */ { 
+	0x02008004, 0x00008204, 0x00008204, 0x00000200, 
+	0x02008200, 0x02000204, 0x02000004, 0x00008004, 
+	0x00000000, 0x02008000, 0x02008000, 0x02008204, 
+	0x00000204, 0x00000000, 0x02000200, 0x02000004, 
+	0x00000004, 0x00008000, 0x02000000, 0x02008004, 
+	0x00000200, 0x02000000, 0x00008004, 0x00008200, 
+	0x02000204, 0x00000004, 0x00008200, 0x02000200, 
+	0x00008000, 0x02008200, 0x02008204, 0x00000204, 
+	0x02000200, 0x02000004, 0x02008000, 0x02008204, 
+	0x00000204, 0x00000000, 0x00000000, 0x02008000, 
+	0x00008200, 0x02000200, 0x02000204, 0x00000004, 
+	0x02008004, 0x00008204, 0x00008204, 0x00000200, 
+	0x02008204, 0x00000204, 0x00000004, 0x00008000, 
+	0x02000004, 0x00008004, 0x02008200, 0x02000204, 
+	0x00008004, 0x00008200, 0x02000000, 0x02008004, 
+	0x00000200, 0x02000000, 0x00008000, 0x02008200 
+    },
+/* Box S5 */ { 
+	0x00000400, 0x08200400, 0x08200000, 0x08000401, 
+	0x00200000, 0x00000400, 0x00000001, 0x08200000, 
+	0x00200401, 0x00200000, 0x08000400, 0x00200401, 
+	0x08000401, 0x08200001, 0x00200400, 0x00000001, 
+	0x08000000, 0x00200001, 0x00200001, 0x00000000, 
+	0x00000401, 0x08200401, 0x08200401, 0x08000400, 
+	0x08200001, 0x00000401, 0x00000000, 0x08000001, 
+	0x08200400, 0x08000000, 0x08000001, 0x00200400, 
+	0x00200000, 0x08000401, 0x00000400, 0x08000000, 
+	0x00000001, 0x08200000, 0x08000401, 0x00200401, 
+	0x08000400, 0x00000001, 0x08200001, 0x08200400, 
+	0x00200401, 0x00000400, 0x08000000, 0x08200001, 
+	0x08200401, 0x00200400, 0x08000001, 0x08200401, 
+	0x08200000, 0x00000000, 0x00200001, 0x08000001, 
+	0x00200400, 0x08000400, 0x00000401, 0x00200000, 
+	0x00000000, 0x00200001, 0x08200400, 0x00000401
+    },
+/* Box S6 */ { 
+	0x80000040, 0x81000000, 0x00010000, 0x81010040, 
+	0x81000000, 0x00000040, 0x81010040, 0x01000000, 
+	0x80010000, 0x01010040, 0x01000000, 0x80000040, 
+	0x01000040, 0x80010000, 0x80000000, 0x00010040, 
+	0x00000000, 0x01000040, 0x80010040, 0x00010000, 
+	0x01010000, 0x80010040, 0x00000040, 0x81000040, 
+	0x81000040, 0x00000000, 0x01010040, 0x81010000, 
+	0x00010040, 0x01010000, 0x81010000, 0x80000000, 
+	0x80010000, 0x00000040, 0x81000040, 0x01010000, 
+	0x81010040, 0x01000000, 0x00010040, 0x80000040, 
+	0x01000000, 0x80010000, 0x80000000, 0x00010040, 
+	0x80000040, 0x81010040, 0x01010000, 0x81000000, 
+	0x01010040, 0x81010000, 0x00000000, 0x81000040, 
+	0x00000040, 0x00010000, 0x81000000, 0x01010040, 
+	0x00010000, 0x01000040, 0x80010040, 0x00000000, 
+	0x81010000, 0x80000000, 0x01000040, 0x80010040 
+    },
+/* Box S7 */ { 
+	0x00800000, 0x10800008, 0x10002008, 0x00000000, 
+	0x00002000, 0x10002008, 0x00802008, 0x10802000, 
+	0x10802008, 0x00800000, 0x00000000, 0x10000008, 
+	0x00000008, 0x10000000, 0x10800008, 0x00002008, 
+	0x10002000, 0x00802008, 0x00800008, 0x10002000, 
+	0x10000008, 0x10800000, 0x10802000, 0x00800008, 
+	0x10800000, 0x00002000, 0x00002008, 0x10802008, 
+	0x00802000, 0x00000008, 0x10000000, 0x00802000, 
+	0x10000000, 0x00802000, 0x00800000, 0x10002008, 
+	0x10002008, 0x10800008, 0x10800008, 0x00000008, 
+	0x00800008, 0x10000000, 0x10002000, 0x00800000, 
+	0x10802000, 0x00002008, 0x00802008, 0x10802000, 
+	0x00002008, 0x10000008, 0x10802008, 0x10800000, 
+	0x00802000, 0x00000000, 0x00000008, 0x10802008, 
+	0x00000000, 0x00802008, 0x10800000, 0x00002000, 
+	0x10000008, 0x10002000, 0x00002000, 0x00800008 
+    },
+/* Box S8 */ { 
+	0x40004100, 0x00004000, 0x00100000, 0x40104100, 
+	0x40000000, 0x40004100, 0x00000100, 0x40000000, 
+	0x00100100, 0x40100000, 0x40104100, 0x00104000, 
+	0x40104000, 0x00104100, 0x00004000, 0x00000100, 
+	0x40100000, 0x40000100, 0x40004000, 0x00004100, 
+	0x00104000, 0x00100100, 0x40100100, 0x40104000, 
+	0x00004100, 0x00000000, 0x00000000, 0x40100100, 
+	0x40000100, 0x40004000, 0x00104100, 0x00100000, 
+	0x00104100, 0x00100000, 0x40104000, 0x00004000, 
+	0x00000100, 0x40100100, 0x00004000, 0x00104100, 
+	0x40004000, 0x00000100, 0x40000100, 0x40100000, 
+	0x40100100, 0x40000000, 0x00100000, 0x40004100, 
+	0x00000000, 0x40104100, 0x00100100, 0x40000100, 
+	0x40100000, 0x40004000, 0x40004100, 0x00000000, 
+	0x40104100, 0x00104000, 0x00104000, 0x00004100, 
+	0x00004100, 0x00100100, 0x40000000, 0x40104000 
+    }
+};
+
+static const HALF PC2[8][64] = {
+/* table 0 */ {
+    0x00000000, 0x00001000, 0x04000000, 0x04001000, 
+    0x00100000, 0x00101000, 0x04100000, 0x04101000, 
+    0x00008000, 0x00009000, 0x04008000, 0x04009000, 
+    0x00108000, 0x00109000, 0x04108000, 0x04109000, 
+    0x00000004, 0x00001004, 0x04000004, 0x04001004, 
+    0x00100004, 0x00101004, 0x04100004, 0x04101004, 
+    0x00008004, 0x00009004, 0x04008004, 0x04009004, 
+    0x00108004, 0x00109004, 0x04108004, 0x04109004, 
+    0x08000000, 0x08001000, 0x0c000000, 0x0c001000, 
+    0x08100000, 0x08101000, 0x0c100000, 0x0c101000, 
+    0x08008000, 0x08009000, 0x0c008000, 0x0c009000, 
+    0x08108000, 0x08109000, 0x0c108000, 0x0c109000, 
+    0x08000004, 0x08001004, 0x0c000004, 0x0c001004, 
+    0x08100004, 0x08101004, 0x0c100004, 0x0c101004, 
+    0x08008004, 0x08009004, 0x0c008004, 0x0c009004, 
+    0x08108004, 0x08109004, 0x0c108004, 0x0c109004
+  },
+/* table 1 */ {
+    0x00000000, 0x00002000, 0x80000000, 0x80002000, 
+    0x00000008, 0x00002008, 0x80000008, 0x80002008, 
+    0x00200000, 0x00202000, 0x80200000, 0x80202000, 
+    0x00200008, 0x00202008, 0x80200008, 0x80202008, 
+    0x20000000, 0x20002000, 0xa0000000, 0xa0002000, 
+    0x20000008, 0x20002008, 0xa0000008, 0xa0002008, 
+    0x20200000, 0x20202000, 0xa0200000, 0xa0202000, 
+    0x20200008, 0x20202008, 0xa0200008, 0xa0202008, 
+    0x00000400, 0x00002400, 0x80000400, 0x80002400, 
+    0x00000408, 0x00002408, 0x80000408, 0x80002408, 
+    0x00200400, 0x00202400, 0x80200400, 0x80202400, 
+    0x00200408, 0x00202408, 0x80200408, 0x80202408, 
+    0x20000400, 0x20002400, 0xa0000400, 0xa0002400, 
+    0x20000408, 0x20002408, 0xa0000408, 0xa0002408, 
+    0x20200400, 0x20202400, 0xa0200400, 0xa0202400, 
+    0x20200408, 0x20202408, 0xa0200408, 0xa0202408
+  },
+/* table 2 */ {
+    0x00000000, 0x00004000, 0x00000020, 0x00004020, 
+    0x00080000, 0x00084000, 0x00080020, 0x00084020, 
+    0x00000800, 0x00004800, 0x00000820, 0x00004820, 
+    0x00080800, 0x00084800, 0x00080820, 0x00084820, 
+    0x00000010, 0x00004010, 0x00000030, 0x00004030, 
+    0x00080010, 0x00084010, 0x00080030, 0x00084030, 
+    0x00000810, 0x00004810, 0x00000830, 0x00004830, 
+    0x00080810, 0x00084810, 0x00080830, 0x00084830, 
+    0x00400000, 0x00404000, 0x00400020, 0x00404020, 
+    0x00480000, 0x00484000, 0x00480020, 0x00484020, 
+    0x00400800, 0x00404800, 0x00400820, 0x00404820, 
+    0x00480800, 0x00484800, 0x00480820, 0x00484820, 
+    0x00400010, 0x00404010, 0x00400030, 0x00404030, 
+    0x00480010, 0x00484010, 0x00480030, 0x00484030, 
+    0x00400810, 0x00404810, 0x00400830, 0x00404830, 
+    0x00480810, 0x00484810, 0x00480830, 0x00484830 
+  },
+/* table 3 */ {
+    0x00000000, 0x40000000, 0x00000080, 0x40000080, 
+    0x00040000, 0x40040000, 0x00040080, 0x40040080, 
+    0x00000040, 0x40000040, 0x000000c0, 0x400000c0, 
+    0x00040040, 0x40040040, 0x000400c0, 0x400400c0, 
+    0x10000000, 0x50000000, 0x10000080, 0x50000080, 
+    0x10040000, 0x50040000, 0x10040080, 0x50040080, 
+    0x10000040, 0x50000040, 0x100000c0, 0x500000c0, 
+    0x10040040, 0x50040040, 0x100400c0, 0x500400c0, 
+    0x00800000, 0x40800000, 0x00800080, 0x40800080, 
+    0x00840000, 0x40840000, 0x00840080, 0x40840080, 
+    0x00800040, 0x40800040, 0x008000c0, 0x408000c0, 
+    0x00840040, 0x40840040, 0x008400c0, 0x408400c0, 
+    0x10800000, 0x50800000, 0x10800080, 0x50800080, 
+    0x10840000, 0x50840000, 0x10840080, 0x50840080, 
+    0x10800040, 0x50800040, 0x108000c0, 0x508000c0, 
+    0x10840040, 0x50840040, 0x108400c0, 0x508400c0 
+  },
+/* table 4 */ {
+    0x00000000, 0x00000008, 0x08000000, 0x08000008, 
+    0x00040000, 0x00040008, 0x08040000, 0x08040008, 
+    0x00002000, 0x00002008, 0x08002000, 0x08002008, 
+    0x00042000, 0x00042008, 0x08042000, 0x08042008, 
+    0x80000000, 0x80000008, 0x88000000, 0x88000008, 
+    0x80040000, 0x80040008, 0x88040000, 0x88040008, 
+    0x80002000, 0x80002008, 0x88002000, 0x88002008, 
+    0x80042000, 0x80042008, 0x88042000, 0x88042008, 
+    0x00080000, 0x00080008, 0x08080000, 0x08080008, 
+    0x000c0000, 0x000c0008, 0x080c0000, 0x080c0008, 
+    0x00082000, 0x00082008, 0x08082000, 0x08082008, 
+    0x000c2000, 0x000c2008, 0x080c2000, 0x080c2008, 
+    0x80080000, 0x80080008, 0x88080000, 0x88080008, 
+    0x800c0000, 0x800c0008, 0x880c0000, 0x880c0008, 
+    0x80082000, 0x80082008, 0x88082000, 0x88082008, 
+    0x800c2000, 0x800c2008, 0x880c2000, 0x880c2008 
+  },
+/* table 5 */ {
+    0x00000000, 0x00400000, 0x00008000, 0x00408000, 
+    0x40000000, 0x40400000, 0x40008000, 0x40408000, 
+    0x00000020, 0x00400020, 0x00008020, 0x00408020, 
+    0x40000020, 0x40400020, 0x40008020, 0x40408020, 
+    0x00001000, 0x00401000, 0x00009000, 0x00409000, 
+    0x40001000, 0x40401000, 0x40009000, 0x40409000, 
+    0x00001020, 0x00401020, 0x00009020, 0x00409020, 
+    0x40001020, 0x40401020, 0x40009020, 0x40409020, 
+    0x00100000, 0x00500000, 0x00108000, 0x00508000, 
+    0x40100000, 0x40500000, 0x40108000, 0x40508000, 
+    0x00100020, 0x00500020, 0x00108020, 0x00508020, 
+    0x40100020, 0x40500020, 0x40108020, 0x40508020, 
+    0x00101000, 0x00501000, 0x00109000, 0x00509000, 
+    0x40101000, 0x40501000, 0x40109000, 0x40509000, 
+    0x00101020, 0x00501020, 0x00109020, 0x00509020, 
+    0x40101020, 0x40501020, 0x40109020, 0x40509020 
+  },
+/* table 6 */ {
+    0x00000000, 0x00000040, 0x04000000, 0x04000040, 
+    0x00000800, 0x00000840, 0x04000800, 0x04000840, 
+    0x00800000, 0x00800040, 0x04800000, 0x04800040, 
+    0x00800800, 0x00800840, 0x04800800, 0x04800840, 
+    0x10000000, 0x10000040, 0x14000000, 0x14000040, 
+    0x10000800, 0x10000840, 0x14000800, 0x14000840, 
+    0x10800000, 0x10800040, 0x14800000, 0x14800040, 
+    0x10800800, 0x10800840, 0x14800800, 0x14800840, 
+    0x00000080, 0x000000c0, 0x04000080, 0x040000c0, 
+    0x00000880, 0x000008c0, 0x04000880, 0x040008c0, 
+    0x00800080, 0x008000c0, 0x04800080, 0x048000c0, 
+    0x00800880, 0x008008c0, 0x04800880, 0x048008c0, 
+    0x10000080, 0x100000c0, 0x14000080, 0x140000c0, 
+    0x10000880, 0x100008c0, 0x14000880, 0x140008c0, 
+    0x10800080, 0x108000c0, 0x14800080, 0x148000c0, 
+    0x10800880, 0x108008c0, 0x14800880, 0x148008c0 
+  },
+/* table 7 */ {
+    0x00000000, 0x00000010, 0x00000400, 0x00000410, 
+    0x00000004, 0x00000014, 0x00000404, 0x00000414, 
+    0x00004000, 0x00004010, 0x00004400, 0x00004410, 
+    0x00004004, 0x00004014, 0x00004404, 0x00004414, 
+    0x20000000, 0x20000010, 0x20000400, 0x20000410, 
+    0x20000004, 0x20000014, 0x20000404, 0x20000414, 
+    0x20004000, 0x20004010, 0x20004400, 0x20004410, 
+    0x20004004, 0x20004014, 0x20004404, 0x20004414, 
+    0x00200000, 0x00200010, 0x00200400, 0x00200410, 
+    0x00200004, 0x00200014, 0x00200404, 0x00200414, 
+    0x00204000, 0x00204010, 0x00204400, 0x00204410, 
+    0x00204004, 0x00204014, 0x00204404, 0x00204414, 
+    0x20200000, 0x20200010, 0x20200400, 0x20200410, 
+    0x20200004, 0x20200014, 0x20200404, 0x20200414, 
+    0x20204000, 0x20204010, 0x20204400, 0x20204410, 
+    0x20204004, 0x20204014, 0x20204404, 0x20204414 
+  }
+};
+
+/*
+ * The PC-1 Permutation
+ * If we number the bits of the 8 bytes of key input like this (in octal):
+ *     00 01 02 03 04 05 06 07 
+ *     10 11 12 13 14 15 16 17 
+ *     20 21 22 23 24 25 26 27 
+ *     30 31 32 33 34 35 36 37 
+ *     40 41 42 43 44 45 46 47 
+ *     50 51 52 53 54 55 56 57 
+ *     60 61 62 63 64 65 66 67 
+ *     70 71 72 73 74 75 76 77 
+ * then after the PC-1 permutation, 
+ * C0 is
+ *     70 60 50 40 30 20 10 00 
+ *     71 61 51 41 31 21 11 01 
+ *     72 62 52 42 32 22 12 02 
+ *     73 63 53 43 
+ * D0 is
+ *     76 66 56 46 36 26 16 06 
+ *     75 65 55 45 35 25 15 05 
+ *     74 64 54 44 34 24 14 04 
+ *                 33 23 13 03 
+ * and these parity bits have been discarded:
+ *     77 67 57 47 37 27 17 07 
+ * 
+ * We achieve this by flipping the input matrix about the diagonal from 70-07,
+ * getting left = 
+ *     77 67 57 47 37 27 17 07 	(these are the parity bits)
+ *     76 66 56 46 36 26 16 06 
+ *     75 65 55 45 35 25 15 05 
+ *     74 64 54 44 34 24 14 04 
+ * right = 
+ *     73 63 53 43 33 23 13 03 
+ *     72 62 52 42 32 22 12 02 
+ *     71 61 51 41 31 21 11 01 
+ *     70 60 50 40 30 20 10 00 
+ * then byte swap right, ala htonl() on a little endian machine.
+ * right = 
+ *     70 60 50 40 30 20 10 00 
+ *     71 67 57 47 37 27 11 07 
+ *     72 62 52 42 32 22 12 02 
+ *     73 63 53 43 33 23 13 03 
+ * then
+ *     c0 = right >> 4;
+ *     d0 = ((left & 0x00ffffff) << 4) | (right & 0xf);
+*/
+
+#define FLIP_RIGHT_DIAGONAL(word, temp) \
+    temp  = (word ^ (word >> 18)) & 0x00003333; \
+    word ^=  temp | (temp << 18); \
+    temp  = (word ^ (word >> 9)) & 0x00550055; \
+    word ^=  temp | (temp << 9);
+
+#define BYTESWAP(word, temp) \
+    word = (word >> 16) | (word << 16); \
+    temp = 0x00ff00ff; \
+    word = ((word & temp) << 8) | ((word >> 8) & temp); 
+
+#define PC1(left, right, c0, d0, temp) \
+    right ^= temp = ((left >> 4) ^ right) & 0x0f0f0f0f; \
+    left  ^= temp << 4; \
+    FLIP_RIGHT_DIAGONAL(left, temp); \
+    FLIP_RIGHT_DIAGONAL(right, temp); \
+    BYTESWAP(right, temp); \
+    c0 = right >> 4; \
+    d0 = ((left & 0x00ffffff) << 4) | (right & 0xf); 
+
+#define LEFT_SHIFT_1( reg ) (((reg << 1) | (reg >> 27)) & 0x0FFFFFFF)
+#define LEFT_SHIFT_2( reg ) (((reg << 2) | (reg >> 26)) & 0x0FFFFFFF)
+
+/*
+ *   setup key schedules from key
+ */
+
+void 
+DES_MakeSchedule( HALF * ks, const BYTE * key,   DESDirection direction)
+{
+    register HALF left, right;
+    register HALF c0, d0;
+    register HALF temp;
+    int           delta;
+    unsigned int  ls;
+
+#if defined(_X86_)
+    left  = HALFPTR(key)[0]; 
+    right = HALFPTR(key)[1]; 
+    BYTESWAP(left, temp);
+    BYTESWAP(right, temp);
+#else
+    if (((ptrdiff_t)key & 0x03) == 0) {
+	left  = HALFPTR(key)[0]; 
+	right = HALFPTR(key)[1]; 
+#if defined(IS_LITTLE_ENDIAN)
+	BYTESWAP(left, temp);
+	BYTESWAP(right, temp);
+#endif
+    } else {
+	left    = ((HALF)key[0] << 24) | ((HALF)key[1] << 16) | 
+		  ((HALF)key[2] << 8)  | key[3];
+	right   = ((HALF)key[4] << 24) | ((HALF)key[5] << 16) | 
+		  ((HALF)key[6] << 8)  | key[7];
+    }
+#endif
+
+    PC1(left, right, c0, d0, temp);
+
+    if (direction == DES_ENCRYPT) {
+	delta = 2 * (int)sizeof(HALF);
+    } else {
+	ks += 30;
+	delta = (-2) * (int)sizeof(HALF);
+    }
+
+    for (ls = 0x8103; ls; ls >>= 1) {
+	if ( ls & 1 ) {
+	    c0 = LEFT_SHIFT_1( c0 );
+	    d0 = LEFT_SHIFT_1( d0 );
+	} else {
+	    c0 = LEFT_SHIFT_2( c0 );
+	    d0 = LEFT_SHIFT_2( d0 );
+	}
+
+#ifdef USE_INDEXING
+#define PC2LOOKUP(b,c) PC2[b][c]
+
+	left   = PC2LOOKUP(0, ((c0 >> 22) & 0x3F) );
+	left  |= PC2LOOKUP(1, ((c0 >> 13) & 0x3F) );
+	left  |= PC2LOOKUP(2, ((c0 >>  4) & 0x38) | (c0 & 0x7) );
+	left  |= PC2LOOKUP(3, ((c0>>18)&0xC) | ((c0>>11)&0x3) | (c0&0x30));
+
+	right  = PC2LOOKUP(4, ((d0 >> 22) & 0x3F) );
+	right |= PC2LOOKUP(5, ((d0 >> 15) & 0x30) | ((d0 >> 14) & 0xf) );
+	right |= PC2LOOKUP(6, ((d0 >>  7) & 0x3F) );
+	right |= PC2LOOKUP(7, ((d0 >>  1) & 0x3C) | (d0 & 0x3));
+#else
+#define PC2LOOKUP(b,c) *(HALF *)((BYTE *)&PC2[b][0]+(c))
+
+	left   = PC2LOOKUP(0, ((c0 >> 20) & 0xFC) );
+	left  |= PC2LOOKUP(1, ((c0 >> 11) & 0xFC) );
+	left  |= PC2LOOKUP(2, ((c0 >>  2) & 0xE0) | ((c0 <<  2) & 0x1C) );
+	left  |= PC2LOOKUP(3, ((c0>>16)&0x30)|((c0>>9)&0xC)|((c0<<2)&0xC0));
+
+	right  = PC2LOOKUP(4, ((d0 >> 20) & 0xFC) );
+	right |= PC2LOOKUP(5, ((d0 >> 13) & 0xC0) | ((d0 >> 12) & 0x3C) );
+	right |= PC2LOOKUP(6, ((d0 >>  5) & 0xFC) );
+	right |= PC2LOOKUP(7, ((d0 <<  1) & 0xF0) | ((d0 << 2) & 0x0C));
+#endif
+	/* left  contains key bits for S1 S3 S2 S4 */
+	/* right contains key bits for S6 S8 S5 S7 */
+	temp = (left  << 16)        /* S2 S4 XX XX */
+	     | (right >> 16);       /* XX XX S6 S8 */
+	ks[0] = temp;
+
+	temp = (left  & 0xffff0000) /* S1 S3 XX XX */
+	     | (right & 0x0000ffff);/* XX XX S5 S7 */
+	ks[1] = temp;
+
+	ks = (HALF*)((BYTE *)ks + delta);
+    }
+}
+
+/*
+ * The DES Initial Permutation
+ * if we number the bits of the 8 bytes of input like this (in octal):
+ *     00 01 02 03 04 05 06 07 
+ *     10 11 12 13 14 15 16 17 
+ *     20 21 22 23 24 25 26 27 
+ *     30 31 32 33 34 35 36 37 
+ *     40 41 42 43 44 45 46 47 
+ *     50 51 52 53 54 55 56 57 
+ *     60 61 62 63 64 65 66 67 
+ *     70 71 72 73 74 75 76 77 
+ * then after the initial permutation, they will be in this order. 
+ *     71 61 51 41 31 21 11 01 
+ *     73 63 53 43 33 23 13 03 
+ *     75 65 55 45 35 25 15 05 
+ *     77 67 57 47 37 27 17 07 
+ *     70 60 50 40 30 20 10 00 
+ *     72 62 52 42 32 22 12 02 
+ *     74 64 54 44 34 24 14 04 
+ *     76 66 56 46 36 26 16 06 
+ *
+ * One way to do this is in two steps:
+ * 1. Flip this matrix about the diagonal from 70-07 as done for PC1.
+ * 2. Rearrange the bytes (rows in the matrix above) with the following code.
+ *
+ * #define swapHiLo(word, temp) \
+ *   temp  = (word ^ (word >> 24)) & 0x000000ff; \
+ *   word ^=  temp | (temp << 24); 
+ *
+ *   right ^= temp = ((left << 8) ^ right) & 0xff00ff00; 
+ *   left  ^= temp >> 8; 
+ *   swapHiLo(left, temp);
+ *   swapHiLo(right,temp);
+ *
+ * However, the two steps can be combined, so that the rows are rearranged
+ * while the matrix is being flipped, reducing the number of bit exchange
+ * operations from 8 ot 5.  
+ *
+ * Initial Permutation */
+#define IP(left, right, temp) \
+    right ^= temp = ((left >> 4) ^  right) & 0x0f0f0f0f; \
+    left  ^= temp << 4; \
+    right ^= temp = ((left >> 16) ^ right) & 0x0000ffff; \
+    left  ^= temp << 16; \
+    right ^= temp = ((left << 2) ^ right) & 0xcccccccc; \
+    left  ^= temp >> 2; \
+    right ^= temp = ((left << 8) ^ right) & 0xff00ff00; \
+    left  ^= temp >> 8; \
+    right ^= temp = ((left >> 1) ^ right) & 0x55555555; \
+    left  ^= temp << 1; 
+
+/* The Final (Inverse Initial) permutation is done by reversing the 
+** steps of the Initital Permutation 
+*/
+
+#define FP(left, right, temp) \
+    right ^= temp = ((left >> 1) ^ right) & 0x55555555; \
+    left  ^= temp << 1; \
+    right ^= temp = ((left << 8) ^ right) & 0xff00ff00; \
+    left  ^= temp >> 8; \
+    right ^= temp = ((left << 2) ^ right) & 0xcccccccc; \
+    left  ^= temp >> 2; \
+    right ^= temp = ((left >> 16) ^ right) & 0x0000ffff; \
+    left  ^= temp << 16; \
+    right ^= temp = ((left >> 4) ^  right) & 0x0f0f0f0f; \
+    left  ^= temp << 4; 
+
+void 
+DES_Do1Block(HALF * ks, const BYTE * inbuf, BYTE * outbuf)
+{
+    register HALF left, right;
+    register HALF temp;
+
+#if defined(_X86_)
+    left  = HALFPTR(inbuf)[0]; 
+    right = HALFPTR(inbuf)[1]; 
+    BYTESWAP(left, temp);
+    BYTESWAP(right, temp);
+#else
+    if (((ptrdiff_t)inbuf & 0x03) == 0) {
+	left  = HALFPTR(inbuf)[0]; 
+	right = HALFPTR(inbuf)[1]; 
+#if defined(IS_LITTLE_ENDIAN)
+	BYTESWAP(left, temp);
+	BYTESWAP(right, temp);
+#endif
+    } else {
+	left    = ((HALF)inbuf[0] << 24) | ((HALF)inbuf[1] << 16) | 
+		  ((HALF)inbuf[2] << 8)  | inbuf[3];
+	right   = ((HALF)inbuf[4] << 24) | ((HALF)inbuf[5] << 16) | 
+		  ((HALF)inbuf[6] << 8)  | inbuf[7];
+    }
+#endif
+
+    IP(left, right, temp);
+
+    /* shift the values left circularly 3 bits. */
+    left  = (left  << 3) | (left  >> 29);
+    right = (right << 3) | (right >> 29);
+
+#ifdef USE_INDEXING
+#define KSLOOKUP(s,b) SP[s][((temp >> (b+2)) & 0x3f)]
+#else
+#define KSLOOKUP(s,b) *(HALF*)((BYTE*)&SP[s][0]+((temp >> b) & 0xFC))
+#endif
+#define ROUND(out, in, r) \
+    temp  = in ^ ks[2*r]; \
+    out ^= KSLOOKUP( 1,  24 ); \
+    out ^= KSLOOKUP( 3,  16 ); \
+    out ^= KSLOOKUP( 5,   8 ); \
+    out ^= KSLOOKUP( 7,   0 ); \
+    temp  = ((in >> 4) | (in << 28)) ^ ks[2*r+1]; \
+    out ^= KSLOOKUP( 0,  24 ); \
+    out ^= KSLOOKUP( 2,  16 ); \
+    out ^= KSLOOKUP( 4,   8 ); \
+    out ^= KSLOOKUP( 6,   0 ); 
+
+    /* Do the 16 Feistel rounds */
+    ROUND(left, right, 0)
+    ROUND(right, left, 1)
+    ROUND(left, right, 2)
+    ROUND(right, left, 3)
+    ROUND(left, right, 4)
+    ROUND(right, left, 5)
+    ROUND(left, right, 6)
+    ROUND(right, left, 7)
+    ROUND(left, right, 8)
+    ROUND(right, left, 9)
+    ROUND(left, right, 10)
+    ROUND(right, left, 11)
+    ROUND(left, right, 12)
+    ROUND(right, left, 13)
+    ROUND(left, right, 14)
+    ROUND(right, left, 15)
+
+    /* now shift circularly right 3 bits to undo the shifting done 
+    ** above.  switch left and right here. 
+    */
+    temp  = (left >> 3) | (left << 29); 
+    left  = (right >> 3) | (right << 29); 
+    right = temp;
+
+    FP(left, right, temp);
+
+#if defined(_X86_)
+    BYTESWAP(left, temp);
+    BYTESWAP(right, temp);
+    HALFPTR(outbuf)[0]  = left; 
+    HALFPTR(outbuf)[1]  = right; 
+#else
+    if (((ptrdiff_t)outbuf & 0x03) == 0) {
+#if defined(IS_LITTLE_ENDIAN)
+	BYTESWAP(left, temp);
+	BYTESWAP(right, temp);
+#endif
+	HALFPTR(outbuf)[0]  = left; 
+	HALFPTR(outbuf)[1]  = right; 
+    } else {
+	outbuf[0] = (BYTE)(left >> 24);
+	outbuf[1] = (BYTE)(left >> 16);
+	outbuf[2] = (BYTE)(left >>  8);
+	outbuf[3] = (BYTE)(left      );
+
+	outbuf[4] = (BYTE)(right >> 24);
+	outbuf[5] = (BYTE)(right >> 16);
+	outbuf[6] = (BYTE)(right >>  8);
+	outbuf[7] = (BYTE)(right      );
+    }
+#endif
+
+}
+
+/* Ackowledgements:
+** Two ideas used in this implementation were shown to me by Dennis Ferguson 
+** in 1990.  He credits them to Richard Outerbridge and Dan Hoey.  They were:
+** 1. The method of computing the Initial and Final permutations.
+** 2. Circularly rotating the SP tables and the initial values of left and 
+**	right to reduce the number of shifts required during the 16 rounds.
+*/
diff --git a/security/nss/lib/freebl/des.h b/security/nss/lib/freebl/des.h
new file mode 100644
index 000000000..1191f026e
--- /dev/null
+++ b/security/nss/lib/freebl/des.h
@@ -0,0 +1,75 @@
+/*
+ *  des.h
+ *
+ *  header file for DES-150 library
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the DES-150 library.
+ *
+ * The Initial Developer of the Original Code is
+ * Nelson B. Bolyard, nelsonb@iname.com.
+ * Portions created by the Initial Developer are Copyright (C) 1990
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#ifndef _DES_H_
+#define _DES_H_ 1
+
+#include "blapi.h"
+
+typedef unsigned char BYTE;
+typedef unsigned int  HALF;
+
+#define HALFPTR(x) ((HALF *)(x))
+#define SHORTPTR(x) ((unsigned short *)(x))
+#define BYTEPTR(x) ((BYTE *)(x))
+
+typedef enum {
+    DES_ENCRYPT = 0x5555,
+    DES_DECRYPT = 0xAAAA
+} DESDirection;
+
+typedef void DESFunc(struct DESContextStr *cx, BYTE *out, const BYTE *in, 
+                     unsigned int len);
+
+struct DESContextStr {
+    /* key schedule, 16 internal keys, each with 8 6-bit parts */
+    HALF ks0 [32];
+    HALF ks1 [32];
+    HALF ks2 [32];
+    HALF iv  [2];
+    DESDirection direction;
+    DESFunc  *worker;
+};
+
+void DES_MakeSchedule( HALF * ks, const BYTE * key,   DESDirection direction);
+void DES_Do1Block(     HALF * ks, const BYTE * inbuf, BYTE * outbuf);
+
+#endif
diff --git a/security/nss/lib/freebl/desblapi.c b/security/nss/lib/freebl/desblapi.c
new file mode 100644
index 000000000..b9b3288ac
--- /dev/null
+++ b/security/nss/lib/freebl/desblapi.c
@@ -0,0 +1,301 @@
+/*
+ *  desblapi.c
+ *
+ *  core source file for DES-150 library
+ *  Implement DES Modes of Operation and Triple-DES.
+ *  Adapt DES-150 to blapi API.
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the DES-150 library.
+ *
+ * The Initial Developer of the Original Code is
+ * Nelson B. Bolyard, nelsonb@iname.com.
+ * Portions created by the Initial Developer are Copyright (C) 1990
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "des.h"
+#include <stddef.h>
+#include "secerr.h"
+
+#if defined(_X86_)
+/* Intel X86 CPUs do unaligned loads and stores without complaint. */
+#define COPY8B(to, from, ptr) \
+    	HALFPTR(to)[0] = HALFPTR(from)[0]; \
+    	HALFPTR(to)[1] = HALFPTR(from)[1]; 
+#elif defined(USE_MEMCPY)
+#define COPY8B(to, from, ptr) memcpy(to, from, 8)
+#else
+#define COPY8B(to, from, ptr) \
+    if (((ptrdiff_t)(ptr) & 0x3) == 0) { \
+    	HALFPTR(to)[0] = HALFPTR(from)[0]; \
+    	HALFPTR(to)[1] = HALFPTR(from)[1]; \
+    } else if (((ptrdiff_t)(ptr) & 0x1) == 0) { \
+    	SHORTPTR(to)[0] = SHORTPTR(from)[0]; \
+    	SHORTPTR(to)[1] = SHORTPTR(from)[1]; \
+    	SHORTPTR(to)[2] = SHORTPTR(from)[2]; \
+    	SHORTPTR(to)[3] = SHORTPTR(from)[3]; \
+    } else { \
+    	BYTEPTR(to)[0] = BYTEPTR(from)[0]; \
+    	BYTEPTR(to)[1] = BYTEPTR(from)[1]; \
+    	BYTEPTR(to)[2] = BYTEPTR(from)[2]; \
+    	BYTEPTR(to)[3] = BYTEPTR(from)[3]; \
+    	BYTEPTR(to)[4] = BYTEPTR(from)[4]; \
+    	BYTEPTR(to)[5] = BYTEPTR(from)[5]; \
+    	BYTEPTR(to)[6] = BYTEPTR(from)[6]; \
+    	BYTEPTR(to)[7] = BYTEPTR(from)[7]; \
+    } 
+#endif
+#define COPY8BTOHALF(to, from) COPY8B(to, from, from)
+#define COPY8BFROMHALF(to, from) COPY8B(to, from, to)
+
+static void 
+DES_ECB(DESContext *cx, BYTE *out, const BYTE *in, unsigned int len)
+{
+    while (len) {
+	DES_Do1Block(cx->ks0, in, out);
+	len -= 8;
+	in  += 8;
+	out += 8;
+    }
+}
+
+static void 
+DES_EDE3_ECB(DESContext *cx, BYTE *out, const BYTE *in, unsigned int len)
+{
+    while (len) {
+	DES_Do1Block(cx->ks0,  in, out);
+	len -= 8;
+	in  += 8;
+	DES_Do1Block(cx->ks1, out, out);
+	DES_Do1Block(cx->ks2, out, out);
+	out += 8;
+    }
+}
+
+static void 
+DES_CBCEn(DESContext *cx, BYTE *out, const BYTE *in, unsigned int len)
+{
+    const BYTE * bufend = in + len;
+    HALF  vec[2];
+
+    while (in != bufend) {
+	COPY8BTOHALF(vec, in);
+	in += 8;
+	vec[0] ^= cx->iv[0];
+	vec[1] ^= cx->iv[1];
+	DES_Do1Block( cx->ks0, (BYTE *)vec, (BYTE *)cx->iv);
+	COPY8BFROMHALF(out, cx->iv);
+	out += 8;
+    }
+}
+
+static void 
+DES_CBCDe(DESContext *cx, BYTE *out, const BYTE *in, unsigned int len)
+{
+    const BYTE * bufend;
+    HALF oldciphertext[2];
+    HALF plaintext    [2];
+
+    for (bufend = in + len; in != bufend; ) {
+	oldciphertext[0] = cx->iv[0];
+	oldciphertext[1] = cx->iv[1];
+	COPY8BTOHALF(cx->iv, in);
+	in += 8;
+	DES_Do1Block(cx->ks0, (BYTE *)cx->iv, (BYTE *)plaintext);
+	plaintext[0] ^= oldciphertext[0];
+	plaintext[1] ^= oldciphertext[1];
+	COPY8BFROMHALF(out, plaintext);
+	out += 8;
+    }
+}
+
+static void 
+DES_EDE3CBCEn(DESContext *cx, BYTE *out, const BYTE *in, unsigned int len)
+{
+    const BYTE * bufend = in + len;
+    HALF  vec[2];
+
+    while (in != bufend) {
+	COPY8BTOHALF(vec, in);
+	in += 8;
+	vec[0] ^= cx->iv[0];
+	vec[1] ^= cx->iv[1];
+	DES_Do1Block( cx->ks0, (BYTE *)vec,    (BYTE *)cx->iv);
+	DES_Do1Block( cx->ks1, (BYTE *)cx->iv, (BYTE *)cx->iv);
+	DES_Do1Block( cx->ks2, (BYTE *)cx->iv, (BYTE *)cx->iv);
+	COPY8BFROMHALF(out, cx->iv);
+	out += 8;
+    }
+}
+
+static void 
+DES_EDE3CBCDe(DESContext *cx, BYTE *out, const BYTE *in, unsigned int len)
+{
+    const BYTE * bufend;
+    HALF oldciphertext[2];
+    HALF plaintext    [2];
+
+    for (bufend = in + len; in != bufend; ) {
+	oldciphertext[0] = cx->iv[0];
+	oldciphertext[1] = cx->iv[1];
+	COPY8BTOHALF(cx->iv, in);
+	in += 8;
+	DES_Do1Block(cx->ks0, (BYTE *)cx->iv,    (BYTE *)plaintext);
+	DES_Do1Block(cx->ks1, (BYTE *)plaintext, (BYTE *)plaintext);
+	DES_Do1Block(cx->ks2, (BYTE *)plaintext, (BYTE *)plaintext);
+	plaintext[0] ^= oldciphertext[0];
+	plaintext[1] ^= oldciphertext[1];
+	COPY8BFROMHALF(out, plaintext);
+	out += 8;
+    }
+}
+
+DESContext *
+DES_AllocateContext(void)
+{
+    return PORT_ZNew(DESContext);
+}
+
+SECStatus   
+DES_InitContext(DESContext *cx, const unsigned char *key, unsigned int keylen,
+	        const unsigned char *iv, int mode, unsigned int encrypt,
+	        unsigned int unused)
+{
+    DESDirection opposite;
+    if (!cx) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+    	return SECFailure;
+    }
+    cx->direction = encrypt ? DES_ENCRYPT : DES_DECRYPT;
+    opposite      = encrypt ? DES_DECRYPT : DES_ENCRYPT;
+    switch (mode) {
+    case NSS_DES:	/* DES ECB */
+	DES_MakeSchedule( cx->ks0, key, cx->direction);
+	cx->worker = &DES_ECB;
+	break;
+
+    case NSS_DES_EDE3:	/* DES EDE ECB */
+	cx->worker = &DES_EDE3_ECB;
+	if (encrypt) {
+	    DES_MakeSchedule(cx->ks0, key,      cx->direction);
+	    DES_MakeSchedule(cx->ks1, key +  8, opposite);
+	    DES_MakeSchedule(cx->ks2, key + 16, cx->direction);
+	} else {
+	    DES_MakeSchedule(cx->ks2, key,      cx->direction);
+	    DES_MakeSchedule(cx->ks1, key +  8, opposite);
+	    DES_MakeSchedule(cx->ks0, key + 16, cx->direction);
+	}
+	break;
+
+    case NSS_DES_CBC:	/* DES CBC */
+	COPY8BTOHALF(cx->iv, iv);
+	cx->worker = encrypt ? &DES_CBCEn : &DES_CBCDe;
+	DES_MakeSchedule(cx->ks0, key, cx->direction);
+	break;
+
+    case NSS_DES_EDE3_CBC:	/* DES EDE CBC */
+	COPY8BTOHALF(cx->iv, iv);
+	if (encrypt) {
+	    cx->worker = &DES_EDE3CBCEn;
+	    DES_MakeSchedule(cx->ks0, key,      cx->direction);
+	    DES_MakeSchedule(cx->ks1, key +  8, opposite);
+	    DES_MakeSchedule(cx->ks2, key + 16, cx->direction);
+	} else {
+	    cx->worker = &DES_EDE3CBCDe;
+	    DES_MakeSchedule(cx->ks2, key,      cx->direction);
+	    DES_MakeSchedule(cx->ks1, key +  8, opposite);
+	    DES_MakeSchedule(cx->ks0, key + 16, cx->direction);
+	}
+	break;
+
+    default:
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+    return SECSuccess;
+}
+
+DESContext *
+DES_CreateContext(const BYTE * key, const BYTE *iv, int mode, PRBool encrypt)
+{
+    DESContext *cx = PORT_ZNew(DESContext);
+    SECStatus rv   = DES_InitContext(cx, key, 0, iv, mode, encrypt, 0);
+
+    if (rv != SECSuccess) {
+    	PORT_ZFree(cx, sizeof *cx);
+	cx = NULL;
+    }
+    return cx;
+}
+
+void
+DES_DestroyContext(DESContext *cx, PRBool freeit)
+{
+    if (cx) {
+    	memset(cx, 0, sizeof *cx);
+	if (freeit)
+	    PORT_Free(cx);
+    }
+}
+
+SECStatus
+DES_Encrypt(DESContext *cx, BYTE *out, unsigned int *outLen,
+            unsigned int maxOutLen, const BYTE *in, unsigned int inLen)
+{
+
+    if (inLen < 0 || (inLen % 8) != 0 || maxOutLen < inLen || !cx || 
+        cx->direction != DES_ENCRYPT) {
+    	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+
+    cx->worker(cx, out, in, inLen);
+    if (outLen)
+	*outLen = inLen;
+    return SECSuccess;
+}
+
+SECStatus
+DES_Decrypt(DESContext *cx, BYTE *out, unsigned int *outLen,
+            unsigned int maxOutLen, const BYTE *in, unsigned int inLen)
+{
+
+    if (inLen < 0 || (inLen % 8) != 0 || maxOutLen < inLen || !cx || 
+        cx->direction != DES_DECRYPT) {
+    	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+
+    cx->worker(cx, out, in, inLen);
+    if (outLen)
+	*outLen = inLen;
+    return SECSuccess;
+}
diff --git a/security/nss/lib/freebl/dh.c b/security/nss/lib/freebl/dh.c
new file mode 100644
index 000000000..4f9a3a746
--- /dev/null
+++ b/security/nss/lib/freebl/dh.c
@@ -0,0 +1,388 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+/*
+ * Diffie-Hellman parameter generation, key generation, and secret derivation.
+ * KEA secret generation and verification.
+ *
+ * $Id$
+ */
+
+#include "prerr.h"
+#include "secerr.h"
+
+#include "blapi.h"
+#include "secitem.h"
+#include "mpi.h"
+#include "mpprime.h"
+#include "secmpi.h"
+
+#define DH_SECRET_KEY_LEN      20
+#define KEA_DERIVED_SECRET_LEN 128
+
+SECStatus 
+DH_GenParam(int primeLen, DHParams **params)
+{
+    PRArenaPool *arena;
+    DHParams *dhparams;
+    unsigned char *pb = NULL;
+    unsigned char *ab = NULL;
+    unsigned long counter = 0;
+    mp_int p, q, a, h, psub1, test;
+    mp_err err = MP_OKAY;
+    SECStatus rv = SECSuccess;
+    if (!params || primeLen < 0) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+    arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+	PORT_SetError(SEC_ERROR_NO_MEMORY);
+	return SECFailure;
+    }
+    dhparams = (DHParams *)PORT_ArenaZAlloc(arena, sizeof(DHParams));
+    if (!dhparams) {
+	PORT_SetError(SEC_ERROR_NO_MEMORY);
+	PORT_FreeArena(arena, PR_TRUE);
+	return SECFailure;
+    }
+    dhparams->arena = arena;
+    MP_DIGITS(&p) = 0;
+    MP_DIGITS(&q) = 0;
+    MP_DIGITS(&a) = 0;
+    MP_DIGITS(&h) = 0;
+    MP_DIGITS(&psub1) = 0;
+    MP_DIGITS(&test) = 0;
+    CHECK_MPI_OK( mp_init(&p) );
+    CHECK_MPI_OK( mp_init(&q) );
+    CHECK_MPI_OK( mp_init(&a) );
+    CHECK_MPI_OK( mp_init(&h) );
+    CHECK_MPI_OK( mp_init(&psub1) );
+    CHECK_MPI_OK( mp_init(&test) );
+    /* generate prime with MPI, uses Miller-Rabin to generate strong prime. */
+    pb = PORT_Alloc(primeLen);
+    CHECK_SEC_OK( RNG_GenerateGlobalRandomBytes(pb, primeLen) );
+    pb[0]          |= 0x80; /* set high-order bit */
+    pb[primeLen-1] |= 0x01; /* set low-order bit  */
+    CHECK_MPI_OK( mp_read_unsigned_octets(&p, pb, primeLen) );
+    CHECK_MPI_OK( mpp_make_prime(&p, primeLen * 8, PR_TRUE, &counter) );
+    /* construct Sophie-Germain prime q = (p-1)/2. */
+    CHECK_MPI_OK( mp_sub_d(&p, 1, &psub1) );
+    CHECK_MPI_OK( mp_div_2(&psub1, &q)    );
+    /* construct a generator from the prime. */
+    ab = PORT_Alloc(primeLen);
+    /* generate a candidate number a in p's field */
+    CHECK_SEC_OK( RNG_GenerateGlobalRandomBytes(ab, primeLen) );
+    CHECK_MPI_OK( mp_read_unsigned_octets(&a, ab, primeLen) );
+    /* force a < p (note that quot(a/p) <= 1) */
+    if ( mp_cmp(&a, &p) > 0 )
+	CHECK_MPI_OK( mp_sub(&a, &p, &a) );
+    do {
+	/* check that a is in the range [2..p-1] */
+	if ( mp_cmp_d(&a, 2) < 0 || mp_cmp(&a, &psub1) >= 0) {
+	    /* a is outside of the allowed range.  Set a=3 and keep going. */
+            mp_set(&a, 3);
+	}
+	/* if a**q mod p != 1 then a is a generator */
+	CHECK_MPI_OK( mp_exptmod(&a, &q, &p, &test) );
+	if ( mp_cmp_d(&test, 1) != 0 )
+	    break;
+	/* increment the candidate and try again. */
+	CHECK_MPI_OK( mp_add_d(&a, 1, &a) );
+    } while (PR_TRUE);
+    MPINT_TO_SECITEM(&p, &dhparams->prime, arena);
+    MPINT_TO_SECITEM(&a, &dhparams->base, arena);
+    *params = dhparams;
+cleanup:
+    mp_clear(&p);
+    mp_clear(&q);
+    mp_clear(&a);
+    mp_clear(&h);
+    mp_clear(&psub1);
+    mp_clear(&test);
+    if (pb) PORT_ZFree(pb, primeLen);
+    if (ab) PORT_ZFree(ab, primeLen);
+    if (err) {
+	MP_TO_SEC_ERROR(err);
+	rv = SECFailure;
+    }
+    if (rv)
+	PORT_FreeArena(arena, PR_TRUE);
+    return rv;
+}
+
+SECStatus 
+DH_NewKey(DHParams *params, DHPrivateKey **privKey)
+{
+    PRArenaPool *arena;
+    DHPrivateKey *key;
+    mp_int g, xa, p, Ya;
+    mp_err   err = MP_OKAY;
+    SECStatus rv = SECSuccess;
+    if (!params || !privKey) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+    arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+	PORT_SetError(SEC_ERROR_NO_MEMORY);
+	return SECFailure;
+    }
+    key = (DHPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(DHPrivateKey));
+    if (!key) {
+	PORT_SetError(SEC_ERROR_NO_MEMORY);
+	PORT_FreeArena(arena, PR_TRUE);
+	return SECFailure;
+    }
+    key->arena = arena;
+    MP_DIGITS(&g)  = 0;
+    MP_DIGITS(&xa) = 0;
+    MP_DIGITS(&p)  = 0;
+    MP_DIGITS(&Ya) = 0;
+    CHECK_MPI_OK( mp_init(&g)  );
+    CHECK_MPI_OK( mp_init(&xa) );
+    CHECK_MPI_OK( mp_init(&p)  );
+    CHECK_MPI_OK( mp_init(&Ya) );
+    /* Set private key's p */
+    CHECK_SEC_OK( SECITEM_CopyItem(arena, &key->prime, &params->prime) );
+    SECITEM_TO_MPINT(key->prime, &p);
+    /* Set private key's g */
+    CHECK_SEC_OK( SECITEM_CopyItem(arena, &key->base, &params->base) );
+    SECITEM_TO_MPINT(key->base, &g);
+    /* Generate private key xa */
+    SECITEM_AllocItem(arena, &key->privateValue, DH_SECRET_KEY_LEN);
+    RNG_GenerateGlobalRandomBytes(key->privateValue.data, 
+                                  key->privateValue.len);
+    SECITEM_TO_MPINT( key->privateValue, &xa );
+    /* xa < p */
+    CHECK_MPI_OK( mp_mod(&xa, &p, &xa) );
+    /* Compute public key Ya = g ** xa mod p */
+    CHECK_MPI_OK( mp_exptmod(&g, &xa, &p, &Ya) );
+    MPINT_TO_SECITEM(&Ya, &key->publicValue, key->arena);
+    *privKey = key;
+cleanup:
+    mp_clear(&g);
+    mp_clear(&xa);
+    mp_clear(&p);
+    mp_clear(&Ya);
+    if (err) {
+	MP_TO_SEC_ERROR(err);
+	rv = SECFailure;
+    }
+    if (rv)
+	PORT_FreeArena(arena, PR_TRUE);
+    return rv;
+}
+
+SECStatus 
+DH_Derive(SECItem *publicValue, 
+          SECItem *prime, 
+          SECItem *privateValue, 
+          SECItem *derivedSecret, 
+          unsigned int maxOutBytes)
+{
+    mp_int p, Xa, Yb, ZZ;
+    mp_err err = MP_OKAY;
+    unsigned int len = 0, nb;
+    unsigned char *secret = NULL;
+    if (!publicValue || !prime || !privateValue || !derivedSecret) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+    memset(derivedSecret, 0, sizeof *derivedSecret);
+    MP_DIGITS(&p)  = 0;
+    MP_DIGITS(&Xa) = 0;
+    MP_DIGITS(&Yb) = 0;
+    MP_DIGITS(&ZZ) = 0;
+    CHECK_MPI_OK( mp_init(&p)  );
+    CHECK_MPI_OK( mp_init(&Xa) );
+    CHECK_MPI_OK( mp_init(&Yb) );
+    CHECK_MPI_OK( mp_init(&ZZ) );
+    SECITEM_TO_MPINT(*publicValue,  &Yb);
+    SECITEM_TO_MPINT(*privateValue, &Xa);
+    SECITEM_TO_MPINT(*prime,        &p);
+    /* ZZ = (Yb)**Xa mod p */
+    CHECK_MPI_OK( mp_exptmod(&Yb, &Xa, &p, &ZZ) );
+    /* number of bytes in the derived secret */
+    len = mp_unsigned_octet_size(&ZZ);
+    /* allocate a buffer which can hold the entire derived secret. */
+    secret = PORT_Alloc(len);
+    /* grab the derived secret */
+    err = mp_to_unsigned_octets(&ZZ, secret, len);
+    if (err >= 0) err = MP_OKAY;
+    /* Take minimum of bytes requested and bytes in derived secret,
+    ** if maxOutBytes is 0 take all of the bytes from the derived secret.
+    */
+    if (maxOutBytes > 0)
+	nb = PR_MIN(len, maxOutBytes);
+    else
+	nb = len;
+    SECITEM_AllocItem(NULL, derivedSecret, nb);
+    memcpy(derivedSecret->data, secret, nb);
+cleanup:
+    mp_clear(&p);
+    mp_clear(&Xa);
+    mp_clear(&Yb);
+    mp_clear(&ZZ);
+    if (secret) {
+	/* free the buffer allocated for the full secret. */
+	PORT_ZFree(secret, len);
+    }
+    if (err) {
+	MP_TO_SEC_ERROR(err);
+	if (derivedSecret->data) 
+	    PORT_ZFree(derivedSecret->data, derivedSecret->len);
+	return SECFailure;
+    }
+    return SECSuccess;
+}
+
+SECStatus 
+KEA_Derive(SECItem *prime, 
+           SECItem *public1, 
+           SECItem *public2, 
+           SECItem *private1, 
+           SECItem *private2,
+           SECItem *derivedSecret)
+{
+    mp_int p, Y, R, r, x, t, u, w;
+    mp_err err;
+    unsigned char *secret = NULL;
+    unsigned int len = 0, offset;
+    if (!prime || !public1 || !public2 || !private1 || !private2 ||
+        !derivedSecret) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+    memset(derivedSecret, 0, sizeof *derivedSecret);
+    MP_DIGITS(&p) = 0;
+    MP_DIGITS(&Y) = 0;
+    MP_DIGITS(&R) = 0;
+    MP_DIGITS(&r) = 0;
+    MP_DIGITS(&x) = 0;
+    MP_DIGITS(&t) = 0;
+    MP_DIGITS(&u) = 0;
+    MP_DIGITS(&w) = 0;
+    CHECK_MPI_OK( mp_init(&p) );
+    CHECK_MPI_OK( mp_init(&Y) );
+    CHECK_MPI_OK( mp_init(&R) );
+    CHECK_MPI_OK( mp_init(&r) );
+    CHECK_MPI_OK( mp_init(&x) );
+    CHECK_MPI_OK( mp_init(&t) );
+    CHECK_MPI_OK( mp_init(&u) );
+    CHECK_MPI_OK( mp_init(&w) );
+    SECITEM_TO_MPINT(*prime,    &p);
+    SECITEM_TO_MPINT(*public1,  &Y);
+    SECITEM_TO_MPINT(*public2,  &R);
+    SECITEM_TO_MPINT(*private1, &r);
+    SECITEM_TO_MPINT(*private2, &x);
+    /* t = DH(Y, r, p) = Y ** r mod p */
+    CHECK_MPI_OK( mp_exptmod(&Y, &r, &p, &t) );
+    /* u = DH(R, x, p) = R ** x mod p */
+    CHECK_MPI_OK( mp_exptmod(&R, &x, &p, &u) );
+    /* w = (t + u) mod p */
+    CHECK_MPI_OK( mp_addmod(&t, &u, &p, &w) );
+    /* allocate a buffer for the full derived secret */
+    len = mp_unsigned_octet_size(&w);
+    secret = PORT_Alloc(len);
+    /* grab the secret */
+    err = mp_to_unsigned_octets(&w, secret, len);
+    if (err > 0) err = MP_OKAY;
+    /* allocate output buffer */
+    SECITEM_AllocItem(NULL, derivedSecret, KEA_DERIVED_SECRET_LEN);
+    memset(derivedSecret->data, 0, derivedSecret->len);
+    /* copy in the 128 lsb of the secret */
+    if (len >= KEA_DERIVED_SECRET_LEN) {
+	memcpy(derivedSecret->data, secret + (len - KEA_DERIVED_SECRET_LEN),
+	       KEA_DERIVED_SECRET_LEN);
+    } else {
+	offset = KEA_DERIVED_SECRET_LEN - len;
+	memcpy(derivedSecret->data + offset, secret, len);
+    }
+cleanup:
+    mp_clear(&p);
+    mp_clear(&Y);
+    mp_clear(&R);
+    mp_clear(&r);
+    mp_clear(&x);
+    mp_clear(&t);
+    mp_clear(&u);
+    mp_clear(&w);
+    if (secret)
+	PORT_ZFree(secret, len);
+    if (err) {
+	MP_TO_SEC_ERROR(err);
+	return SECFailure;
+    }
+    return SECSuccess;
+}
+
+PRBool 
+KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime)
+{
+    mp_int p, q, y, r;
+    mp_err err;
+    int cmp = 1;  /* default is false */
+    if (!Y || !prime || !subPrime) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+    MP_DIGITS(&p) = 0;
+    MP_DIGITS(&q) = 0;
+    MP_DIGITS(&y) = 0;
+    MP_DIGITS(&r) = 0;
+    CHECK_MPI_OK( mp_init(&p) );
+    CHECK_MPI_OK( mp_init(&q) );
+    CHECK_MPI_OK( mp_init(&y) );
+    CHECK_MPI_OK( mp_init(&r) );
+    SECITEM_TO_MPINT(*prime,    &p);
+    SECITEM_TO_MPINT(*subPrime, &q);
+    SECITEM_TO_MPINT(*Y,        &y);
+    /* compute r = y**q mod p */
+    CHECK_MPI_OK( mp_exptmod(&y, &q, &p, &r) );
+    /* compare to 1 */
+    cmp = mp_cmp_d(&r, 1);
+cleanup:
+    mp_clear(&p);
+    mp_clear(&q);
+    mp_clear(&y);
+    mp_clear(&r);
+    if (err) {
+	MP_TO_SEC_ERROR(err);
+	return PR_FALSE;
+    }
+    return (cmp == 0) ? PR_TRUE : PR_FALSE;
+}
diff --git a/security/nss/lib/freebl/dsa.c b/security/nss/lib/freebl/dsa.c
new file mode 100644
index 000000000..7f4c42863
--- /dev/null
+++ b/security/nss/lib/freebl/dsa.c
@@ -0,0 +1,450 @@
+/*
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include "secerr.h"
+
+#include "prtypes.h"
+#include "prinit.h"
+#include "blapi.h"
+#include "nssilock.h"
+#include "secitem.h"
+#include "blapi.h"
+#include "mpi.h"
+#include "secmpi.h"
+
+ /* XXX to be replaced by define in blapit.h */
+#define NSS_FREEBL_DSA_DEFAULT_CHUNKSIZE 2048
+
+/* DSA-specific random number function defined in prng_fips1861.c. */
+extern SECStatus 
+DSA_GenerateGlobalRandomBytes(void *dest, size_t len, const unsigned char *q);
+
+static void translate_mpi_error(mp_err err)
+{
+    MP_TO_SEC_ERROR(err);
+}
+
+SECStatus 
+dsa_NewKey(const PQGParams *params, DSAPrivateKey **privKey, 
+           const unsigned char *xb)
+{
+    mp_int p, g;
+    mp_int x, y;
+    mp_err err;
+    PRArenaPool *arena;
+    DSAPrivateKey *key;
+    /* Check args. */
+    if (!params || !privKey) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+    /* Initialize an arena for the DSA key. */
+    arena = PORT_NewArena(NSS_FREEBL_DSA_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+	PORT_SetError(SEC_ERROR_NO_MEMORY);
+	return SECFailure;
+    }
+    key = (DSAPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(DSAPrivateKey));
+    if (!key) {
+	PORT_SetError(SEC_ERROR_NO_MEMORY);
+	PORT_FreeArena(arena, PR_TRUE);
+	return SECFailure;
+    }
+    key->params.arena = arena;
+    /* Initialize MPI integers. */
+    MP_DIGITS(&p) = 0;
+    MP_DIGITS(&g) = 0;
+    MP_DIGITS(&x) = 0;
+    MP_DIGITS(&y) = 0;
+    CHECK_MPI_OK( mp_init(&p) );
+    CHECK_MPI_OK( mp_init(&g) );
+    CHECK_MPI_OK( mp_init(&x) );
+    CHECK_MPI_OK( mp_init(&y) );
+    /* Copy over the PQG params */
+    CHECK_MPI_OK( SECITEM_CopyItem(arena, &key->params.prime,
+                                          &params->prime) );
+    CHECK_MPI_OK( SECITEM_CopyItem(arena, &key->params.subPrime,
+                                          &params->subPrime) );
+    CHECK_MPI_OK( SECITEM_CopyItem(arena, &key->params.base, &params->base) );
+    /* Convert stored p, g, and received x into MPI integers. */
+    SECITEM_TO_MPINT(params->prime, &p);
+    SECITEM_TO_MPINT(params->base,  &g);
+    OCTETS_TO_MPINT(xb, &x, DSA_SUBPRIME_LEN);
+    /* Store x in private key */
+    SECITEM_AllocItem(arena, &key->privateValue, DSA_SUBPRIME_LEN);
+    memcpy(key->privateValue.data, xb, DSA_SUBPRIME_LEN);
+    /* Compute public key y = g**x mod p */
+    CHECK_MPI_OK( mp_exptmod(&g, &x, &p, &y) );
+    /* Store y in public key */
+    MPINT_TO_SECITEM(&y, &key->publicValue, arena);
+    *privKey = key;
+    key = NULL;
+cleanup:
+    mp_clear(&p);
+    mp_clear(&g);
+    mp_clear(&x);
+    mp_clear(&y);
+    if (key)
+	PORT_FreeArena(key->params.arena, PR_TRUE);
+    if (err) {
+	translate_mpi_error(err);
+	return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/*
+** Generate and return a new DSA public and private key pair,
+**	both of which are encoded into a single DSAPrivateKey struct.
+**	"params" is a pointer to the PQG parameters for the domain
+**	Uses a random seed.
+*/
+SECStatus 
+DSA_NewKey(const PQGParams *params, DSAPrivateKey **privKey)
+{
+    SECStatus rv;
+    unsigned char seed[DSA_SUBPRIME_LEN];
+    int retries = 10;
+    int i;
+    PRBool good;
+
+    do {
+	/* Generate seed bytes for x according to FIPS 186-1 appendix 3 */
+	if (DSA_GenerateGlobalRandomBytes(seed, DSA_SUBPRIME_LEN,
+					  params->subPrime.data))
+	    return SECFailure;
+	/* Disallow values of 0 and 1 for x. */
+	good = PR_FALSE;
+	for (i = 0; i < DSA_SUBPRIME_LEN-1; i++) {
+	    if (seed[i] != 0) {
+		good = PR_TRUE;
+		break;
+	    }
+	}
+	if (!good && seed[i] > 1) {
+	    good = PR_TRUE;
+	}
+    } while (!good && --retries > 0);
+
+    if (!good) {
+	PORT_SetError(SEC_ERROR_NEED_RANDOM);
+	return SECFailure;
+    }
+
+    /* Generate a new DSA key using random seed. */
+    rv = dsa_NewKey(params, privKey, seed);
+    return rv;
+}
+
+/* For FIPS compliance testing. Seed must be exactly 20 bytes long */
+SECStatus 
+DSA_NewKeyFromSeed(const PQGParams *params, 
+                   const unsigned char *seed,
+                   DSAPrivateKey **privKey)
+{
+    SECStatus rv;
+    rv = dsa_NewKey(params, privKey, seed);
+    return rv;
+}
+
+static SECStatus 
+dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest,
+               const unsigned char *kb)
+{
+    mp_int p, q, g;  /* PQG parameters */
+    mp_int x, k;     /* private key & pseudo-random integer */
+    mp_int r, s;     /* tuple (r, s) is signature) */
+    mp_err err   = MP_OKAY;
+    SECStatus rv = SECSuccess;
+
+    /* FIPS-compliance dictates that digest is a SHA1 hash. */
+    /* Check args. */
+    if (!key || !signature || !digest ||
+        (signature->len < DSA_SIGNATURE_LEN) ||
+	(digest->len != SHA1_LENGTH)) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+
+    /* Initialize MPI integers. */
+    MP_DIGITS(&p) = 0;
+    MP_DIGITS(&q) = 0;
+    MP_DIGITS(&g) = 0;
+    MP_DIGITS(&x) = 0;
+    MP_DIGITS(&k) = 0;
+    MP_DIGITS(&r) = 0;
+    MP_DIGITS(&s) = 0;
+    CHECK_MPI_OK( mp_init(&p) );
+    CHECK_MPI_OK( mp_init(&q) );
+    CHECK_MPI_OK( mp_init(&g) );
+    CHECK_MPI_OK( mp_init(&x) );
+    CHECK_MPI_OK( mp_init(&k) );
+    CHECK_MPI_OK( mp_init(&r) );
+    CHECK_MPI_OK( mp_init(&s) );
+    /*
+    ** Convert stored PQG and private key into MPI integers.
+    */
+    SECITEM_TO_MPINT(key->params.prime,    &p);
+    SECITEM_TO_MPINT(key->params.subPrime, &q);
+    SECITEM_TO_MPINT(key->params.base,     &g);
+    SECITEM_TO_MPINT(key->privateValue,    &x);
+    OCTETS_TO_MPINT(kb, &k, DSA_SUBPRIME_LEN);
+    /*
+    ** FIPS 186-1, Section 5, Step 1
+    **
+    ** r = (g**k mod p) mod q
+    */
+    CHECK_MPI_OK( mp_exptmod(&g, &k, &p, &r) ); /* r = g**k mod p */
+    CHECK_MPI_OK(     mp_mod(&r, &q, &r) );     /* r = r mod q    */
+    /*                                  
+    ** FIPS 186-1, Section 5, Step 2
+    **
+    ** s = (k**-1 * (SHA1(M) + x*r)) mod q
+    */
+    SECITEM_TO_MPINT(*digest, &s);         /* s = SHA1(M)     */
+    CHECK_MPI_OK( mp_invmod(&k, &q, &k) );      /* k = k**-1 mod q */
+    CHECK_MPI_OK( mp_mulmod(&x, &r, &q, &x) );  /* x = x * r mod q */
+    CHECK_MPI_OK( mp_addmod(&s, &x, &q, &s) );  /* s = s + x mod q */
+    CHECK_MPI_OK( mp_mulmod(&s, &k, &q, &s) );  /* s = s * k mod q */
+    /*
+    ** verify r != 0 and s != 0
+    ** mentioned as optional in FIPS 186-1.
+    */
+    if (mp_cmp_z(&r) == 0 || mp_cmp_z(&s) == 0) {
+	PORT_SetError(SEC_ERROR_NEED_RANDOM);
+	rv = SECFailure;
+	goto cleanup;
+    }
+    /*
+    ** Step 4
+    **
+    ** Signature is tuple (r, s)
+    */
+    err = mp_to_fixlen_octets(&r, signature->data, DSA_SUBPRIME_LEN);
+    if (err < 0) goto cleanup; 
+    err = mp_to_fixlen_octets(&s, signature->data + DSA_SUBPRIME_LEN, 
+                                  DSA_SUBPRIME_LEN);
+    if (err < 0) goto cleanup; 
+    err = MP_OKAY;
+    signature->len = DSA_SIGNATURE_LEN;
+cleanup:
+    mp_clear(&p);
+    mp_clear(&q);
+    mp_clear(&g);
+    mp_clear(&x);
+    mp_clear(&k);
+    mp_clear(&r);
+    mp_clear(&s);
+    if (err) {
+	translate_mpi_error(err);
+	rv = SECFailure;
+    }
+    return rv;
+}
+
+/* signature is caller-supplied buffer of at least 40 bytes.
+** On input,  signature->len == size of buffer to hold signature.
+**            digest->len    == size of digest.
+** On output, signature->len == size of signature in buffer.
+** Uses a random seed.
+*/
+SECStatus 
+DSA_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest)
+{
+    SECStatus rv;
+    int       retries = 10;
+    unsigned char kSeed[DSA_SUBPRIME_LEN];
+    int       i;
+    PRBool    good;
+
+    PORT_SetError(0);
+    do {
+	rv = DSA_GenerateGlobalRandomBytes(kSeed, DSA_SUBPRIME_LEN, 
+					   key->params.subPrime.data);
+	if (rv != SECSuccess) 
+	    break;
+	/* Disallow a value of 0 for k. */
+	good = PR_FALSE;
+	for (i = 0; i < DSA_SUBPRIME_LEN; i++) {
+	    if (kSeed[i] != 0) {
+		good = PR_TRUE;
+		break;
+	    }
+	}
+	if (!good) {
+	    PORT_SetError(SEC_ERROR_NEED_RANDOM);
+	    rv = SECFailure;
+	    continue;
+	}
+	rv = dsa_SignDigest(key, signature, digest, kSeed);
+    } while (rv != SECSuccess && PORT_GetError() == SEC_ERROR_NEED_RANDOM &&
+	     --retries > 0);
+    return rv;
+}
+
+/* For FIPS compliance testing. Seed must be exactly 20 bytes. */
+SECStatus 
+DSA_SignDigestWithSeed(DSAPrivateKey * key,
+                       SECItem *       signature,
+                       const SECItem * digest,
+                       const unsigned char * seed)
+{
+    SECStatus rv;
+    rv = dsa_SignDigest(key, signature, digest, seed);
+    return rv;
+}
+
+/* signature is caller-supplied buffer of at least 20 bytes.
+** On input,  signature->len == size of buffer to hold signature.
+**            digest->len    == size of digest.
+*/
+SECStatus 
+DSA_VerifyDigest(DSAPublicKey *key, const SECItem *signature, 
+                 const SECItem *digest)
+{
+    /* FIPS-compliance dictates that digest is a SHA1 hash. */
+    mp_int p, q, g;      /* PQG parameters */
+    mp_int r_, s_;       /* tuple (r', s') is received signature) */
+    mp_int u1, u2, v, w; /* intermediate values used in verification */
+    mp_int y;            /* public key */
+    mp_err err;
+    SECStatus verified = SECFailure;
+
+    /* Check args. */
+    if (!key || !signature || !digest ||
+        (signature->len != DSA_SIGNATURE_LEN) ||
+	(digest->len != SHA1_LENGTH)) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+    /* Initialize MPI integers. */
+    MP_DIGITS(&p)  = 0;
+    MP_DIGITS(&q)  = 0;
+    MP_DIGITS(&g)  = 0;
+    MP_DIGITS(&y)  = 0;
+    MP_DIGITS(&r_) = 0;
+    MP_DIGITS(&s_) = 0;
+    MP_DIGITS(&u1) = 0;
+    MP_DIGITS(&u2) = 0;
+    MP_DIGITS(&v)  = 0;
+    MP_DIGITS(&w)  = 0;
+    CHECK_MPI_OK( mp_init(&p)  );
+    CHECK_MPI_OK( mp_init(&q)  );
+    CHECK_MPI_OK( mp_init(&g)  );
+    CHECK_MPI_OK( mp_init(&y)  );
+    CHECK_MPI_OK( mp_init(&r_) );
+    CHECK_MPI_OK( mp_init(&s_) );
+    CHECK_MPI_OK( mp_init(&u1) );
+    CHECK_MPI_OK( mp_init(&u2) );
+    CHECK_MPI_OK( mp_init(&v)  );
+    CHECK_MPI_OK( mp_init(&w)  );
+    /*
+    ** Convert stored PQG and public key into MPI integers.
+    */
+    SECITEM_TO_MPINT(key->params.prime,    &p);
+    SECITEM_TO_MPINT(key->params.subPrime, &q);
+    SECITEM_TO_MPINT(key->params.base,     &g);
+    SECITEM_TO_MPINT(key->publicValue,     &y);
+    /*
+    ** Convert received signature (r', s') into MPI integers.
+    */
+    OCTETS_TO_MPINT(signature->data, &r_, DSA_SUBPRIME_LEN);
+    OCTETS_TO_MPINT(signature->data + DSA_SUBPRIME_LEN, &s_, DSA_SUBPRIME_LEN);
+    /*
+    ** Verify that 0 < r' < q and 0 < s' < q
+    */
+    if (mp_cmp_z(&r_) <= 0 || mp_cmp_z(&s_) <= 0 ||
+        mp_cmp(&r_, &q) >= 0 || mp_cmp(&s_, &q) >= 0) {
+	/* err is zero here. */
+	PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+	goto cleanup; /* will return verified == SECFailure */
+    }
+    /*
+    ** FIPS 186-1, Section 6, Step 1
+    **
+    ** w = (s')**-1 mod q
+    */
+    CHECK_MPI_OK( mp_invmod(&s_, &q, &w) );      /* w = (s')**-1 mod q */
+    /*
+    ** FIPS 186-1, Section 6, Step 2
+    **
+    ** u1 = ((SHA1(M')) * w) mod q
+    */
+    SECITEM_TO_MPINT(*digest, &u1);              /* u1 = SHA1(M')     */
+    CHECK_MPI_OK( mp_mulmod(&u1, &w, &q, &u1) ); /* u1 = u1 * w mod q */
+    /*
+    ** FIPS 186-1, Section 6, Step 3
+    **
+    ** u2 = ((r') * w) mod q
+    */
+    CHECK_MPI_OK( mp_mulmod(&r_, &w, &q, &u2) );
+    /*
+    ** FIPS 186-1, Section 6, Step 4
+    **
+    ** v = ((g**u1 * y**u2) mod p) mod q
+    */
+    CHECK_MPI_OK( mp_exptmod(&g, &u1, &p, &g) ); /* g = g**u1 mod p */
+    CHECK_MPI_OK( mp_exptmod(&y, &u2, &p, &y) ); /* y = y**u2 mod p */
+    CHECK_MPI_OK(  mp_mulmod(&g, &y, &p, &v)  ); /* v = g * y mod p */
+    CHECK_MPI_OK(     mp_mod(&v, &q, &v)      ); /* v = v mod q     */
+    /*
+    ** Verification:  v == r'
+    */
+    if (mp_cmp(&v, &r_)) {
+	PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+	verified = SECFailure; /* Signature failed to verify. */
+    } else {
+	verified = SECSuccess; /* Signature verified. */
+    }
+cleanup:
+    mp_clear(&p);
+    mp_clear(&q);
+    mp_clear(&g);
+    mp_clear(&y);
+    mp_clear(&r_);
+    mp_clear(&s_);
+    mp_clear(&u1);
+    mp_clear(&u2);
+    mp_clear(&v);
+    mp_clear(&w);
+    if (err) {
+	translate_mpi_error(err);
+    }
+    return verified;
+}
diff --git a/security/nss/lib/freebl/ec.c b/security/nss/lib/freebl/ec.c
new file mode 100644
index 000000000..29409bf4c
--- /dev/null
+++ b/security/nss/lib/freebl/ec.c
@@ -0,0 +1,1076 @@
+/*
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Elliptic Curve Cryptography library.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Dr Vipul Gupta <vipul.gupta@sun.com> and
+ *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "blapi.h"
+#include "prerr.h"
+#include "secerr.h"
+#include "secmpi.h"
+#include "secitem.h"
+#include "mplogic.h"
+#include "ec.h"
+#include "ecl.h"
+
+#ifdef NSS_ENABLE_ECC
+
+/* 
+ * Returns true if pointP is the point at infinity, false otherwise
+ */
+PRBool
+ec_point_at_infinity(SECItem *pointP)
+{
+    unsigned int i;
+
+    for (i = 1; i < pointP->len; i++) {
+	if (pointP->data[i] != 0x00) return PR_FALSE;
+    }
+
+    return PR_TRUE;
+}
+
+/* 
+ * Computes scalar point multiplication pointQ = k1 * G + k2 * pointP for
+ * the curve whose parameters are encoded in params with base point G.
+ */
+SECStatus 
+ec_points_mul(const ECParams *params, const mp_int *k1, const mp_int *k2,
+             const SECItem *pointP, SECItem *pointQ)
+{
+    mp_int Px, Py, Qx, Qy;
+    mp_int Gx, Gy, order, irreducible, a, b;
+#if 0 /* currently don't support non-named curves */
+    unsigned int irr_arr[5];
+#endif
+    ECGroup *group = NULL;
+    SECStatus rv = SECFailure;
+    mp_err err = MP_OKAY;
+    int len;
+
+#if EC_DEBUG
+    int i;
+    char mpstr[256];
+
+    printf("ec_points_mul: params [len=%d]:", params->DEREncoding.len);
+    for (i = 0; i < params->DEREncoding.len; i++) 
+	    printf("%02x:", params->DEREncoding.data[i]);
+    printf("\n");
+
+	if (k1 != NULL) {
+		mp_tohex(k1, mpstr);
+		printf("ec_points_mul: scalar k1: %s\n", mpstr);
+		mp_todecimal(k1, mpstr);
+		printf("ec_points_mul: scalar k1: %s (dec)\n", mpstr);
+	}
+
+	if (k2 != NULL) {
+		mp_tohex(k2, mpstr);
+		printf("ec_points_mul: scalar k2: %s\n", mpstr);
+		mp_todecimal(k2, mpstr);
+		printf("ec_points_mul: scalar k2: %s (dec)\n", mpstr);
+	}
+
+	if (pointP != NULL) {
+		printf("ec_points_mul: pointP [len=%d]:", pointP->len);
+		for (i = 0; i < pointP->len; i++) 
+			printf("%02x:", pointP->data[i]);
+		printf("\n");
+	}
+#endif
+
+	/* NOTE: We only support uncompressed points for now */
+	len = (params->fieldID.size + 7) >> 3;
+	if (pointP != NULL) {
+		if ((pointP->data[0] != EC_POINT_FORM_UNCOMPRESSED) ||
+			(pointP->len != (2 * len + 1))) {
+			return SECFailure;
+		};
+	}
+
+	MP_DIGITS(&Px) = 0;
+	MP_DIGITS(&Py) = 0;
+	MP_DIGITS(&Qx) = 0;
+	MP_DIGITS(&Qy) = 0;
+	MP_DIGITS(&Gx) = 0;
+	MP_DIGITS(&Gy) = 0;
+	MP_DIGITS(&order) = 0;
+	MP_DIGITS(&irreducible) = 0;
+	MP_DIGITS(&a) = 0;
+	MP_DIGITS(&b) = 0;
+	CHECK_MPI_OK( mp_init(&Px) );
+	CHECK_MPI_OK( mp_init(&Py) );
+	CHECK_MPI_OK( mp_init(&Qx) );
+	CHECK_MPI_OK( mp_init(&Qy) );
+	CHECK_MPI_OK( mp_init(&Gx) );
+	CHECK_MPI_OK( mp_init(&Gy) );
+	CHECK_MPI_OK( mp_init(&order) );
+	CHECK_MPI_OK( mp_init(&irreducible) );
+	CHECK_MPI_OK( mp_init(&a) );
+	CHECK_MPI_OK( mp_init(&b) );
+
+	if ((k2 != NULL) && (pointP != NULL)) {
+		/* Initialize Px and Py */
+		CHECK_MPI_OK( mp_read_unsigned_octets(&Px, pointP->data + 1, (mp_size) len) );
+		CHECK_MPI_OK( mp_read_unsigned_octets(&Py, pointP->data + 1 + len, (mp_size) len) );
+	}
+
+	/* construct from named params, if possible */
+	if (params->name != ECCurve_noName) {
+		group = ECGroup_fromName(params->name);
+	}
+
+#if 0 /* currently don't support non-named curves */
+	if (group == NULL) {
+		/* Set up mp_ints containing the curve coefficients */
+		CHECK_MPI_OK( mp_read_unsigned_octets(&Gx, params->base.data + 1, 
+										  (mp_size) len) );
+		CHECK_MPI_OK( mp_read_unsigned_octets(&Gy, params->base.data + 1 + len, 
+										  (mp_size) len) );
+		SECITEM_TO_MPINT( params->order, &order );
+		SECITEM_TO_MPINT( params->curve.a, &a );
+		SECITEM_TO_MPINT( params->curve.b, &b );
+		if (params->fieldID.type == ec_field_GFp) {
+			SECITEM_TO_MPINT( params->fieldID.u.prime, &irreducible );
+			group = ECGroup_consGFp(&irreducible, &a, &b, &Gx, &Gy, &order, params->cofactor);
+		} else {
+			SECITEM_TO_MPINT( params->fieldID.u.poly, &irreducible );
+			irr_arr[0] = params->fieldID.size;
+			irr_arr[1] = params->fieldID.k1;
+			irr_arr[2] = params->fieldID.k2;
+			irr_arr[3] = params->fieldID.k3;
+			irr_arr[4] = 0;
+			group = ECGroup_consGF2m(&irreducible, irr_arr, &a, &b, &Gx, &Gy, &order, params->cofactor);
+		}
+	}
+#endif
+	if (group == NULL)
+		goto cleanup;
+
+	if ((k2 != NULL) && (pointP != NULL)) {
+		CHECK_MPI_OK( ECPoints_mul(group, k1, k2, &Px, &Py, &Qx, &Qy) );
+	} else {
+		CHECK_MPI_OK( ECPoints_mul(group, k1, NULL, NULL, NULL, &Qx, &Qy) );
+    }
+
+    /* Construct the SECItem representation of point Q */
+    pointQ->data[0] = EC_POINT_FORM_UNCOMPRESSED;
+    CHECK_MPI_OK( mp_to_fixlen_octets(&Qx, pointQ->data + 1,
+	                              (mp_size) len) );
+    CHECK_MPI_OK( mp_to_fixlen_octets(&Qy, pointQ->data + 1 + len,
+	                              (mp_size) len) );
+
+    rv = SECSuccess;
+
+#if EC_DEBUG
+    printf("ec_points_mul: pointQ [len=%d]:", pointQ->len);
+    for (i = 0; i < pointQ->len; i++) 
+	    printf("%02x:", pointQ->data[i]);
+    printf("\n");
+#endif
+
+cleanup:
+    ECGroup_free(group);
+    mp_clear(&Px);
+    mp_clear(&Py);
+    mp_clear(&Qx);
+    mp_clear(&Qy);
+    mp_clear(&Gx);
+    mp_clear(&Gy);
+    mp_clear(&order);
+    mp_clear(&irreducible);
+    mp_clear(&a);
+    mp_clear(&b);
+    if (err) {
+	MP_TO_SEC_ERROR(err);
+	rv = SECFailure;
+    }
+
+    return rv;
+}
+#endif /* NSS_ENABLE_ECC */
+
+/* Generates a new EC key pair. The private key is a supplied
+ * value and the public key is the result of performing a scalar 
+ * point multiplication of that value with the curve's base point.
+ */
+SECStatus 
+ec_NewKey(ECParams *ecParams, ECPrivateKey **privKey, 
+    const unsigned char *privKeyBytes, int privKeyLen)
+{
+    SECStatus rv = SECFailure;
+#ifdef NSS_ENABLE_ECC
+    PRArenaPool *arena;
+    ECPrivateKey *key;
+    mp_int k;
+    mp_err err = MP_OKAY;
+    int len;
+
+#if EC_DEBUG
+    printf("ec_NewKey called\n");
+#endif
+
+    if (!ecParams || !privKey || !privKeyBytes || (privKeyLen < 0)) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+
+    /* Initialize an arena for the EC key. */
+    if (!(arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE)))
+	return SECFailure;
+
+    key = (ECPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(ECPrivateKey));
+    if (!key) {
+	PORT_FreeArena(arena, PR_TRUE);
+	return SECFailure;
+    }
+
+    /* Set the version number (SEC 1 section C.4 says it should be 1) */
+    SECITEM_AllocItem(arena, &key->version, 1);
+    key->version.data[0] = 1;
+
+    /* Copy all of the fields from the ECParams argument to the
+     * ECParams structure within the private key.
+     */
+    key->ecParams.arena = arena;
+    key->ecParams.type = ecParams->type;
+    key->ecParams.fieldID.size = ecParams->fieldID.size;
+    key->ecParams.fieldID.type = ecParams->fieldID.type;
+    if (ecParams->fieldID.type == ec_field_GFp) {
+	CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.fieldID.u.prime,
+	    &ecParams->fieldID.u.prime));
+    } else {
+	CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.fieldID.u.poly,
+	    &ecParams->fieldID.u.poly));
+    }
+    key->ecParams.fieldID.k1 = ecParams->fieldID.k1;
+    key->ecParams.fieldID.k2 = ecParams->fieldID.k2;
+    key->ecParams.fieldID.k3 = ecParams->fieldID.k3;
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.curve.a,
+	&ecParams->curve.a));
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.curve.b,
+	&ecParams->curve.b));
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.curve.seed,
+	&ecParams->curve.seed));
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.base,
+	&ecParams->base));
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.order,
+	&ecParams->order));
+    key->ecParams.cofactor = ecParams->cofactor;
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.DEREncoding,
+	&ecParams->DEREncoding));
+    key->ecParams.name = ecParams->name;
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.curveOID,
+	&ecParams->curveOID));
+
+    len = (ecParams->fieldID.size + 7) >> 3;
+    SECITEM_AllocItem(arena, &key->publicValue, 2*len + 1);
+    len = ecParams->order.len;
+    SECITEM_AllocItem(arena, &key->privateValue, len);
+
+    /* Copy private key */
+    if (privKeyLen >= len) {
+	memcpy(key->privateValue.data, privKeyBytes, len);
+    } else {
+	memset(key->privateValue.data, 0, (len - privKeyLen));
+	memcpy(key->privateValue.data + (len - privKeyLen), privKeyBytes, privKeyLen);
+    }
+
+    /* Compute corresponding public key */
+    MP_DIGITS(&k) = 0;
+    CHECK_MPI_OK( mp_init(&k) );
+    CHECK_MPI_OK( mp_read_unsigned_octets(&k, key->privateValue.data, 
+	(mp_size) len) );
+
+    rv = ec_points_mul(ecParams, &k, NULL, NULL, &(key->publicValue));
+    if (rv != SECSuccess) goto cleanup;
+    *privKey = key;
+
+cleanup:
+    mp_clear(&k);
+    if (rv)
+	PORT_FreeArena(arena, PR_TRUE);
+
+#if EC_DEBUG
+    printf("ec_NewKey returning %s\n", 
+	(rv == SECSuccess) ? "success" : "failure");
+#endif
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+#endif /* NSS_ENABLE_ECC */
+
+    return rv;
+
+}
+
+/* Generates a new EC key pair. The private key is a supplied
+ * random value (in seed) and the public key is the result of 
+ * performing a scalar point multiplication of that value with 
+ * the curve's base point.
+ */
+SECStatus 
+EC_NewKeyFromSeed(ECParams *ecParams, ECPrivateKey **privKey, 
+    const unsigned char *seed, int seedlen)
+{
+    SECStatus rv = SECFailure;
+#ifdef NSS_ENABLE_ECC
+    rv = ec_NewKey(ecParams, privKey, seed, seedlen);
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+#endif /* NSS_ENABLE_ECC */
+    return rv;
+}
+
+#ifdef NSS_ENABLE_ECC
+/* Generate a random private key using the algorithm A.4.1 of ANSI X9.62,
+ * modified a la FIPS 186-2 Change Notice 1 to eliminate the bias in the
+ * random number generator.
+ *
+ * Parameters
+ * - order: a buffer that holds the curve's group order
+ * - len: the length in octets of the order buffer
+ *
+ * Return Value
+ * Returns a buffer of len octets that holds the private key. The caller
+ * is responsible for freeing the buffer with PORT_ZFree.
+ */
+static unsigned char *
+ec_GenerateRandomPrivateKey(const unsigned char *order, int len)
+{
+    SECStatus rv = SECSuccess;
+    mp_err err;
+    unsigned char *privKeyBytes = NULL;
+    mp_int privKeyVal, order_1, one;
+
+    MP_DIGITS(&privKeyVal) = 0;
+    MP_DIGITS(&order_1) = 0;
+    MP_DIGITS(&one) = 0;
+    CHECK_MPI_OK( mp_init(&privKeyVal) );
+    CHECK_MPI_OK( mp_init(&order_1) );
+    CHECK_MPI_OK( mp_init(&one) );
+
+    /* Generates 2*len random bytes using the global random bit generator
+     * (which implements Algorithm 1 of FIPS 186-2 Change Notice 1) then
+     * reduces modulo the group order.
+     */
+    if ((privKeyBytes = PORT_Alloc(2*len)) == NULL) goto cleanup;
+    CHECK_SEC_OK( RNG_GenerateGlobalRandomBytes(privKeyBytes, 2*len) );
+    CHECK_MPI_OK( mp_read_unsigned_octets(&privKeyVal, privKeyBytes, 2*len) );
+    CHECK_MPI_OK( mp_read_unsigned_octets(&order_1, order, len) );
+    CHECK_MPI_OK( mp_set_int(&one, 1) );
+    CHECK_MPI_OK( mp_sub(&order_1, &one, &order_1) );
+    CHECK_MPI_OK( mp_mod(&privKeyVal, &order_1, &privKeyVal) );
+    CHECK_MPI_OK( mp_add(&privKeyVal, &one, &privKeyVal) );
+    CHECK_MPI_OK( mp_to_fixlen_octets(&privKeyVal, privKeyBytes, len) );
+    memset(privKeyBytes+len, 0, len);
+cleanup:
+    mp_clear(&privKeyVal);
+    mp_clear(&order_1);
+    mp_clear(&one);
+    if (err < MP_OKAY) {
+	MP_TO_SEC_ERROR(err);
+	rv = SECFailure;
+    }
+    if (rv != SECSuccess && privKeyBytes) {
+	PORT_Free(privKeyBytes);
+	privKeyBytes = NULL;
+    }
+    return privKeyBytes;
+}
+#endif /* NSS_ENABLE_ECC */
+
+/* Generates a new EC key pair. The private key is a random value and
+ * the public key is the result of performing a scalar point multiplication
+ * of that value with the curve's base point.
+ */
+SECStatus 
+EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey)
+{
+    SECStatus rv = SECFailure;
+#ifdef NSS_ENABLE_ECC
+    int len;
+    unsigned char *privKeyBytes = NULL;
+
+    if (!ecParams) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+
+    len = ecParams->order.len;
+    privKeyBytes = ec_GenerateRandomPrivateKey(ecParams->order.data, len);
+    if (privKeyBytes == NULL) goto cleanup;
+    /* generate public key */
+    CHECK_SEC_OK( ec_NewKey(ecParams, privKey, privKeyBytes, len) );
+
+cleanup:
+    if (privKeyBytes) {
+	PORT_ZFree(privKeyBytes, len);
+    }
+#if EC_DEBUG
+    printf("EC_NewKey returning %s\n", 
+	(rv == SECSuccess) ? "success" : "failure");
+#endif
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+#endif /* NSS_ENABLE_ECC */
+    
+    return rv;
+}
+
+/* Validates an EC public key as described in Section 5.2.2 of
+ * X9.62. The ECDH primitive when used without the cofactor does
+ * not address small subgroup attacks, which may occur when the
+ * public key is not valid. These attacks can be prevented by 
+ * validating the public key before using ECDH.
+ */
+SECStatus 
+EC_ValidatePublicKey(ECParams *ecParams, SECItem *publicValue)
+{
+#ifdef NSS_ENABLE_ECC
+    mp_int Px, Py;
+    ECGroup *group = NULL;
+    SECStatus rv = SECFailure;
+    mp_err err = MP_OKAY;
+    int len;
+
+    if (!ecParams || !publicValue) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+	
+    /* NOTE: We only support uncompressed points for now */
+    len = (ecParams->fieldID.size + 7) >> 3;
+    if (publicValue->data[0] != EC_POINT_FORM_UNCOMPRESSED) {
+	PORT_SetError(SEC_ERROR_UNSUPPORTED_EC_POINT_FORM);
+	return SECFailure;
+    } else if (publicValue->len != (2 * len + 1)) {
+	PORT_SetError(SEC_ERROR_BAD_KEY);
+	return SECFailure;
+    }
+
+    MP_DIGITS(&Px) = 0;
+    MP_DIGITS(&Py) = 0;
+    CHECK_MPI_OK( mp_init(&Px) );
+    CHECK_MPI_OK( mp_init(&Py) );
+
+    /* Initialize Px and Py */
+    CHECK_MPI_OK( mp_read_unsigned_octets(&Px, publicValue->data + 1, (mp_size) len) );
+    CHECK_MPI_OK( mp_read_unsigned_octets(&Py, publicValue->data + 1 + len, (mp_size) len) );
+
+    /* construct from named params */
+    group = ECGroup_fromName(ecParams->name);
+    if (group == NULL) {
+	/*
+	 * ECGroup_fromName fails if ecParams->name is not a valid
+	 * ECCurveName value, or if we run out of memory, or perhaps
+	 * for other reasons.  Unfortunately if ecParams->name is a
+	 * valid ECCurveName value, we don't know what the right error
+	 * code should be because ECGroup_fromName doesn't return an
+	 * error code to the caller.  Set err to MP_UNDEF because
+	 * that's what ECGroup_fromName uses internally.
+	 */
+	if ((ecParams->name <= ECCurve_noName) ||
+	    (ecParams->name >= ECCurve_pastLastCurve)) {
+	    err = MP_BADARG;
+	} else {
+	    err = MP_UNDEF;
+	}
+	goto cleanup;
+    }
+
+    /* validate public point */
+    if ((err = ECPoint_validate(group, &Px, &Py)) < MP_YES) {
+	if (err == MP_NO) {
+	    PORT_SetError(SEC_ERROR_BAD_KEY);
+	    rv = SECFailure;
+	    err = MP_OKAY;  /* don't change the error code */
+	}
+	goto cleanup;
+    }
+
+    rv = SECSuccess;
+
+cleanup:
+    ECGroup_free(group);
+    mp_clear(&Px);
+    mp_clear(&Py);
+    if (err) {
+	MP_TO_SEC_ERROR(err);
+	rv = SECFailure;
+    }
+    return rv;
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+    return SECFailure;
+#endif /* NSS_ENABLE_ECC */
+}
+
+/* 
+** Performs an ECDH key derivation by computing the scalar point
+** multiplication of privateValue and publicValue (with or without the
+** cofactor) and returns the x-coordinate of the resulting elliptic
+** curve point in derived secret.  If successful, derivedSecret->data
+** is set to the address of the newly allocated buffer containing the
+** derived secret, and derivedSecret->len is the size of the secret
+** produced. It is the caller's responsibility to free the allocated
+** buffer containing the derived secret.
+*/
+SECStatus 
+ECDH_Derive(SECItem  *publicValue, 
+            ECParams *ecParams,
+            SECItem  *privateValue,
+            PRBool    withCofactor,
+            SECItem  *derivedSecret)
+{
+    SECStatus rv = SECFailure;
+#ifdef NSS_ENABLE_ECC
+    unsigned int len = 0;
+    SECItem pointQ = {siBuffer, NULL, 0};
+    mp_int k; /* to hold the private value */
+    mp_int cofactor;
+    mp_err err = MP_OKAY;
+#if EC_DEBUG
+    int i;
+#endif
+
+    if (!publicValue || !ecParams || !privateValue || 
+	!derivedSecret) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+
+    memset(derivedSecret, 0, sizeof *derivedSecret);
+    len = (ecParams->fieldID.size + 7) >> 3;  
+    pointQ.len = 2*len + 1;
+    if ((pointQ.data = PORT_Alloc(2*len + 1)) == NULL) goto cleanup;
+
+    MP_DIGITS(&k) = 0;
+    CHECK_MPI_OK( mp_init(&k) );
+    CHECK_MPI_OK( mp_read_unsigned_octets(&k, privateValue->data, 
+	                                  (mp_size) privateValue->len) );
+
+    if (withCofactor && (ecParams->cofactor != 1)) {
+	    /* multiply k with the cofactor */
+	    MP_DIGITS(&cofactor) = 0;
+	    CHECK_MPI_OK( mp_init(&cofactor) );
+	    mp_set(&cofactor, ecParams->cofactor);
+	    CHECK_MPI_OK( mp_mul(&k, &cofactor, &k) );
+    }
+
+    /* Multiply our private key and peer's public point */
+    if ((ec_points_mul(ecParams, NULL, &k, publicValue, &pointQ) != SECSuccess) ||
+	ec_point_at_infinity(&pointQ))
+	goto cleanup;
+
+    /* Allocate memory for the derived secret and copy
+     * the x co-ordinate of pointQ into it.
+     */
+    SECITEM_AllocItem(NULL, derivedSecret, len);
+    memcpy(derivedSecret->data, pointQ.data + 1, len);
+
+    rv = SECSuccess;
+
+#if EC_DEBUG
+    printf("derived_secret:\n");
+    for (i = 0; i < derivedSecret->len; i++) 
+	printf("%02x:", derivedSecret->data[i]);
+    printf("\n");
+#endif
+
+cleanup:
+    mp_clear(&k);
+
+    if (pointQ.data) {
+	PORT_ZFree(pointQ.data, 2*len + 1);
+    }
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+#endif /* NSS_ENABLE_ECC */
+
+    return rv;
+}
+
+/* Computes the ECDSA signature (a concatenation of two values r and s)
+ * on the digest using the given key and the random value kb (used in
+ * computing s).
+ */
+SECStatus 
+ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature, 
+    const SECItem *digest, const unsigned char *kb, const int kblen)
+{
+    SECStatus rv = SECFailure;
+#ifdef NSS_ENABLE_ECC
+    mp_int x1;
+    mp_int d, k;     /* private key, random integer */
+    mp_int r, s;     /* tuple (r, s) is the signature */
+    mp_int n;
+    mp_err err = MP_OKAY;
+    ECParams *ecParams = NULL;
+    SECItem kGpoint = { siBuffer, NULL, 0};
+    int flen = 0;    /* length in bytes of the field size */
+    unsigned olen;   /* length in bytes of the base point order */
+
+#if EC_DEBUG
+    char mpstr[256];
+#endif
+
+    /* Initialize MPI integers. */
+    /* must happen before the first potential call to cleanup */
+    MP_DIGITS(&x1) = 0;
+    MP_DIGITS(&d) = 0;
+    MP_DIGITS(&k) = 0;
+    MP_DIGITS(&r) = 0;
+    MP_DIGITS(&s) = 0;
+    MP_DIGITS(&n) = 0;
+
+    /* Check args */
+    if (!key || !signature || !digest || !kb || (kblen < 0)) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	goto cleanup;
+    }
+
+    ecParams = &(key->ecParams);
+    flen = (ecParams->fieldID.size + 7) >> 3;
+    olen = ecParams->order.len;  
+    if (signature->data == NULL) {
+	/* a call to get the signature length only */
+	goto finish;
+    }
+    if (signature->len < 2*olen) {
+	PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+	goto cleanup;
+    }
+
+
+    CHECK_MPI_OK( mp_init(&x1) );
+    CHECK_MPI_OK( mp_init(&d) );
+    CHECK_MPI_OK( mp_init(&k) );
+    CHECK_MPI_OK( mp_init(&r) );
+    CHECK_MPI_OK( mp_init(&s) );
+    CHECK_MPI_OK( mp_init(&n) );
+
+    SECITEM_TO_MPINT( ecParams->order, &n );
+    SECITEM_TO_MPINT( key->privateValue, &d );
+    CHECK_MPI_OK( mp_read_unsigned_octets(&k, kb, kblen) );
+    /* Make sure k is in the interval [1, n-1] */
+    if ((mp_cmp_z(&k) <= 0) || (mp_cmp(&k, &n) >= 0)) {
+#if EC_DEBUG
+        printf("k is outside [1, n-1]\n");
+        mp_tohex(&k, mpstr);
+	printf("k : %s \n", mpstr);
+        mp_tohex(&n, mpstr);
+	printf("n : %s \n", mpstr);
+#endif
+	PORT_SetError(SEC_ERROR_NEED_RANDOM);
+	goto cleanup;
+    }
+
+    /* 
+    ** ANSI X9.62, Section 5.3.2, Step 2
+    **
+    ** Compute kG
+    */
+    kGpoint.len = 2*flen + 1;
+    kGpoint.data = PORT_Alloc(2*flen + 1);
+    if ((kGpoint.data == NULL) ||
+	(ec_points_mul(ecParams, &k, NULL, NULL, &kGpoint)
+	    != SECSuccess))
+	goto cleanup;
+
+    /* 
+    ** ANSI X9.62, Section 5.3.3, Step 1
+    **
+    ** Extract the x co-ordinate of kG into x1
+    */
+    CHECK_MPI_OK( mp_read_unsigned_octets(&x1, kGpoint.data + 1, 
+	                                  (mp_size) flen) );
+
+    /* 
+    ** ANSI X9.62, Section 5.3.3, Step 2
+    **
+    ** r = x1 mod n  NOTE: n is the order of the curve
+    */
+    CHECK_MPI_OK( mp_mod(&x1, &n, &r) );
+
+    /*
+    ** ANSI X9.62, Section 5.3.3, Step 3
+    **
+    ** verify r != 0 
+    */
+    if (mp_cmp_z(&r) == 0) {
+	PORT_SetError(SEC_ERROR_NEED_RANDOM);
+	goto cleanup;
+    }
+
+    /*                                  
+    ** ANSI X9.62, Section 5.3.3, Step 4
+    **
+    ** s = (k**-1 * (HASH(M) + d*r)) mod n 
+    */
+    SECITEM_TO_MPINT(*digest, &s);        /* s = HASH(M)     */
+
+    /* In the definition of EC signing, digests are truncated
+     * to the length of n in bits. 
+     * (see SEC 1 "Elliptic Curve Digit Signature Algorithm" section 4.1.*/
+    if (digest->len*8 > ecParams->fieldID.size) {
+	mpl_rsh(&s,&s,digest->len*8 - ecParams->fieldID.size);
+    }
+
+#if EC_DEBUG
+    mp_todecimal(&n, mpstr);
+    printf("n : %s (dec)\n", mpstr);
+    mp_todecimal(&d, mpstr);
+    printf("d : %s (dec)\n", mpstr);
+    mp_tohex(&x1, mpstr);
+    printf("x1: %s\n", mpstr);
+    mp_todecimal(&s, mpstr);
+    printf("digest: %s (decimal)\n", mpstr);
+    mp_todecimal(&r, mpstr);
+    printf("r : %s (dec)\n", mpstr);
+    mp_tohex(&r, mpstr);
+    printf("r : %s\n", mpstr);
+#endif
+
+    CHECK_MPI_OK( mp_invmod(&k, &n, &k) );      /* k = k**-1 mod n */
+    CHECK_MPI_OK( mp_mulmod(&d, &r, &n, &d) );  /* d = d * r mod n */
+    CHECK_MPI_OK( mp_addmod(&s, &d, &n, &s) );  /* s = s + d mod n */
+    CHECK_MPI_OK( mp_mulmod(&s, &k, &n, &s) );  /* s = s * k mod n */
+
+#if EC_DEBUG
+    mp_todecimal(&s, mpstr);
+    printf("s : %s (dec)\n", mpstr);
+    mp_tohex(&s, mpstr);
+    printf("s : %s\n", mpstr);
+#endif
+
+    /*
+    ** ANSI X9.62, Section 5.3.3, Step 5
+    **
+    ** verify s != 0
+    */
+    if (mp_cmp_z(&s) == 0) {
+	PORT_SetError(SEC_ERROR_NEED_RANDOM);
+	goto cleanup;
+    }
+
+   /*
+    **
+    ** Signature is tuple (r, s)
+    */
+    CHECK_MPI_OK( mp_to_fixlen_octets(&r, signature->data, olen) );
+    CHECK_MPI_OK( mp_to_fixlen_octets(&s, signature->data + olen, olen) );
+finish:
+    signature->len = 2*olen;
+
+    rv = SECSuccess;
+    err = MP_OKAY;
+cleanup:
+    mp_clear(&x1);
+    mp_clear(&d);
+    mp_clear(&k);
+    mp_clear(&r);
+    mp_clear(&s);
+    mp_clear(&n);
+
+    if (kGpoint.data) {
+	PORT_ZFree(kGpoint.data, 2*flen + 1);
+    }
+
+    if (err) {
+	MP_TO_SEC_ERROR(err);
+	rv = SECFailure;
+    }
+
+#if EC_DEBUG
+    printf("ECDSA signing with seed %s\n",
+	(rv == SECSuccess) ? "succeeded" : "failed");
+#endif
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+#endif /* NSS_ENABLE_ECC */
+
+   return rv;
+}
+
+/*
+** Computes the ECDSA signature on the digest using the given key 
+** and a random seed.
+*/
+SECStatus 
+ECDSA_SignDigest(ECPrivateKey *key, SECItem *signature, const SECItem *digest)
+{
+    SECStatus rv = SECFailure;
+#ifdef NSS_ENABLE_ECC
+    int len;
+    unsigned char *kBytes= NULL;
+
+    if (!key) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+
+    /* Generate random value k */
+    len = key->ecParams.order.len;
+    kBytes = ec_GenerateRandomPrivateKey(key->ecParams.order.data, len);
+    if (kBytes == NULL) goto cleanup;
+
+    /* Generate ECDSA signature with the specified k value */
+    rv = ECDSA_SignDigestWithSeed(key, signature, digest, kBytes, len);
+
+cleanup:    
+    if (kBytes) {
+	PORT_ZFree(kBytes, len);
+    }
+
+#if EC_DEBUG
+    printf("ECDSA signing %s\n",
+	(rv == SECSuccess) ? "succeeded" : "failed");
+#endif
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+#endif /* NSS_ENABLE_ECC */
+
+    return rv;
+}
+
+/*
+** Checks the signature on the given digest using the key provided.
+*/
+SECStatus 
+ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature, 
+                 const SECItem *digest)
+{
+    SECStatus rv = SECFailure;
+#ifdef NSS_ENABLE_ECC
+    mp_int r_, s_;           /* tuple (r', s') is received signature) */
+    mp_int c, u1, u2, v;     /* intermediate values used in verification */
+    mp_int x1;
+    mp_int n;
+    mp_err err = MP_OKAY;
+    ECParams *ecParams = NULL;
+    SECItem pointC = { siBuffer, NULL, 0 };
+    int slen;       /* length in bytes of a half signature (r or s) */
+    int flen;       /* length in bytes of the field size */
+    unsigned olen;  /* length in bytes of the base point order */
+
+#if EC_DEBUG
+    char mpstr[256];
+    printf("ECDSA verification called\n");
+#endif
+
+    /* Initialize MPI integers. */
+    /* must happen before the first potential call to cleanup */
+    MP_DIGITS(&r_) = 0;
+    MP_DIGITS(&s_) = 0;
+    MP_DIGITS(&c) = 0;
+    MP_DIGITS(&u1) = 0;
+    MP_DIGITS(&u2) = 0;
+    MP_DIGITS(&x1) = 0;
+    MP_DIGITS(&v)  = 0;
+    MP_DIGITS(&n)  = 0;
+
+    /* Check args */
+    if (!key || !signature || !digest) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	goto cleanup;
+    }
+
+    ecParams = &(key->ecParams);
+    flen = (ecParams->fieldID.size + 7) >> 3;  
+    olen = ecParams->order.len;  
+    if (signature->len == 0 || signature->len%2 != 0 ||
+	signature->len > 2*olen) {
+	PORT_SetError(SEC_ERROR_INPUT_LEN);
+	goto cleanup;
+    }
+    slen = signature->len/2;
+
+    SECITEM_AllocItem(NULL, &pointC, 2*flen + 1);
+    if (pointC.data == NULL)
+	goto cleanup;
+
+    CHECK_MPI_OK( mp_init(&r_) );
+    CHECK_MPI_OK( mp_init(&s_) );
+    CHECK_MPI_OK( mp_init(&c)  );
+    CHECK_MPI_OK( mp_init(&u1) );
+    CHECK_MPI_OK( mp_init(&u2) );
+    CHECK_MPI_OK( mp_init(&x1)  );
+    CHECK_MPI_OK( mp_init(&v)  );
+    CHECK_MPI_OK( mp_init(&n)  );
+
+    /*
+    ** Convert received signature (r', s') into MPI integers.
+    */
+    CHECK_MPI_OK( mp_read_unsigned_octets(&r_, signature->data, slen) );
+    CHECK_MPI_OK( mp_read_unsigned_octets(&s_, signature->data + slen, slen) );
+                                          
+    /* 
+    ** ANSI X9.62, Section 5.4.2, Steps 1 and 2
+    **
+    ** Verify that 0 < r' < n and 0 < s' < n
+    */
+    SECITEM_TO_MPINT(ecParams->order, &n);
+    if (mp_cmp_z(&r_) <= 0 || mp_cmp_z(&s_) <= 0 ||
+        mp_cmp(&r_, &n) >= 0 || mp_cmp(&s_, &n) >= 0) {
+	PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+	goto cleanup; /* will return rv == SECFailure */
+    }
+
+    /*
+    ** ANSI X9.62, Section 5.4.2, Step 3
+    **
+    ** c = (s')**-1 mod n
+    */
+    CHECK_MPI_OK( mp_invmod(&s_, &n, &c) );      /* c = (s')**-1 mod n */
+
+    /*
+    ** ANSI X9.62, Section 5.4.2, Step 4
+    **
+    ** u1 = ((HASH(M')) * c) mod n
+    */
+    SECITEM_TO_MPINT(*digest, &u1);                  /* u1 = HASH(M)     */
+
+    /* In the definition of EC signing, digests are truncated
+     * to the length of n in bits. 
+     * (see SEC 1 "Elliptic Curve Digit Signature Algorithm" section 4.1.*/
+    if (digest->len*8 > ecParams->fieldID.size) {  /* u1 = HASH(M')     */
+	mpl_rsh(&u1,&u1,digest->len*8- ecParams->fieldID.size);
+    }
+
+#if EC_DEBUG
+    mp_todecimal(&r_, mpstr);
+    printf("r_: %s (dec)\n", mpstr);
+    mp_todecimal(&s_, mpstr);
+    printf("s_: %s (dec)\n", mpstr);
+    mp_todecimal(&c, mpstr);
+    printf("c : %s (dec)\n", mpstr);
+    mp_todecimal(&u1, mpstr);
+    printf("digest: %s (dec)\n", mpstr);
+#endif
+
+    CHECK_MPI_OK( mp_mulmod(&u1, &c, &n, &u1) );  /* u1 = u1 * c mod n */
+
+    /*
+    ** ANSI X9.62, Section 5.4.2, Step 4
+    **
+    ** u2 = ((r') * c) mod n
+    */
+    CHECK_MPI_OK( mp_mulmod(&r_, &c, &n, &u2) );
+
+    /*
+    ** ANSI X9.62, Section 5.4.3, Step 1
+    **
+    ** Compute u1*G + u2*Q
+    ** Here, A = u1.G     B = u2.Q    and   C = A + B
+    ** If the result, C, is the point at infinity, reject the signature
+    */
+    if (ec_points_mul(ecParams, &u1, &u2, &key->publicValue, &pointC)
+	!= SECSuccess) {
+	rv = SECFailure;
+	goto cleanup;
+    }
+    if (ec_point_at_infinity(&pointC)) {
+	PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+	rv = SECFailure;
+	goto cleanup;
+    }
+
+    CHECK_MPI_OK( mp_read_unsigned_octets(&x1, pointC.data + 1, flen) );
+
+    /*
+    ** ANSI X9.62, Section 5.4.4, Step 2
+    **
+    ** v = x1 mod n
+    */
+    CHECK_MPI_OK( mp_mod(&x1, &n, &v) );
+
+#if EC_DEBUG
+    mp_todecimal(&r_, mpstr);
+    printf("r_: %s (dec)\n", mpstr);
+    mp_todecimal(&v, mpstr);
+    printf("v : %s (dec)\n", mpstr);
+#endif
+
+    /*
+    ** ANSI X9.62, Section 5.4.4, Step 3
+    **
+    ** Verification:  v == r'
+    */
+    if (mp_cmp(&v, &r_)) {
+	PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+	rv = SECFailure; /* Signature failed to verify. */
+    } else {
+	rv = SECSuccess; /* Signature verified. */
+    }
+
+#if EC_DEBUG
+    mp_todecimal(&u1, mpstr);
+    printf("u1: %s (dec)\n", mpstr);
+    mp_todecimal(&u2, mpstr);
+    printf("u2: %s (dec)\n", mpstr);
+    mp_tohex(&x1, mpstr);
+    printf("x1: %s\n", mpstr);
+    mp_todecimal(&v, mpstr);
+    printf("v : %s (dec)\n", mpstr);
+#endif
+
+cleanup:
+    mp_clear(&r_);
+    mp_clear(&s_);
+    mp_clear(&c);
+    mp_clear(&u1);
+    mp_clear(&u2);
+    mp_clear(&x1);
+    mp_clear(&v);
+    mp_clear(&n);
+
+    if (pointC.data) SECITEM_FreeItem(&pointC, PR_FALSE);
+    if (err) {
+	MP_TO_SEC_ERROR(err);
+	rv = SECFailure;
+    }
+
+#if EC_DEBUG
+    printf("ECDSA verification %s\n",
+	(rv == SECSuccess) ? "succeeded" : "failed");
+#endif
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+#endif /* NSS_ENABLE_ECC */
+
+    return rv;
+}
+
diff --git a/security/nss/lib/freebl/ec.h b/security/nss/lib/freebl/ec.h
new file mode 100644
index 000000000..3de424145
--- /dev/null
+++ b/security/nss/lib/freebl/ec.h
@@ -0,0 +1,52 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Elliptic Curve Cryptography library.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#ifndef __ec_h_
+#define __ec_h_
+
+#define EC_DEBUG                          0
+#define EC_POINT_FORM_COMPRESSED_Y0    0x02
+#define EC_POINT_FORM_COMPRESSED_Y1    0x03
+#define EC_POINT_FORM_UNCOMPRESSED     0x04
+#define EC_POINT_FORM_HYBRID_Y0        0x06
+#define EC_POINT_FORM_HYBRID_Y1        0x07
+
+#define ANSI_X962_CURVE_OID_TOTAL_LEN    10
+#define SECG_CURVE_OID_TOTAL_LEN          7
+
+#endif /* __ec_h_ */
diff --git a/security/nss/lib/freebl/ecl/Makefile b/security/nss/lib/freebl/ecl/Makefile
new file mode 100644
index 000000000..9ada3eba1
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/Makefile
@@ -0,0 +1,230 @@
+#
+# Makefile for elliptic curve library
+
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the elliptic curve math library.
+#
+# The Initial Developer of the Original Code is
+# Sun Microsystems, Inc.
+# Portions created by the Initial Developer are Copyright (C) 2003
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#   Douglas Stebila <douglas@stebila.ca>
+#   Michael J. Fromberger <sting@linguist.dartmouth.edu>
+#   Netscape Communications Corporation
+#   Richard C. Swift        (swift@netscape.com)
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+## Define CC to be the C compiler you wish to use.  The GNU cc
+## compiler (gcc) should work, at the very least
+#CC=cc
+#CC=gcc
+
+## 
+## Define PERL to point to your local Perl interpreter.  It
+## should be Perl 5.x, although it's conceivable that Perl 4
+## might work ... I haven't tested it.
+##
+#PERL=/usr/bin/perl
+#PERL=perl
+
+include ../mpi/target.mk
+
+##
+## Define platform-dependent variables for use of floating-point code.
+##
+ifeq ($(TARGET),v9SOLARIS)
+ECL_USE_FP=1
+else
+ifeq ($(TARGET),v8plusSOLARIS)
+ECL_USE_FP=1
+else
+ifeq ($(TARGET),v8SOLARIS)
+ECL_USE_FP=1
+else
+ifeq ($(TARGET),x86LINUX)
+ECL_USE_FP=1
+endif
+endif
+endif
+endif
+
+##
+## Add to definition of CFLAGS depending on use of floating-point code.
+##
+ifeq ($(ECL_USE_FP),1)
+CFLAGS+= -DECL_USE_FP
+endif
+
+##
+## Define LIBS to include any libraries you need to link against.
+## If NO_TABLE is define, LIBS should include '-lm' or whatever is
+## necessary to bring in the math library.  Otherwise, it can be
+## left alone, unless your system has other peculiar requirements.
+##
+LIBS=-L../mpi -lmpi -lm#-lmalloc#-lefence
+
+##
+## Define INCLUDES to include any include directories you need to 
+## compile with.  
+##
+INCLUDES=-I../mpi
+CFLAGS+= $(INCLUDES) $(XCFLAGS)
+
+## 
+## Define RANLIB to be the library header randomizer; you might not
+## need this on some systems (just set it to 'echo' on these systems,
+## such as IRIX)
+##
+RANLIB=echo
+
+## 
+## Define LIBOBJS to be the object files that will be created during
+## the build process.
+##
+LIBOBJS = ecl.o ecl_curve.o ecl_mult.o ecl_gf.o \
+	ec2_aff.o ec2_mont.o ec2_proj.o \
+	ec2_163.o ec2_193.o ec2_233.o \
+	ecp_aff.o ecp_jac.o ecp_mont.o \
+	ec_naf.o ecp_jm.o \
+	ecp_192.o ecp_224.o ecp_256.o ecp_384.o ecp_521.o
+ifeq ($(ECL_USE_FP),1)
+LIBOBJS+= ecp_fp160.o ecp_fp192.o ecp_fp224.o ecp_fp.o
+endif
+
+## The headers contained in this library.
+LIBHDRS = ecl-exp.h ecl.h ec2.h ecp.h ecl-priv.h ecl-curve.h
+APPHDRS = ecl-exp.h ecl.h ec2.h ecp.h ecl-priv.h ecl-curve.h
+ifeq ($(ECL_GFP_ASSEMBLY_FP),1)
+LIBHDRS += ecp_fp.h
+APPHDRS += ecp_fp.h
+endif
+
+
+help:
+	@ echo ""
+	@ echo "The following targets can be built with this Makefile:"
+	@ echo ""
+	@ echo "libecl.a     - elliptic curve library"
+	@ echo "tests        - build command line tests"
+	@ echo "test         - run command line tests"
+	@ echo "clean        - clean up objects and such"
+	@ echo ""
+
+.SUFFIXES: .c .o .i
+
+.c.i:
+	$(CC) $(CFLAGS) -E $< > $@
+
+#---------------------------------------
+
+$(LIBOBJS): $(LIBHDRS)
+
+ecl.o: ecl.c $(LIBHDRS)
+ecl_curve.o: ecl_curve.c $(LIBHDRS)
+ecl_mult.o: ecl_mult.c $(LIBHDRS)
+ecl_gf.o: ecl_gf.c $(LIBHDRS)
+ec2_aff.o: ec2_aff.c $(LIBHDRS)
+ec2_mont.o: ec2_mont.c $(LIBHDRS)
+ec2_proj.o: ec2_proj.c $(LIBHDRS)
+ec2_163.o: ec2_163.c $(LIBHDRS)
+ec2_193.o: ec2_193.c $(LIBHDRS)
+ec2_233.o: ec2_233.c $(LIBHDRS)
+ecp_aff.o: ecp_aff.c $(LIBHDRS)
+ecp_jac.o: ecp_jac.c $(LIBHDRS)
+ecp_jm.o: ecp_jm.c $(LIBHDRS)
+ecp_mont.o: ecp_mont.c $(LIBHDRS)
+ecp_192.o: ecp_192.c $(LIBHDRS)
+ecp_224.o: ecp_224.c $(LIBHDRS)
+ecp_256.o: ecp_256.c $(LIBHDRS)
+ecp_384.o: ecp_384.c $(LIBHDRS)
+ecp_521.o: ecp_521.c $(LIBHDRS)
+ecp_fp.o: ecp_fp.c $(LIBHDRS)
+ifeq ($(ECL_USE_FP),1)
+ecp_fp160.o: ecp_fp160.c ecp_fpinc.c $(LIBHDRS)
+ecp_fp192.o: ecp_fp192.c ecp_fpinc.c $(LIBHDRS)
+ecp_fp224.o: ecp_fp224.c ecp_fpinc.c $(LIBHDRS)
+endif
+
+libecl.a: $(LIBOBJS)
+	ar -cvr libecl.a $(LIBOBJS)
+	$(RANLIB) libecl.a
+
+lib libs: libecl.a
+
+ecl.i: ecl.h
+
+#---------------------------------------
+
+ECLTESTOBJS = ec2_test.o ecp_test.o ec_naft.o
+ifeq ($(ECL_USE_FP),1)
+ECLTESTOBJS+= ecp_fpt.o
+endif
+ECLTESTS = $(ECLTESTOBJS:.o=)
+
+$(ECLTESTOBJS): %.o: tests/%.c $(LIBHDRS)
+	$(CC) $(CFLAGS) -o $@ -c $<  $(INCLUDES)
+
+$(ECLTESTS): %: %.o libecl.a
+	$(CC) $(CFLAGS) -o $@ $^  $(LIBS)
+
+ifeq ($(ECL_USE_FP),1)
+tests: ec2_test ecp_test ec_naft ecp_fpt 
+else
+tests: ec2_test ecp_test ec_naft
+endif
+
+#---------------------------------------
+
+ifeq ($(ECL_USE_FP),1)
+test: tests
+	./ecp_test
+	./ec2_test
+	./ec_naft
+	./ecp_fpt
+else
+test: tests
+	./ecp_test
+	./ec_naft
+	./ec2_test
+endif
+
+#---------------------------------------
+
+alltests: tests
+
+clean:
+	rm -f *.o *.a *.i
+	rm -f core
+	rm -f *~ .*~
+	rm -f $(ECLTESTS)
+
+clobber: clean
+
+# END
diff --git a/security/nss/lib/freebl/ecl/README b/security/nss/lib/freebl/ecl/README
new file mode 100644
index 000000000..b4c92400d
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/README
@@ -0,0 +1,330 @@
+***** BEGIN LICENSE BLOCK *****
+Version: MPL 1.1/GPL 2.0/LGPL 2.1
+
+The contents of this file are subject to the Mozilla Public License Version
+1.1 (the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+http://www.mozilla.org/MPL/
+
+Software distributed under the License is distributed on an "AS IS" basis,
+WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+for the specific language governing rights and limitations under the
+License.
+
+The Original Code is the elliptic curve math library.
+
+The Initial Developer of the Original Code is Sun Microsystems, Inc.
+Portions created by Sun Microsystems, Inc. are Copyright (C) 2003
+Sun Microsystems, Inc. All Rights Reserved.
+
+Contributor(s):
+    Stephen Fung <fungstep@hotmail.com> and
+    Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
+
+Alternatively, the contents of this file may be used under the terms of
+either the GNU General Public License Version 2 or later (the "GPL"), or
+the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+in which case the provisions of the GPL or the LGPL are applicable instead
+of those above. If you wish to allow use of your version of this file only
+under the terms of either the GPL or the LGPL, and not to allow others to
+use your version of this file under the terms of the MPL, indicate your
+decision by deleting the provisions above and replace them with the notice
+and other provisions required by the GPL or the LGPL. If you do not delete
+the provisions above, a recipient may use your version of this file under
+the terms of any one of the MPL, the GPL or the LGPL.
+
+***** END LICENSE BLOCK *****
+ 
+The ECL exposes routines for constructing and converting curve
+parameters for internal use.
+
+
+HEADER FILES
+============
+
+ecl-exp.h - Exports data structures and curve names. For use by code
+that does not have access to mp_ints.
+
+ecl-curve.h - Provides hex encodings (in the form of ECCurveParams
+structs) of standardizes elliptic curve domain parameters and mappings
+from ECCurveName to ECCurveParams. For use by code that does not have
+access to mp_ints.
+
+ecl.h - Interface to constructors for curve parameters and group object,
+and point multiplication operations. Used by higher level algorithms
+(like ECDH and ECDSA) to actually perform elliptic curve cryptography.
+
+ecl-priv.h - Data structures and functions for internal use within the
+library.
+
+ec2.h - Internal header file that contains all functions for point
+arithmetic over binary polynomial fields.
+
+ecp.h - Internal header file that contains all functions for point
+arithmetic over prime fields.
+
+DATA STRUCTURES AND TYPES
+=========================
+
+ECCurveName (from ecl-exp.h) - Opaque name for standardized elliptic
+curve domain parameters.
+
+ECCurveParams (from ecl-exp.h) - Provides hexadecimal encoding
+of elliptic curve domain parameters. Can be generated by a user
+and passed to ECGroup_fromHex or can be generated from a name by
+EC_GetNamedCurveParams. ecl-curve.h contains ECCurveParams structs for
+the standardized curves defined by ECCurveName.
+
+ECGroup (from ecl.h and ecl-priv.h) - Opaque data structure that
+represents a group of elliptic curve points for a particular set of
+elliptic curve domain parameters. Contains all domain parameters (curve
+a and b, field, base point) as well as pointers to the functions that
+should be used for point arithmetic and the underlying field GFMethod.
+Generated by either ECGroup_fromHex or ECGroup_fromName.
+
+GFMethod (from ecl-priv.h) - Represents a field underlying a set of
+elliptic curve domain parameters. Contains the irreducible that defines
+the field (either the prime or the binary polynomial) as well as
+pointers to the functions that should be used for field arithmetic.
+
+ARITHMETIC FUNCTIONS
+====================
+
+Higher-level algorithms (like ECDH and ECDSA) should call ECPoint_mul
+or ECPoints_mul (from ecl.h) to do point arithmetic. These functions
+will choose which underlying algorithms to use, based on the ECGroup
+structure.
+
+Point Multiplication
+--------------------
+
+ecl_mult.c provides the ECPoints_mul and ECPoint_mul wrappers.
+It also provides two implementations for the pts_mul operation -
+ec_pts_mul_basic (which computes kP, lQ, and then adds kP + lQ) and
+ec_pts_mul_simul_w2 (which does a simultaneous point multiplication
+using a table with window size 2*2).
+
+ec_naf.c provides an implementation of an algorithm to calculate a
+non-adjacent form of a scalar, minimizing the number of point
+additions that need to be done in a point multiplication.
+
+Point Arithmetic over Prime Fields
+----------------------------------
+
+ecp_aff.c provides point arithmetic using affine coordinates.
+
+ecp_jac.c provides point arithmetic using Jacobian projective
+coordinates and mixed Jacobian-affine coordinates. (Jacobian projective
+coordinates represent a point (x, y) as (X, Y, Z), where x=X/Z^2,
+y=Y/Z^3).
+
+ecp_jm.c provides point arithmetic using Modified Jacobian
+coordinates and mixed Modified_Jacobian-affine coordinates.
+(Modified Jacobian coordinates represent a point (x, y)
+as (X, Y, Z, a*Z^4), where x=X/Z^2, y=Y/Z^3, and a is
+the linear coefficient in the curve defining equation).
+
+ecp_192.c and ecp_224.c provide optimized field arithmetic.
+
+Point Arithmetic over Binary Polynomial Fields
+----------------------------------------------
+
+ec2_aff.c provides point arithmetic using affine coordinates.
+
+ec2_proj.c provides point arithmetic using projective coordinates.
+(Projective coordinates represent a point (x, y) as (X, Y, Z), where
+x=X/Z, y=Y/Z^2).
+
+ec2_mont.c provides point multiplication using Montgomery projective
+coordinates.
+
+ec2_163.c, ec2_193.c, and ec2_233.c provide optimized field arithmetic.
+
+Field Arithmetic
+----------------
+
+ecl_gf.c provides constructors for field objects (GFMethod) with the
+functions GFMethod_cons*. It also provides wrappers around the basic
+field operations.
+
+Prime Field Arithmetic
+----------------------
+
+The mpi library provides the basic prime field arithmetic.
+
+ecp_mont.c provides wrappers around the Montgomery multiplication
+functions from the mpi library and adds encoding and decoding functions.
+It also provides the function to construct a GFMethod object using
+Montgomery multiplication.
+
+ecp_192.c and ecp_224.c provide optimized modular reduction for the
+fields defined by nistp192 and nistp224 primes.
+
+ecl_gf.c provides wrappers around the basic field operations.
+
+Binary Polynomial Field Arithmetic
+----------------------------------
+
+../mpi/mp_gf2m.c provides basic binary polynomial field arithmetic,
+including addition, multiplication, squaring, mod, and division, as well
+as conversion ob polynomial representations between bitstring and int[].
+
+ec2_163.c, ec2_193.c, and ec2_233.c provide optimized field mod, mul,
+and sqr operations.
+
+ecl_gf.c provides wrappers around the basic field operations.
+
+Field Encoding
+--------------
+
+By default, field elements are encoded in their basic form. It is
+possible to use an alternative encoding, however. For example, it is
+possible to Montgomery representation of prime field elements and
+take advantage of the fast modular multiplication that Montgomery
+representation provides. The process of converting from basic form to
+Montgomery representation is called field encoding, and the opposite
+process would be field decoding. All internal point operations assume
+that the operands are field encoded as appropriate. By rewiring the
+underlying field arithmetic to perform operations on these encoded
+values, the same overlying point arithmetic operations can be used
+regardless of field representation.
+
+ALGORITHM WIRING
+================
+
+The EC library allows point and field arithmetic algorithms to be
+substituted ("wired-in") on a fine-grained basis. This allows for
+generic algorithms and algorithms that are optimized for a particular
+curve, field, or architecture, to coexist and to be automatically
+selected at runtime.
+
+Wiring Mechanism
+----------------
+
+The ECGroup and GFMethod structure contain pointers to the point and
+field arithmetic functions, respectively, that are to be used in
+operations.
+
+The selection of algorithms to use is handled in the function
+ecgroup_fromNameAndHex in ecl.c.
+
+Default Wiring
+--------------
+
+Curves over prime fields by default use montgomery field arithmetic,
+point multiplication using 5-bit window non-adjacent-form with 
+Modified Jacobian coordinates, and 2*2-bit simultaneous point 
+multiplication using Jacobian coordinates.
+(Wiring in function ECGroup_consGFp_mont in ecl.c.)
+
+Curves over prime fields that have optimized modular reduction (i.e.,
+secp160r1, nistp192, and nistp224) do not use Montgomery field
+arithmetic. Instead, they use basic field arithmetic with their
+optimized reduction (as in ecp_192.c and ecp_224.c). They
+use the same point multiplication and simultaneous point multiplication
+algorithms as other curves over prime fields.
+
+Curves over binary polynomial fields by default use generic field
+arithmetic with montgomery point multiplication and basic kP + lQ
+computation (multiply, multiply, and add). (Wiring in function
+ECGroup_cons_GF2m in ecl.c.)
+
+Curves over binary polynomial fields that have optimized field
+arithmetic (i.e., any 163-, 193, or 233-bit field) use their optimized
+field arithmetic. They use the same point multiplication and
+simultaneous point multiplication algorithms as other curves over binary
+fields.
+
+Example
+-------
+
+We provide an example for plugging in an optimized implementation for
+the Koblitz curve nistk163.
+
+Suppose the file ec2_k163.c contains the optimized implementation. In
+particular it contains a point multiplication function:
+
+	mp_err ec_GF2m_nistk163_pt_mul(const mp_int *n, const mp_int *px, 
+		const mp_int *py, mp_int *rx, mp_int *ry, const ECGroup *group);
+
+Since only a pt_mul function is provided, the generic pt_add function
+will be used.
+
+There are two options for handling the optimized field arithmetic used
+by the ..._pt_mul function. Say the optimized field arithmetic includes
+the following functions:
+
+	mp_err ec_GF2m_nistk163_add(const mp_int *a, const mp_int *b,
+		mp_int *r, const GFMethod *meth);
+	mp_err ec_GF2m_nistk163_mul(const mp_int *a, const mp_int *b,
+		mp_int *r, const GFMethod *meth);
+	mp_err ec_GF2m_nistk163_sqr(const mp_int *a, const mp_int *b,
+		mp_int *r, const GFMethod *meth);
+	mp_err ec_GF2m_nistk163_div(const mp_int *a, const mp_int *b,
+		mp_int *r, const GFMethod *meth);
+
+First, the optimized field arithmetic could simply be called directly
+by the ..._pt_mul function. This would be accomplished by changing
+the ecgroup_fromNameAndHex function in ecl.c to include the following
+statements:
+
+	if (name == ECCurve_NIST_K163) {
+		group = ECGroup_consGF2m(&irr, NULL, &curvea, &curveb, &genx,
+			&geny, &order, params->cofactor);
+		if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
+		MP_CHECKOK( ec_group_set_nistk163(group) );
+	}
+
+and including in ec2_k163.c the following function:
+
+	mp_err ec_group_set_nistk163(ECGroup *group) {
+		group->point_mul = &ec_GF2m_nistk163_pt_mul;
+		return MP_OKAY;
+	}
+
+As a result, ec_GF2m_pt_add and similar functions would use the
+basic binary polynomial field arithmetic ec_GF2m_add, ec_GF2m_mul,
+ec_GF2m_sqr, and ec_GF2m_div.
+
+Alternatively, the optimized field arithmetic could be wired into the
+group's GFMethod. This would be accomplished by putting the following
+function in ec2_k163.c:
+
+	mp_err ec_group_set_nistk163(ECGroup *group) {
+		group->meth->field_add = &ec_GF2m_nistk163_add;
+		group->meth->field_mul = &ec_GF2m_nistk163_mul;
+		group->meth->field_sqr = &ec_GF2m_nistk163_sqr;
+		group->meth->field_div = &ec_GF2m_nistk163_div;
+		group->point_mul = &ec_GF2m_nistk163_pt_mul;
+		return MP_OKAY;
+	}
+
+For an example of functions that use special field encodings, take a
+look at ecp_mont.c.
+
+TESTING
+=======
+
+The ecl/tests directory contains a collection of standalone tests that
+verify the correctness of the elliptic curve library.
+
+Both ecp_test and ec2_test take the following arguments:
+
+	--print     Print out results of each point arithmetic test.
+	--time      Benchmark point operations and print results.
+
+The set of curves over which ecp_test and ec2_test run is coded into the
+program, but can be changed by editing the source files.
+
+BUILDING
+========
+
+The ecl can be built as a standalone library, separate from NSS,
+dependent only on the mpi library. To build the library:
+
+	> cd ../mpi
+	> make libs
+	> cd ../ecl
+	> make libs
+	> make tests # to build test files
+	> make test  # to run automated tests
diff --git a/security/nss/lib/freebl/ecl/README.FP b/security/nss/lib/freebl/ecl/README.FP
new file mode 100644
index 000000000..858ac67b8
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/README.FP
@@ -0,0 +1,317 @@
+***** BEGIN LICENSE BLOCK *****
+Version: MPL 1.1/GPL 2.0/LGPL 2.1
+
+The contents of this file are subject to the Mozilla Public License Version
+1.1 (the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+http://www.mozilla.org/MPL/
+
+Software distributed under the License is distributed on an "AS IS" basis,
+WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+for the specific language governing rights and limitations under the
+License.
+
+The Original Code is the elliptic curve math library.
+
+The Initial Developer of the Original Code is Sun Microsystems, Inc.
+Portions created by Sun Microsystems, Inc. are Copyright (C) 2003
+Sun Microsystems, Inc. All Rights Reserved.
+
+Contributor(s):
+     Stephen Fung <fungstep@hotmail.com> and
+     Nils Gura <nils.gura@sun.com>, Sun Microsystems Laboratories
+
+Alternatively, the contents of this file may be used under the terms of
+either the GNU General Public License Version 2 or later (the "GPL"), or
+the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+in which case the provisions of the GPL or the LGPL are applicable instead
+of those above. If you wish to allow use of your version of this file only
+under the terms of either the GPL or the LGPL, and not to allow others to
+use your version of this file under the terms of the MPL, indicate your
+decision by deleting the provisions above and replace them with the notice
+and other provisions required by the GPL or the LGPL. If you do not delete
+the provisions above, a recipient may use your version of this file under
+the terms of any one of the MPL, the GPL or the LGPL.
+
+***** END LICENSE BLOCK *****
+
+The ECL exposes routines for constructing and converting curve
+parameters for internal use.
+
+The floating point code of the ECL provides algorithms for performing
+elliptic-curve point multiplications in floating point.
+
+The point multiplication algorithms perform calculations almost
+exclusively in floating point for efficiency, but have the same
+(integer) interface as the ECL for compatibility and to be easily
+wired-in to the ECL.  Please see README file (not this README.FP file)
+for information on wiring-in.
+
+This has been implemented for 3 curves as specified in [1]:
+	secp160r1
+	secp192r1
+	secp224r1
+
+RATIONALE
+=========
+Calculations are done in the  floating-point unit (FPU) since it
+gives better performance on the UltraSPARC III chips.  This is
+because the FPU allows for faster multiplication than the integer unit.
+The integer unit has a longer multiplication instruction latency, and
+does not allow full pipelining, as described in [2].
+Since performance is an important selling feature of Elliptic Curve
+Cryptography (ECC), this implementation was created.
+
+DATA REPRESENTATION
+===================
+Data is primarily represented in an array of double-precision floating
+point numbers.  Generally, each array element has 24 bits of precision
+(i.e. be x * 2^y, where x is an integer of at most 24 bits, y some positive
+integer), although the actual implementation details are more complicated.
+
+e.g. a way to store an 80 bit number might be:
+double p[4] = { 632613 * 2^0, 329841 * 2^24, 9961 * 2^48, 51 * 2^64 };
+See section ARITHMETIC OPERATIONS for more details.
+
+This implementation assumes that the floating-point unit rounding mode 
+is round-to-even as specified in IEEE 754
+(as opposed to chopping, rounding up, or rounding down).
+When subtracting integers represented as arrays of floating point 
+numbers, some coefficients (array elements) may become negative.
+This effectively gives an extra bit of precision that is important
+for correctness in some cases.
+
+The described number presentation limits the size of integers to 1023 bits.
+This is due to an upper bound of 1024 for the exponent of a double precision
+floating point number as specified in IEEE-754.
+However, this is acceptable for ECC key sizes of the foreseeable future.
+
+DATA STRUCTURES
+===============
+For more information on coordinate representations, see [3].
+
+ecfp_aff_pt
+-----------
+Affine EC Point Representation.  This is the basic 
+representation (x, y) of an elliptic curve point.
+
+ecfp_jac_pt
+-----------
+Jacobian EC Point.  This stores a point as (X, Y, Z), where
+the affine point corresponds to (X/Z^2, Y/Z^3).  This allows
+for fewer inversions in calculations.
+
+ecfp_chud_pt
+------------
+Chudnovsky Jacobian Point.  This representation stores a point
+as (X, Y, Z, Z^2, Z^3), the same as a Jacobian representation
+but also storing Z^2 and Z^3 for faster point additions.
+
+ecfp_jm_pt
+----------
+Modified Jacobian Point.  This representation stores a point
+as (X, Y, Z, a*Z^4), the same as Jacobian representation but
+also storing a*Z^4 for faster point doublings.  Here "a" represents
+the linear coefficient of x defining the curve.
+
+EC_group_fp
+-----------
+Stores information on the elliptic curve group for floating
+point calculations.  Contains curve specific information, as
+well as function pointers to routines, allowing different
+optimizations to be easily wired in.
+This should be made accessible from an ECGroup for the floating
+point implementations of point multiplication.
+
+POINT MULTIPLICATION ALGORITHMS
+===============================
+Elliptic Curve Point multiplication can be done at a higher level orthogonal
+to the implementation of point additions and point doublings.  There
+are a variety of algorithms that can be used.
+
+The following algorithms have been implemented:
+
+4-bit Window (Jacobian Coordinates)
+Double & Add (Jacobian & Affine Coordinates)
+5-bit Non-Adjacent Form (Modified Jacobian & Chudnovsky Jacobian)
+
+Currently, the fastest algorithm for multiplying a generic point
+is the 5-bit Non-Adjacent Form.
+
+See comments in ecp_fp.c for more details and references.
+
+SOURCE / HEADER FILES
+=====================
+
+ecp_fp.c
+--------
+Main source file for floating point calculations.  Contains routines
+to convert from floating-point to integer (mp_int format), point
+multiplication algorithms, and several other routines.
+
+ecp_fp.h
+--------
+Main header file.  Contains most constants used and function prototypes.
+
+ecp_fp[160, 192, 224].c
+-----------------------
+Source files for specific curves.  Contains curve specific code such
+as specialized reduction based on the field defining prime.  Contains
+code wiring-in different algorithms and optimizations.
+
+ecp_fpinc.c
+-----------
+Source file that is included by ecp_fp[160, 192, 224].c.  This generates
+functions with different preprocessor-defined names and loop iterations,
+allowing for static linking and strong compiler optimizations without
+code duplication.
+
+TESTING
+=======
+The test suite can be found in ecl/tests/ecp_fpt.  This tests and gets
+timings of the different algorithms for the curves implemented.
+
+ARITHMETIC OPERATIONS
+---------------------
+The primary operations in ECC over the prime fields are modular arithmetic:
+i.e. n * m (mod p) and n + m (mod p).  In this implementation, multiplication,
+addition, and reduction are implemented as separate functions.  This
+enables computation of formulae with fewer reductions, e.g.
+(a * b) + (c * d) (mod p) rather than:
+((a * b) (mod p)) + ((c * d) (mod p)) (mod p)
+This takes advantage of the fact that the double precision mantissa in
+floating point can hold numbers up to 2^53, i.e. it has some leeway to
+store larger intermediate numbers.  See further detail in the section on 
+FLOATING POINT PRECISION.
+
+Multiplication
+--------------
+Multiplication is implemented in a standard polynomial multiplication
+fashion.  The terms in opposite factors are pairwise multiplied and
+added together appropriately.  Note that the result requires twice 
+as many doubles for storage, as the bit size of the product is twice
+that of the multiplicands.
+e.g. suppose we have double n[3], m[3], r[6], and want to calculate r = n * m
+r[0] = n[0] * m[0]
+r[1] = n[0] * m[1] + n[1] * m[0]
+r[2] = n[0] * m[2] + n[1] * m[1] + n[2] * m[0]
+r[3] = n[1] * m[2] + n[2] * m[1]
+r[4] = n[2] * m[2]
+r[5] = 0 (This is used later to hold spillover from r[4], see tidying in
+the reduction section.)
+
+Addition
+--------
+Addition is done term by term.  The only caveat is to be careful with
+the number of terms that need to be added.  When adding results of
+multiplication (before reduction), twice as many terms need to be added
+together.  This is done in the addLong function.
+e.g. for double n[4], m[4], r[4]:  r = n + m
+r[0] = n[0] + m[0]
+r[1] = n[1] + m[1]
+r[2] = n[2] + m[2]
+r[3] = n[3] + m[3]
+
+Modular Reduction
+-----------------
+For the curves implemented, reduction is possible by fast reduction
+for Generalized Mersenne Primes, as described in [4].  For the 
+floating point implementation, a significant step of the reduction 
+process is tidying:  that is, the propagation of carry bits from 
+low-order to high-order coefficients to reduce the precision of each 
+coefficient to 24 bits.
+This is done by adding and then subtracting
+ecfp_alpha, a large floating point number that induces precision roundoff.
+See [5] for more details on tidying using floating point arithmetic.
+e.g. suppose we have r = 961838 * 2^24 + 519308
+then if we set alpha = 3 * 2^51 * 2^24,
+FP(FP(r + alpha) - alpha) = 961838 * 2^24, because the precision for
+the intermediate results is limited.  Our values of alpha are chosen
+to truncate to a desired number of bits.
+
+The reduction is then performed as in [4], adding multiples of prime p.
+e.g. suppose we are working over a polynomial of 10^2.  Take the number
+2 * 10^8 + 11 * 10^6 + 53 * 10^4 + 23 * 10^2 + 95, stored in 5 elements
+for coefficients of 10^0, 10^2, ..., 10^8.
+We wish to reduce modulo p = 10^6 - 2 * 10^4 + 1
+We can subtract off from the higher terms
+(2 * 10^8 + 11 * 10^6 + 53 * 10^4 + 23 * 10^2 + 95) - (2 * 10^2) * (10^6 - 2 * 10^4 + 1)
+= 15 * 10^6 + 53 * 10^4 + 21 * 10^2 + 95
+= 15 * 10^6 + 53 * 10^4 + 21 * 10^2 + 95 - (15) * (10^6 - 2 * 10^4 + 1)
+= 83 * 10^4 + 21 * 10^2 + 80
+
+Integrated Example
+------------------
+This example shows how multiplication, addition, tidying, and reduction
+work together in our modular arithmetic.  This is simplified from the
+actual implementation, but should convey the main concepts.  
+Working over polynomials of 10^2 and with p as in the prior example,
+Let a = 16 * 10^4 + 53 * 10^2 + 33
+let b = 81 * 10^4 + 31 * 10^2 + 49
+let c = 22 * 10^4 +  0 * 10^2 + 95
+And suppose we want to compute a * b + c mod p.  
+We first do a multiplication:  then a * b =
+0 * 10^10 + 1296 * 10^8 + 4789 * 10^6 + 5100 * 10^4 + 3620 * 10^2 + 1617
+Then we add in c before doing reduction, allowing us to get a * b + c =
+0 * 10^10 + 1296 * 10^8 + 4789 * 10^6 + 5122 * 10^4 + 3620 * 10^2 + 1712
+We then perform a tidying on the upper half of the terms:
+0 * 10^10 + 1296 * 10^8 + 4789 * 10^6
+0 * 10^10 + (1296 + 47) * 10^8 + 89 * 10^6
+0 * 10^10 + 1343 * 10^8 + 89 * 10^6
+13 * 10^10 + 43 * 10^8 + 89 * 10^6
+which then gives us
+13 * 10^10 + 43 * 10^8 + 89 * 10^6 + 5122 * 10^4 + 3620 * 10^2 + 1712
+we then reduce modulo p similar to the reduction example above:
+13 * 10^10 + 43 * 10^8 + 89 * 10^6 + 5122 * 10^4 + 3620 * 10^2 + 1712 
+	- (13 * 10^4 * p)
+69 * 10^8 + 89 * 10^6 + 5109 * 10^4 + 3620 * 10^2 + 1712
+	- (69 * 10^2 * p)
+227 * 10^6 + 5109 * 10^4 + 3551 * 10^2 + 1712
+	- (227 * p)
+5563 * 10^4 + 3551 * 10^2 + 1485
+finally, we do tidying to get the precision of each term down to 2 digits
+5563 * 10^4 + 3565 * 10^2 + 85
+5598 * 10^4 + 65 * 10^2 + 85
+55 * 10^6 + 98 * 10^4 + 65 * 10^2 + 85
+and perform another reduction step
+	- (55 * p)
+208 * 10^4 + 65 * 10^2 + 30
+There may be a small number of further reductions that could be done at
+this point, but this is typically done only at the end when converting
+from floating point  to an integer unit representation.
+
+FLOATING POINT PRECISION
+========================
+This section discusses the precision of floating point numbers, which
+one writing new formulae or a larger bit size should be aware of.  The
+danger is that an intermediate result may be required to store a
+mantissa larger than 53 bits, which would cause error by rounding off.
+
+Note that the tidying with IEEE rounding mode set to round-to-even
+allows negative numbers, which actually reduces the size of the double
+mantissa to 23 bits - since it rounds the mantissa to the nearest number 
+modulo 2^24, i.e. roughly between -2^23 and 2^23.
+A multiplication increases the bit size to 2^46 * n, where n is the number
+of doubles to store a number.  For the 224 bit curve, n = 10.  This gives 
+doubles of size 5 * 2^47.  Adding two of these doubles gives a result
+of size 5 * 2^48, which is less than 2^53, so this is safe.  
+Similar analysis can be done for other formulae to ensure numbers remain
+below 2^53.
+
+Extended-Precision Floating Point
+---------------------------------
+Some platforms, notably x86 Linux, may use an extended-precision floating
+point representation that has a 64-bit mantissa.  [6]  Although this
+implementation is optimized for the IEEE standard 53-bit mantissa,
+it should work with the 64-bit mantissa.  A check is done at run-time
+in the function ec_set_fp_precision that detects if the precision is
+greater than 53 bits, and runs code for the 64-bit mantissa accordingly.
+
+REFERENCES
+==========
+[1] Certicom Corp., "SEC 2: Recommended Elliptic Curve Domain Parameters", Sept. 20, 2000.  www.secg.org
+[2] Sun Microsystems Inc.  UltraSPARC III Cu User's Manual, Version 1.0, May 2002, Table 4.4
+[3] H. Cohen, A. Miyaji, and T. Ono, "Efficient Elliptic Curve Exponentiation Using Mixed Coordinates".
+[4] Henk C.A. van Tilborg, Generalized Mersenne Prime.  http://www.win.tue.nl/~henkvt/GenMersenne.pdf
+[5] Daniel J. Bernstein, Floating-Point Arithmetic and Message Authentication, Journal of Cryptology, March 2000, Section 2.
+[6] Daniel J. Bernstein, Floating-Point Arithmetic and Message Authentication, Journal of Cryptology, March 2000, Section 2 Notes.
diff --git a/security/nss/lib/freebl/ecl/ec2.h b/security/nss/lib/freebl/ecl/ec2.h
new file mode 100644
index 000000000..2ca8418b3
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ec2.h
@@ -0,0 +1,126 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library for binary polynomial field curves.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#ifndef __ec2_h_
+#define __ec2_h_
+
+#include "ecl-priv.h"
+
+/* Checks if point P(px, py) is at infinity.  Uses affine coordinates. */
+mp_err ec_GF2m_pt_is_inf_aff(const mp_int *px, const mp_int *py);
+
+/* Sets P(px, py) to be the point at infinity.  Uses affine coordinates. */
+mp_err ec_GF2m_pt_set_inf_aff(mp_int *px, mp_int *py);
+
+/* Computes R = P + Q where R is (rx, ry), P is (px, py) and Q is (qx,
+ * qy). Uses affine coordinates. */
+mp_err ec_GF2m_pt_add_aff(const mp_int *px, const mp_int *py,
+						  const mp_int *qx, const mp_int *qy, mp_int *rx,
+						  mp_int *ry, const ECGroup *group);
+
+/* Computes R = P - Q.  Uses affine coordinates. */
+mp_err ec_GF2m_pt_sub_aff(const mp_int *px, const mp_int *py,
+						  const mp_int *qx, const mp_int *qy, mp_int *rx,
+						  mp_int *ry, const ECGroup *group);
+
+/* Computes R = 2P.  Uses affine coordinates. */
+mp_err ec_GF2m_pt_dbl_aff(const mp_int *px, const mp_int *py, mp_int *rx,
+						  mp_int *ry, const ECGroup *group);
+
+/* Validates a point on a GF2m curve. */
+mp_err ec_GF2m_validate_point(const mp_int *px, const mp_int *py, const ECGroup *group);
+
+/* by default, this routine is unused and thus doesn't need to be compiled */
+#ifdef ECL_ENABLE_GF2M_PT_MUL_AFF
+/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
+ * a, b and p are the elliptic curve coefficients and the irreducible that 
+ * determines the field GF2m.  Uses affine coordinates. */
+mp_err ec_GF2m_pt_mul_aff(const mp_int *n, const mp_int *px,
+						  const mp_int *py, mp_int *rx, mp_int *ry,
+						  const ECGroup *group);
+#endif
+
+/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
+ * a, b and p are the elliptic curve coefficients and the irreducible that 
+ * determines the field GF2m.  Uses Montgomery projective coordinates. */
+mp_err ec_GF2m_pt_mul_mont(const mp_int *n, const mp_int *px,
+						   const mp_int *py, mp_int *rx, mp_int *ry,
+						   const ECGroup *group);
+
+#ifdef ECL_ENABLE_GF2M_PROJ
+/* Converts a point P(px, py) from affine coordinates to projective
+ * coordinates R(rx, ry, rz). */
+mp_err ec_GF2m_pt_aff2proj(const mp_int *px, const mp_int *py, mp_int *rx,
+						   mp_int *ry, mp_int *rz, const ECGroup *group);
+
+/* Converts a point P(px, py, pz) from projective coordinates to affine
+ * coordinates R(rx, ry). */
+mp_err ec_GF2m_pt_proj2aff(const mp_int *px, const mp_int *py,
+						   const mp_int *pz, mp_int *rx, mp_int *ry,
+						   const ECGroup *group);
+
+/* Checks if point P(px, py, pz) is at infinity.  Uses projective
+ * coordinates. */
+mp_err ec_GF2m_pt_is_inf_proj(const mp_int *px, const mp_int *py,
+							  const mp_int *pz);
+
+/* Sets P(px, py, pz) to be the point at infinity.  Uses projective
+ * coordinates. */
+mp_err ec_GF2m_pt_set_inf_proj(mp_int *px, mp_int *py, mp_int *pz);
+
+/* Computes R = P + Q where R is (rx, ry, rz), P is (px, py, pz) and Q is
+ * (qx, qy, qz).  Uses projective coordinates. */
+mp_err ec_GF2m_pt_add_proj(const mp_int *px, const mp_int *py,
+						   const mp_int *pz, const mp_int *qx,
+						   const mp_int *qy, mp_int *rx, mp_int *ry,
+						   mp_int *rz, const ECGroup *group);
+
+/* Computes R = 2P.  Uses projective coordinates. */
+mp_err ec_GF2m_pt_dbl_proj(const mp_int *px, const mp_int *py,
+						   const mp_int *pz, mp_int *rx, mp_int *ry,
+						   mp_int *rz, const ECGroup *group);
+
+/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
+ * a, b and p are the elliptic curve coefficients and the prime that
+ * determines the field GF2m.  Uses projective coordinates. */
+mp_err ec_GF2m_pt_mul_proj(const mp_int *n, const mp_int *px,
+						   const mp_int *py, mp_int *rx, mp_int *ry,
+						   const ECGroup *group);
+#endif
+
+#endif							/* __ec2_h_ */
diff --git a/security/nss/lib/freebl/ecl/ec2_163.c b/security/nss/lib/freebl/ecl/ec2_163.c
new file mode 100644
index 000000000..641632146
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ec2_163.c
@@ -0,0 +1,259 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library for binary polynomial field curves.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Sheueling Chang-Shantz <sheueling.chang@sun.com>,
+ *   Stephen Fung <fungstep@hotmail.com>, and
+ *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "ec2.h"
+#include "mp_gf2m.h"
+#include "mp_gf2m-priv.h"
+#include "mpi.h"
+#include "mpi-priv.h"
+#include <stdlib.h>
+
+/* Fast reduction for polynomials over a 163-bit curve. Assumes reduction
+ * polynomial with terms {163, 7, 6, 3, 0}. */
+mp_err
+ec_GF2m_163_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	mp_digit *u, z;
+
+	if (a != r) {
+		MP_CHECKOK(mp_copy(a, r));
+	}
+#ifdef ECL_SIXTY_FOUR_BIT
+	if (MP_USED(r) < 6) {
+		MP_CHECKOK(s_mp_pad(r, 6));
+	}
+	u = MP_DIGITS(r);
+	MP_USED(r) = 6;
+
+	/* u[5] only has 6 significant bits */
+	z = u[5];
+	u[2] ^= (z << 36) ^ (z << 35) ^ (z << 32) ^ (z << 29);
+	z = u[4];
+	u[2] ^= (z >> 28) ^ (z >> 29) ^ (z >> 32) ^ (z >> 35);
+	u[1] ^= (z << 36) ^ (z << 35) ^ (z << 32) ^ (z << 29);
+	z = u[3];
+	u[1] ^= (z >> 28) ^ (z >> 29) ^ (z >> 32) ^ (z >> 35);
+	u[0] ^= (z << 36) ^ (z << 35) ^ (z << 32) ^ (z << 29);
+	z = u[2] >> 35;				/* z only has 29 significant bits */
+	u[0] ^= (z << 7) ^ (z << 6) ^ (z << 3) ^ z;
+	/* clear bits above 163 */
+	u[5] = u[4] = u[3] = 0;
+	u[2] ^= z << 35;
+#else
+	if (MP_USED(r) < 11) {
+		MP_CHECKOK(s_mp_pad(r, 11));
+	}
+	u = MP_DIGITS(r);
+	MP_USED(r) = 11;
+
+	/* u[11] only has 6 significant bits */
+	z = u[10];
+	u[5] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3);
+	u[4] ^= (z << 29);
+	z = u[9];
+	u[5] ^= (z >> 28) ^ (z >> 29);
+	u[4] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3);
+	u[3] ^= (z << 29);
+	z = u[8];
+	u[4] ^= (z >> 28) ^ (z >> 29);
+	u[3] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3);
+	u[2] ^= (z << 29);
+	z = u[7];
+	u[3] ^= (z >> 28) ^ (z >> 29);
+	u[2] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3);
+	u[1] ^= (z << 29);
+	z = u[6];
+	u[2] ^= (z >> 28) ^ (z >> 29);
+	u[1] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3);
+	u[0] ^= (z << 29);
+	z = u[5] >> 3;				/* z only has 29 significant bits */
+	u[1] ^= (z >> 25) ^ (z >> 26);
+	u[0] ^= (z << 7) ^ (z << 6) ^ (z << 3) ^ z;
+	/* clear bits above 163 */
+	u[11] = u[10] = u[9] = u[8] = u[7] = u[6] = 0;
+	u[5] ^= z << 3;
+#endif
+	s_mp_clamp(r);
+
+  CLEANUP:
+	return res;
+}
+
+/* Fast squaring for polynomials over a 163-bit curve. Assumes reduction
+ * polynomial with terms {163, 7, 6, 3, 0}. */
+mp_err
+ec_GF2m_163_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	mp_digit *u, *v;
+
+	v = MP_DIGITS(a);
+
+#ifdef ECL_SIXTY_FOUR_BIT
+	if (MP_USED(a) < 3) {
+		return mp_bsqrmod(a, meth->irr_arr, r);
+	}
+	if (MP_USED(r) < 6) {
+		MP_CHECKOK(s_mp_pad(r, 6));
+	}
+	MP_USED(r) = 6;
+#else
+	if (MP_USED(a) < 6) {
+		return mp_bsqrmod(a, meth->irr_arr, r);
+	}
+	if (MP_USED(r) < 12) {
+		MP_CHECKOK(s_mp_pad(r, 12));
+	}
+	MP_USED(r) = 12;
+#endif
+	u = MP_DIGITS(r);
+
+#ifdef ECL_THIRTY_TWO_BIT
+	u[11] = gf2m_SQR1(v[5]);
+	u[10] = gf2m_SQR0(v[5]);
+	u[9] = gf2m_SQR1(v[4]);
+	u[8] = gf2m_SQR0(v[4]);
+	u[7] = gf2m_SQR1(v[3]);
+	u[6] = gf2m_SQR0(v[3]);
+#endif
+	u[5] = gf2m_SQR1(v[2]);
+	u[4] = gf2m_SQR0(v[2]);
+	u[3] = gf2m_SQR1(v[1]);
+	u[2] = gf2m_SQR0(v[1]);
+	u[1] = gf2m_SQR1(v[0]);
+	u[0] = gf2m_SQR0(v[0]);
+	return ec_GF2m_163_mod(r, r, meth);
+
+  CLEANUP:
+	return res;
+}
+
+/* Fast multiplication for polynomials over a 163-bit curve. Assumes
+ * reduction polynomial with terms {163, 7, 6, 3, 0}. */
+mp_err
+ec_GF2m_163_mul(const mp_int *a, const mp_int *b, mp_int *r,
+				const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	mp_digit a2 = 0, a1 = 0, a0, b2 = 0, b1 = 0, b0;
+
+#ifdef ECL_THIRTY_TWO_BIT
+	mp_digit a5 = 0, a4 = 0, a3 = 0, b5 = 0, b4 = 0, b3 = 0;
+	mp_digit rm[6];
+#endif
+
+	if (a == b) {
+		return ec_GF2m_163_sqr(a, r, meth);
+	} else {
+		switch (MP_USED(a)) {
+#ifdef ECL_THIRTY_TWO_BIT
+		case 6:
+			a5 = MP_DIGIT(a, 5);
+		case 5:
+			a4 = MP_DIGIT(a, 4);
+		case 4:
+			a3 = MP_DIGIT(a, 3);
+#endif
+		case 3:
+			a2 = MP_DIGIT(a, 2);
+		case 2:
+			a1 = MP_DIGIT(a, 1);
+		default:
+			a0 = MP_DIGIT(a, 0);
+		}
+		switch (MP_USED(b)) {
+#ifdef ECL_THIRTY_TWO_BIT
+		case 6:
+			b5 = MP_DIGIT(b, 5);
+		case 5:
+			b4 = MP_DIGIT(b, 4);
+		case 4:
+			b3 = MP_DIGIT(b, 3);
+#endif
+		case 3:
+			b2 = MP_DIGIT(b, 2);
+		case 2:
+			b1 = MP_DIGIT(b, 1);
+		default:
+			b0 = MP_DIGIT(b, 0);
+		}
+#ifdef ECL_SIXTY_FOUR_BIT
+		MP_CHECKOK(s_mp_pad(r, 6));
+		s_bmul_3x3(MP_DIGITS(r), a2, a1, a0, b2, b1, b0);
+		MP_USED(r) = 6;
+		s_mp_clamp(r);
+#else
+		MP_CHECKOK(s_mp_pad(r, 12));
+		s_bmul_3x3(MP_DIGITS(r) + 6, a5, a4, a3, b5, b4, b3);
+		s_bmul_3x3(MP_DIGITS(r), a2, a1, a0, b2, b1, b0);
+		s_bmul_3x3(rm, a5 ^ a2, a4 ^ a1, a3 ^ a0, b5 ^ b2, b4 ^ b1,
+				   b3 ^ b0);
+		rm[5] ^= MP_DIGIT(r, 5) ^ MP_DIGIT(r, 11);
+		rm[4] ^= MP_DIGIT(r, 4) ^ MP_DIGIT(r, 10);
+		rm[3] ^= MP_DIGIT(r, 3) ^ MP_DIGIT(r, 9);
+		rm[2] ^= MP_DIGIT(r, 2) ^ MP_DIGIT(r, 8);
+		rm[1] ^= MP_DIGIT(r, 1) ^ MP_DIGIT(r, 7);
+		rm[0] ^= MP_DIGIT(r, 0) ^ MP_DIGIT(r, 6);
+		MP_DIGIT(r, 8) ^= rm[5];
+		MP_DIGIT(r, 7) ^= rm[4];
+		MP_DIGIT(r, 6) ^= rm[3];
+		MP_DIGIT(r, 5) ^= rm[2];
+		MP_DIGIT(r, 4) ^= rm[1];
+		MP_DIGIT(r, 3) ^= rm[0];
+		MP_USED(r) = 12;
+		s_mp_clamp(r);
+#endif
+		return ec_GF2m_163_mod(r, r, meth);
+	}
+
+  CLEANUP:
+	return res;
+}
+
+/* Wire in fast field arithmetic for 163-bit curves. */
+mp_err
+ec_group_set_gf2m163(ECGroup *group, ECCurveName name)
+{
+	group->meth->field_mod = &ec_GF2m_163_mod;
+	group->meth->field_mul = &ec_GF2m_163_mul;
+	group->meth->field_sqr = &ec_GF2m_163_sqr;
+	return MP_OKAY;
+}
diff --git a/security/nss/lib/freebl/ecl/ec2_193.c b/security/nss/lib/freebl/ecl/ec2_193.c
new file mode 100644
index 000000000..1a1e8189e
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ec2_193.c
@@ -0,0 +1,276 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library for binary polynomial field curves.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Sheueling Chang-Shantz <sheueling.chang@sun.com>,
+ *   Stephen Fung <fungstep@hotmail.com>, and
+ *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "ec2.h"
+#include "mp_gf2m.h"
+#include "mp_gf2m-priv.h"
+#include "mpi.h"
+#include "mpi-priv.h"
+#include <stdlib.h>
+
+/* Fast reduction for polynomials over a 193-bit curve. Assumes reduction
+ * polynomial with terms {193, 15, 0}. */
+mp_err
+ec_GF2m_193_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	mp_digit *u, z;
+
+	if (a != r) {
+		MP_CHECKOK(mp_copy(a, r));
+	}
+#ifdef ECL_SIXTY_FOUR_BIT
+	if (MP_USED(r) < 7) {
+		MP_CHECKOK(s_mp_pad(r, 7));
+	}
+	u = MP_DIGITS(r);
+	MP_USED(r) = 7;
+
+	/* u[6] only has 2 significant bits */
+	z = u[6];
+	u[3] ^= (z << 14) ^ (z >> 1);
+	u[2] ^= (z << 63);
+	z = u[5];
+	u[3] ^= (z >> 50);
+	u[2] ^= (z << 14) ^ (z >> 1);
+	u[1] ^= (z << 63);
+	z = u[4];
+	u[2] ^= (z >> 50);
+	u[1] ^= (z << 14) ^ (z >> 1);
+	u[0] ^= (z << 63);
+	z = u[3] >> 1;				/* z only has 63 significant bits */
+	u[1] ^= (z >> 49);
+	u[0] ^= (z << 15) ^ z;
+	/* clear bits above 193 */
+	u[6] = u[5] = u[4] = 0;
+	u[3] ^= z << 1;
+#else
+	if (MP_USED(r) < 13) {
+		MP_CHECKOK(s_mp_pad(r, 13));
+	}
+	u = MP_DIGITS(r);
+	MP_USED(r) = 13;
+
+	/* u[12] only has 2 significant bits */
+	z = u[12];
+	u[6] ^= (z << 14) ^ (z >> 1);
+	u[5] ^= (z << 31);
+	z = u[11];
+	u[6] ^= (z >> 18);
+	u[5] ^= (z << 14) ^ (z >> 1);
+	u[4] ^= (z << 31);
+	z = u[10];
+	u[5] ^= (z >> 18);
+	u[4] ^= (z << 14) ^ (z >> 1);
+	u[3] ^= (z << 31);
+	z = u[9];
+	u[4] ^= (z >> 18);
+	u[3] ^= (z << 14) ^ (z >> 1);
+	u[2] ^= (z << 31);
+	z = u[8];
+	u[3] ^= (z >> 18);
+	u[2] ^= (z << 14) ^ (z >> 1);
+	u[1] ^= (z << 31);
+	z = u[7];
+	u[2] ^= (z >> 18);
+	u[1] ^= (z << 14) ^ (z >> 1);
+	u[0] ^= (z << 31);
+	z = u[6] >> 1;				/* z only has 31 significant bits */
+	u[1] ^= (z >> 17);
+	u[0] ^= (z << 15) ^ z;
+	/* clear bits above 193 */
+	u[12] = u[11] = u[10] = u[9] = u[8] = u[7] = 0;
+	u[6] ^= z << 1;
+#endif
+	s_mp_clamp(r);
+
+  CLEANUP:
+	return res;
+}
+
+/* Fast squaring for polynomials over a 193-bit curve. Assumes reduction
+ * polynomial with terms {193, 15, 0}. */
+mp_err
+ec_GF2m_193_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	mp_digit *u, *v;
+
+	v = MP_DIGITS(a);
+
+#ifdef ECL_SIXTY_FOUR_BIT
+	if (MP_USED(a) < 4) {
+		return mp_bsqrmod(a, meth->irr_arr, r);
+	}
+	if (MP_USED(r) < 7) {
+		MP_CHECKOK(s_mp_pad(r, 7));
+	}
+	MP_USED(r) = 7;
+#else
+	if (MP_USED(a) < 7) {
+		return mp_bsqrmod(a, meth->irr_arr, r);
+	}
+	if (MP_USED(r) < 13) {
+		MP_CHECKOK(s_mp_pad(r, 13));
+	}
+	MP_USED(r) = 13;
+#endif
+	u = MP_DIGITS(r);
+
+#ifdef ECL_THIRTY_TWO_BIT
+	u[12] = gf2m_SQR0(v[6]);
+	u[11] = gf2m_SQR1(v[5]);
+	u[10] = gf2m_SQR0(v[5]);
+	u[9] = gf2m_SQR1(v[4]);
+	u[8] = gf2m_SQR0(v[4]);
+	u[7] = gf2m_SQR1(v[3]);
+#endif
+	u[6] = gf2m_SQR0(v[3]);
+	u[5] = gf2m_SQR1(v[2]);
+	u[4] = gf2m_SQR0(v[2]);
+	u[3] = gf2m_SQR1(v[1]);
+	u[2] = gf2m_SQR0(v[1]);
+	u[1] = gf2m_SQR1(v[0]);
+	u[0] = gf2m_SQR0(v[0]);
+	return ec_GF2m_193_mod(r, r, meth);
+
+  CLEANUP:
+	return res;
+}
+
+/* Fast multiplication for polynomials over a 193-bit curve. Assumes
+ * reduction polynomial with terms {193, 15, 0}. */
+mp_err
+ec_GF2m_193_mul(const mp_int *a, const mp_int *b, mp_int *r,
+				const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	mp_digit a3 = 0, a2 = 0, a1 = 0, a0, b3 = 0, b2 = 0, b1 = 0, b0;
+
+#ifdef ECL_THIRTY_TWO_BIT
+	mp_digit a6 = 0, a5 = 0, a4 = 0, b6 = 0, b5 = 0, b4 = 0;
+	mp_digit rm[8];
+#endif
+
+	if (a == b) {
+		return ec_GF2m_193_sqr(a, r, meth);
+	} else {
+		switch (MP_USED(a)) {
+#ifdef ECL_THIRTY_TWO_BIT
+		case 7:
+			a6 = MP_DIGIT(a, 6);
+		case 6:
+			a5 = MP_DIGIT(a, 5);
+		case 5:
+			a4 = MP_DIGIT(a, 4);
+#endif
+		case 4:
+			a3 = MP_DIGIT(a, 3);
+		case 3:
+			a2 = MP_DIGIT(a, 2);
+		case 2:
+			a1 = MP_DIGIT(a, 1);
+		default:
+			a0 = MP_DIGIT(a, 0);
+		}
+		switch (MP_USED(b)) {
+#ifdef ECL_THIRTY_TWO_BIT
+		case 7:
+			b6 = MP_DIGIT(b, 6);
+		case 6:
+			b5 = MP_DIGIT(b, 5);
+		case 5:
+			b4 = MP_DIGIT(b, 4);
+#endif
+		case 4:
+			b3 = MP_DIGIT(b, 3);
+		case 3:
+			b2 = MP_DIGIT(b, 2);
+		case 2:
+			b1 = MP_DIGIT(b, 1);
+		default:
+			b0 = MP_DIGIT(b, 0);
+		}
+#ifdef ECL_SIXTY_FOUR_BIT
+		MP_CHECKOK(s_mp_pad(r, 8));
+		s_bmul_4x4(MP_DIGITS(r), a3, a2, a1, a0, b3, b2, b1, b0);
+		MP_USED(r) = 8;
+		s_mp_clamp(r);
+#else
+		MP_CHECKOK(s_mp_pad(r, 14));
+		s_bmul_3x3(MP_DIGITS(r) + 8, a6, a5, a4, b6, b5, b4);
+		s_bmul_4x4(MP_DIGITS(r), a3, a2, a1, a0, b3, b2, b1, b0);
+		s_bmul_4x4(rm, a3, a6 ^ a2, a5 ^ a1, a4 ^ a0, b3, b6 ^ b2, b5 ^ b1,
+				   b4 ^ b0);
+		rm[7] ^= MP_DIGIT(r, 7);
+		rm[6] ^= MP_DIGIT(r, 6);
+		rm[5] ^= MP_DIGIT(r, 5) ^ MP_DIGIT(r, 13);
+		rm[4] ^= MP_DIGIT(r, 4) ^ MP_DIGIT(r, 12);
+		rm[3] ^= MP_DIGIT(r, 3) ^ MP_DIGIT(r, 11);
+		rm[2] ^= MP_DIGIT(r, 2) ^ MP_DIGIT(r, 10);
+		rm[1] ^= MP_DIGIT(r, 1) ^ MP_DIGIT(r, 9);
+		rm[0] ^= MP_DIGIT(r, 0) ^ MP_DIGIT(r, 8);
+		MP_DIGIT(r, 11) ^= rm[7];
+		MP_DIGIT(r, 10) ^= rm[6];
+		MP_DIGIT(r, 9) ^= rm[5];
+		MP_DIGIT(r, 8) ^= rm[4];
+		MP_DIGIT(r, 7) ^= rm[3];
+		MP_DIGIT(r, 6) ^= rm[2];
+		MP_DIGIT(r, 5) ^= rm[1];
+		MP_DIGIT(r, 4) ^= rm[0];
+		MP_USED(r) = 14;
+		s_mp_clamp(r);
+#endif
+		return ec_GF2m_193_mod(r, r, meth);
+	}
+
+  CLEANUP:
+	return res;
+}
+
+/* Wire in fast field arithmetic for 193-bit curves. */
+mp_err
+ec_group_set_gf2m193(ECGroup *group, ECCurveName name)
+{
+	group->meth->field_mod = &ec_GF2m_193_mod;
+	group->meth->field_mul = &ec_GF2m_193_mul;
+	group->meth->field_sqr = &ec_GF2m_193_sqr;
+	return MP_OKAY;
+}
diff --git a/security/nss/lib/freebl/ecl/ec2_233.c b/security/nss/lib/freebl/ecl/ec2_233.c
new file mode 100644
index 000000000..3ecea93ff
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ec2_233.c
@@ -0,0 +1,299 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library for binary polynomial field curves.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Sheueling Chang-Shantz <sheueling.chang@sun.com>,
+ *   Stephen Fung <fungstep@hotmail.com>, and
+ *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "ec2.h"
+#include "mp_gf2m.h"
+#include "mp_gf2m-priv.h"
+#include "mpi.h"
+#include "mpi-priv.h"
+#include <stdlib.h>
+
+/* Fast reduction for polynomials over a 233-bit curve. Assumes reduction
+ * polynomial with terms {233, 74, 0}. */
+mp_err
+ec_GF2m_233_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	mp_digit *u, z;
+
+	if (a != r) {
+		MP_CHECKOK(mp_copy(a, r));
+	}
+#ifdef ECL_SIXTY_FOUR_BIT
+	if (MP_USED(r) < 8) {
+		MP_CHECKOK(s_mp_pad(r, 8));
+	}
+	u = MP_DIGITS(r);
+	MP_USED(r) = 8;
+
+	/* u[7] only has 18 significant bits */
+	z = u[7];
+	u[4] ^= (z << 33) ^ (z >> 41);
+	u[3] ^= (z << 23);
+	z = u[6];
+	u[4] ^= (z >> 31);
+	u[3] ^= (z << 33) ^ (z >> 41);
+	u[2] ^= (z << 23);
+	z = u[5];
+	u[3] ^= (z >> 31);
+	u[2] ^= (z << 33) ^ (z >> 41);
+	u[1] ^= (z << 23);
+	z = u[4];
+	u[2] ^= (z >> 31);
+	u[1] ^= (z << 33) ^ (z >> 41);
+	u[0] ^= (z << 23);
+	z = u[3] >> 41;				/* z only has 23 significant bits */
+	u[1] ^= (z << 10);
+	u[0] ^= z;
+	/* clear bits above 233 */
+	u[7] = u[6] = u[5] = u[4] = 0;
+	u[3] ^= z << 41;
+#else
+	if (MP_USED(r) < 15) {
+		MP_CHECKOK(s_mp_pad(r, 15));
+	}
+	u = MP_DIGITS(r);
+	MP_USED(r) = 15;
+
+	/* u[14] only has 18 significant bits */
+	z = u[14];
+	u[9] ^= (z << 1);
+	u[7] ^= (z >> 9);
+	u[6] ^= (z << 23);
+	z = u[13];
+	u[9] ^= (z >> 31);
+	u[8] ^= (z << 1);
+	u[6] ^= (z >> 9);
+	u[5] ^= (z << 23);
+	z = u[12];
+	u[8] ^= (z >> 31);
+	u[7] ^= (z << 1);
+	u[5] ^= (z >> 9);
+	u[4] ^= (z << 23);
+	z = u[11];
+	u[7] ^= (z >> 31);
+	u[6] ^= (z << 1);
+	u[4] ^= (z >> 9);
+	u[3] ^= (z << 23);
+	z = u[10];
+	u[6] ^= (z >> 31);
+	u[5] ^= (z << 1);
+	u[3] ^= (z >> 9);
+	u[2] ^= (z << 23);
+	z = u[9];
+	u[5] ^= (z >> 31);
+	u[4] ^= (z << 1);
+	u[2] ^= (z >> 9);
+	u[1] ^= (z << 23);
+	z = u[8];
+	u[4] ^= (z >> 31);
+	u[3] ^= (z << 1);
+	u[1] ^= (z >> 9);
+	u[0] ^= (z << 23);
+	z = u[7] >> 9;				/* z only has 23 significant bits */
+	u[3] ^= (z >> 22);
+	u[2] ^= (z << 10);
+	u[0] ^= z;
+	/* clear bits above 233 */
+	u[14] = u[13] = u[12] = u[11] = u[10] = u[9] = u[8] = 0;
+	u[7] ^= z << 9;
+#endif
+	s_mp_clamp(r);
+
+  CLEANUP:
+	return res;
+}
+
+/* Fast squaring for polynomials over a 233-bit curve. Assumes reduction
+ * polynomial with terms {233, 74, 0}. */
+mp_err
+ec_GF2m_233_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	mp_digit *u, *v;
+
+	v = MP_DIGITS(a);
+
+#ifdef ECL_SIXTY_FOUR_BIT
+	if (MP_USED(a) < 4) {
+		return mp_bsqrmod(a, meth->irr_arr, r);
+	}
+	if (MP_USED(r) < 8) {
+		MP_CHECKOK(s_mp_pad(r, 8));
+	}
+	MP_USED(r) = 8;
+#else
+	if (MP_USED(a) < 8) {
+		return mp_bsqrmod(a, meth->irr_arr, r);
+	}
+	if (MP_USED(r) < 15) {
+		MP_CHECKOK(s_mp_pad(r, 15));
+	}
+	MP_USED(r) = 15;
+#endif
+	u = MP_DIGITS(r);
+
+#ifdef ECL_THIRTY_TWO_BIT
+	u[14] = gf2m_SQR0(v[7]);
+	u[13] = gf2m_SQR1(v[6]);
+	u[12] = gf2m_SQR0(v[6]);
+	u[11] = gf2m_SQR1(v[5]);
+	u[10] = gf2m_SQR0(v[5]);
+	u[9] = gf2m_SQR1(v[4]);
+	u[8] = gf2m_SQR0(v[4]);
+#endif
+	u[7] = gf2m_SQR1(v[3]);
+	u[6] = gf2m_SQR0(v[3]);
+	u[5] = gf2m_SQR1(v[2]);
+	u[4] = gf2m_SQR0(v[2]);
+	u[3] = gf2m_SQR1(v[1]);
+	u[2] = gf2m_SQR0(v[1]);
+	u[1] = gf2m_SQR1(v[0]);
+	u[0] = gf2m_SQR0(v[0]);
+	return ec_GF2m_233_mod(r, r, meth);
+
+  CLEANUP:
+	return res;
+}
+
+/* Fast multiplication for polynomials over a 233-bit curve. Assumes
+ * reduction polynomial with terms {233, 74, 0}. */
+mp_err
+ec_GF2m_233_mul(const mp_int *a, const mp_int *b, mp_int *r,
+				const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	mp_digit a3 = 0, a2 = 0, a1 = 0, a0, b3 = 0, b2 = 0, b1 = 0, b0;
+
+#ifdef ECL_THIRTY_TWO_BIT
+	mp_digit a7 = 0, a6 = 0, a5 = 0, a4 = 0, b7 = 0, b6 = 0, b5 = 0, b4 =
+		0;
+	mp_digit rm[8];
+#endif
+
+	if (a == b) {
+		return ec_GF2m_233_sqr(a, r, meth);
+	} else {
+		switch (MP_USED(a)) {
+#ifdef ECL_THIRTY_TWO_BIT
+		case 8:
+			a7 = MP_DIGIT(a, 7);
+		case 7:
+			a6 = MP_DIGIT(a, 6);
+		case 6:
+			a5 = MP_DIGIT(a, 5);
+		case 5:
+			a4 = MP_DIGIT(a, 4);
+#endif
+		case 4:
+			a3 = MP_DIGIT(a, 3);
+		case 3:
+			a2 = MP_DIGIT(a, 2);
+		case 2:
+			a1 = MP_DIGIT(a, 1);
+		default:
+			a0 = MP_DIGIT(a, 0);
+		}
+		switch (MP_USED(b)) {
+#ifdef ECL_THIRTY_TWO_BIT
+		case 8:
+			b7 = MP_DIGIT(b, 7);
+		case 7:
+			b6 = MP_DIGIT(b, 6);
+		case 6:
+			b5 = MP_DIGIT(b, 5);
+		case 5:
+			b4 = MP_DIGIT(b, 4);
+#endif
+		case 4:
+			b3 = MP_DIGIT(b, 3);
+		case 3:
+			b2 = MP_DIGIT(b, 2);
+		case 2:
+			b1 = MP_DIGIT(b, 1);
+		default:
+			b0 = MP_DIGIT(b, 0);
+		}
+#ifdef ECL_SIXTY_FOUR_BIT
+		MP_CHECKOK(s_mp_pad(r, 8));
+		s_bmul_4x4(MP_DIGITS(r), a3, a2, a1, a0, b3, b2, b1, b0);
+		MP_USED(r) = 8;
+		s_mp_clamp(r);
+#else
+		MP_CHECKOK(s_mp_pad(r, 16));
+		s_bmul_4x4(MP_DIGITS(r) + 8, a7, a6, a5, a4, b7, b6, b5, b4);
+		s_bmul_4x4(MP_DIGITS(r), a3, a2, a1, a0, b3, b2, b1, b0);
+		s_bmul_4x4(rm, a7 ^ a3, a6 ^ a2, a5 ^ a1, a4 ^ a0, b7 ^ b3,
+				   b6 ^ b2, b5 ^ b1, b4 ^ b0);
+		rm[7] ^= MP_DIGIT(r, 7) ^ MP_DIGIT(r, 15);
+		rm[6] ^= MP_DIGIT(r, 6) ^ MP_DIGIT(r, 14);
+		rm[5] ^= MP_DIGIT(r, 5) ^ MP_DIGIT(r, 13);
+		rm[4] ^= MP_DIGIT(r, 4) ^ MP_DIGIT(r, 12);
+		rm[3] ^= MP_DIGIT(r, 3) ^ MP_DIGIT(r, 11);
+		rm[2] ^= MP_DIGIT(r, 2) ^ MP_DIGIT(r, 10);
+		rm[1] ^= MP_DIGIT(r, 1) ^ MP_DIGIT(r, 9);
+		rm[0] ^= MP_DIGIT(r, 0) ^ MP_DIGIT(r, 8);
+		MP_DIGIT(r, 11) ^= rm[7];
+		MP_DIGIT(r, 10) ^= rm[6];
+		MP_DIGIT(r, 9) ^= rm[5];
+		MP_DIGIT(r, 8) ^= rm[4];
+		MP_DIGIT(r, 7) ^= rm[3];
+		MP_DIGIT(r, 6) ^= rm[2];
+		MP_DIGIT(r, 5) ^= rm[1];
+		MP_DIGIT(r, 4) ^= rm[0];
+		MP_USED(r) = 16;
+		s_mp_clamp(r);
+#endif
+		return ec_GF2m_233_mod(r, r, meth);
+	}
+
+  CLEANUP:
+	return res;
+}
+
+/* Wire in fast field arithmetic for 233-bit curves. */
+mp_err
+ec_group_set_gf2m233(ECGroup *group, ECCurveName name)
+{
+	group->meth->field_mod = &ec_GF2m_233_mod;
+	group->meth->field_mul = &ec_GF2m_233_mul;
+	group->meth->field_sqr = &ec_GF2m_233_sqr;
+	return MP_OKAY;
+}
diff --git a/security/nss/lib/freebl/ecl/ec2_aff.c b/security/nss/lib/freebl/ecl/ec2_aff.c
new file mode 100644
index 000000000..64bb6fecc
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ec2_aff.c
@@ -0,0 +1,346 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library for binary polynomial field curves.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "ec2.h"
+#include "mplogic.h"
+#include "mp_gf2m.h"
+#include <stdlib.h>
+
+/* Checks if point P(px, py) is at infinity.  Uses affine coordinates. */
+mp_err
+ec_GF2m_pt_is_inf_aff(const mp_int *px, const mp_int *py)
+{
+
+	if ((mp_cmp_z(px) == 0) && (mp_cmp_z(py) == 0)) {
+		return MP_YES;
+	} else {
+		return MP_NO;
+	}
+
+}
+
+/* Sets P(px, py) to be the point at infinity.  Uses affine coordinates. */
+mp_err
+ec_GF2m_pt_set_inf_aff(mp_int *px, mp_int *py)
+{
+	mp_zero(px);
+	mp_zero(py);
+	return MP_OKAY;
+}
+
+/* Computes R = P + Q based on IEEE P1363 A.10.2. Elliptic curve points P, 
+ * Q, and R can all be identical. Uses affine coordinates. */
+mp_err
+ec_GF2m_pt_add_aff(const mp_int *px, const mp_int *py, const mp_int *qx,
+				   const mp_int *qy, mp_int *rx, mp_int *ry,
+				   const ECGroup *group)
+{
+	mp_err res = MP_OKAY;
+	mp_int lambda, tempx, tempy;
+
+	MP_DIGITS(&lambda) = 0;
+	MP_DIGITS(&tempx) = 0;
+	MP_DIGITS(&tempy) = 0;
+	MP_CHECKOK(mp_init(&lambda));
+	MP_CHECKOK(mp_init(&tempx));
+	MP_CHECKOK(mp_init(&tempy));
+	/* if P = inf, then R = Q */
+	if (ec_GF2m_pt_is_inf_aff(px, py) == 0) {
+		MP_CHECKOK(mp_copy(qx, rx));
+		MP_CHECKOK(mp_copy(qy, ry));
+		res = MP_OKAY;
+		goto CLEANUP;
+	}
+	/* if Q = inf, then R = P */
+	if (ec_GF2m_pt_is_inf_aff(qx, qy) == 0) {
+		MP_CHECKOK(mp_copy(px, rx));
+		MP_CHECKOK(mp_copy(py, ry));
+		res = MP_OKAY;
+		goto CLEANUP;
+	}
+	/* if px != qx, then lambda = (py+qy) / (px+qx), tempx = a + lambda^2
+	 * + lambda + px + qx */
+	if (mp_cmp(px, qx) != 0) {
+		MP_CHECKOK(group->meth->field_add(py, qy, &tempy, group->meth));
+		MP_CHECKOK(group->meth->field_add(px, qx, &tempx, group->meth));
+		MP_CHECKOK(group->meth->
+				   field_div(&tempy, &tempx, &lambda, group->meth));
+		MP_CHECKOK(group->meth->field_sqr(&lambda, &tempx, group->meth));
+		MP_CHECKOK(group->meth->
+				   field_add(&tempx, &lambda, &tempx, group->meth));
+		MP_CHECKOK(group->meth->
+				   field_add(&tempx, &group->curvea, &tempx, group->meth));
+		MP_CHECKOK(group->meth->
+				   field_add(&tempx, px, &tempx, group->meth));
+		MP_CHECKOK(group->meth->
+				   field_add(&tempx, qx, &tempx, group->meth));
+	} else {
+		/* if py != qy or qx = 0, then R = inf */
+		if (((mp_cmp(py, qy) != 0)) || (mp_cmp_z(qx) == 0)) {
+			mp_zero(rx);
+			mp_zero(ry);
+			res = MP_OKAY;
+			goto CLEANUP;
+		}
+		/* lambda = qx + qy / qx */
+		MP_CHECKOK(group->meth->field_div(qy, qx, &lambda, group->meth));
+		MP_CHECKOK(group->meth->
+				   field_add(&lambda, qx, &lambda, group->meth));
+		/* tempx = a + lambda^2 + lambda */
+		MP_CHECKOK(group->meth->field_sqr(&lambda, &tempx, group->meth));
+		MP_CHECKOK(group->meth->
+				   field_add(&tempx, &lambda, &tempx, group->meth));
+		MP_CHECKOK(group->meth->
+				   field_add(&tempx, &group->curvea, &tempx, group->meth));
+	}
+	/* ry = (qx + tempx) * lambda + tempx + qy */
+	MP_CHECKOK(group->meth->field_add(qx, &tempx, &tempy, group->meth));
+	MP_CHECKOK(group->meth->
+			   field_mul(&tempy, &lambda, &tempy, group->meth));
+	MP_CHECKOK(group->meth->
+			   field_add(&tempy, &tempx, &tempy, group->meth));
+	MP_CHECKOK(group->meth->field_add(&tempy, qy, ry, group->meth));
+	/* rx = tempx */
+	MP_CHECKOK(mp_copy(&tempx, rx));
+
+  CLEANUP:
+	mp_clear(&lambda);
+	mp_clear(&tempx);
+	mp_clear(&tempy);
+	return res;
+}
+
+/* Computes R = P - Q. Elliptic curve points P, Q, and R can all be
+ * identical. Uses affine coordinates. */
+mp_err
+ec_GF2m_pt_sub_aff(const mp_int *px, const mp_int *py, const mp_int *qx,
+				   const mp_int *qy, mp_int *rx, mp_int *ry,
+				   const ECGroup *group)
+{
+	mp_err res = MP_OKAY;
+	mp_int nqy;
+
+	MP_DIGITS(&nqy) = 0;
+	MP_CHECKOK(mp_init(&nqy));
+	/* nqy = qx+qy */
+	MP_CHECKOK(group->meth->field_add(qx, qy, &nqy, group->meth));
+	MP_CHECKOK(group->point_add(px, py, qx, &nqy, rx, ry, group));
+  CLEANUP:
+	mp_clear(&nqy);
+	return res;
+}
+
+/* Computes R = 2P. Elliptic curve points P and R can be identical. Uses
+ * affine coordinates. */
+mp_err
+ec_GF2m_pt_dbl_aff(const mp_int *px, const mp_int *py, mp_int *rx,
+				   mp_int *ry, const ECGroup *group)
+{
+	return group->point_add(px, py, px, py, rx, ry, group);
+}
+
+/* by default, this routine is unused and thus doesn't need to be compiled */
+#ifdef ECL_ENABLE_GF2M_PT_MUL_AFF
+/* Computes R = nP based on IEEE P1363 A.10.3. Elliptic curve points P and 
+ * R can be identical. Uses affine coordinates. */
+mp_err
+ec_GF2m_pt_mul_aff(const mp_int *n, const mp_int *px, const mp_int *py,
+				   mp_int *rx, mp_int *ry, const ECGroup *group)
+{
+	mp_err res = MP_OKAY;
+	mp_int k, k3, qx, qy, sx, sy;
+	int b1, b3, i, l;
+
+	MP_DIGITS(&k) = 0;
+	MP_DIGITS(&k3) = 0;
+	MP_DIGITS(&qx) = 0;
+	MP_DIGITS(&qy) = 0;
+	MP_DIGITS(&sx) = 0;
+	MP_DIGITS(&sy) = 0;
+	MP_CHECKOK(mp_init(&k));
+	MP_CHECKOK(mp_init(&k3));
+	MP_CHECKOK(mp_init(&qx));
+	MP_CHECKOK(mp_init(&qy));
+	MP_CHECKOK(mp_init(&sx));
+	MP_CHECKOK(mp_init(&sy));
+
+	/* if n = 0 then r = inf */
+	if (mp_cmp_z(n) == 0) {
+		mp_zero(rx);
+		mp_zero(ry);
+		res = MP_OKAY;
+		goto CLEANUP;
+	}
+	/* Q = P, k = n */
+	MP_CHECKOK(mp_copy(px, &qx));
+	MP_CHECKOK(mp_copy(py, &qy));
+	MP_CHECKOK(mp_copy(n, &k));
+	/* if n < 0 then Q = -Q, k = -k */
+	if (mp_cmp_z(n) < 0) {
+		MP_CHECKOK(group->meth->field_add(&qx, &qy, &qy, group->meth));
+		MP_CHECKOK(mp_neg(&k, &k));
+	}
+#ifdef ECL_DEBUG				/* basic double and add method */
+	l = mpl_significant_bits(&k) - 1;
+	MP_CHECKOK(mp_copy(&qx, &sx));
+	MP_CHECKOK(mp_copy(&qy, &sy));
+	for (i = l - 1; i >= 0; i--) {
+		/* S = 2S */
+		MP_CHECKOK(group->point_dbl(&sx, &sy, &sx, &sy, group));
+		/* if k_i = 1, then S = S + Q */
+		if (mpl_get_bit(&k, i) != 0) {
+			MP_CHECKOK(group->
+					   point_add(&sx, &sy, &qx, &qy, &sx, &sy, group));
+		}
+	}
+#else							/* double and add/subtract method from
+								 * standard */
+	/* k3 = 3 * k */
+	MP_CHECKOK(mp_set_int(&k3, 3));
+	MP_CHECKOK(mp_mul(&k, &k3, &k3));
+	/* S = Q */
+	MP_CHECKOK(mp_copy(&qx, &sx));
+	MP_CHECKOK(mp_copy(&qy, &sy));
+	/* l = index of high order bit in binary representation of 3*k */
+	l = mpl_significant_bits(&k3) - 1;
+	/* for i = l-1 downto 1 */
+	for (i = l - 1; i >= 1; i--) {
+		/* S = 2S */
+		MP_CHECKOK(group->point_dbl(&sx, &sy, &sx, &sy, group));
+		b3 = MP_GET_BIT(&k3, i);
+		b1 = MP_GET_BIT(&k, i);
+		/* if k3_i = 1 and k_i = 0, then S = S + Q */
+		if ((b3 == 1) && (b1 == 0)) {
+			MP_CHECKOK(group->
+					   point_add(&sx, &sy, &qx, &qy, &sx, &sy, group));
+			/* if k3_i = 0 and k_i = 1, then S = S - Q */
+		} else if ((b3 == 0) && (b1 == 1)) {
+			MP_CHECKOK(group->
+					   point_sub(&sx, &sy, &qx, &qy, &sx, &sy, group));
+		}
+	}
+#endif
+	/* output S */
+	MP_CHECKOK(mp_copy(&sx, rx));
+	MP_CHECKOK(mp_copy(&sy, ry));
+
+  CLEANUP:
+	mp_clear(&k);
+	mp_clear(&k3);
+	mp_clear(&qx);
+	mp_clear(&qy);
+	mp_clear(&sx);
+	mp_clear(&sy);
+	return res;
+}
+#endif
+
+/* Validates a point on a GF2m curve. */
+mp_err 
+ec_GF2m_validate_point(const mp_int *px, const mp_int *py, const ECGroup *group)
+{
+	mp_err res = MP_NO;
+	mp_int accl, accr, tmp, pxt, pyt;
+
+	MP_DIGITS(&accl) = 0;
+	MP_DIGITS(&accr) = 0;
+	MP_DIGITS(&tmp) = 0;
+	MP_DIGITS(&pxt) = 0;
+	MP_DIGITS(&pyt) = 0;
+	MP_CHECKOK(mp_init(&accl));
+	MP_CHECKOK(mp_init(&accr));
+	MP_CHECKOK(mp_init(&tmp));
+	MP_CHECKOK(mp_init(&pxt));
+	MP_CHECKOK(mp_init(&pyt));
+
+    /* 1: Verify that publicValue is not the point at infinity */
+	if (ec_GF2m_pt_is_inf_aff(px, py) == MP_YES) {
+		res = MP_NO;
+		goto CLEANUP;
+	}
+    /* 2: Verify that the coordinates of publicValue are elements 
+     *    of the field.
+     */
+	if ((MP_SIGN(px) == MP_NEG) || (mp_cmp(px, &group->meth->irr) >= 0) || 
+		(MP_SIGN(py) == MP_NEG) || (mp_cmp(py, &group->meth->irr) >= 0)) {
+		res = MP_NO;
+		goto CLEANUP;
+	}
+    /* 3: Verify that publicValue is on the curve. */
+	if (group->meth->field_enc) {
+		group->meth->field_enc(px, &pxt, group->meth);
+		group->meth->field_enc(py, &pyt, group->meth);
+	} else {
+		mp_copy(px, &pxt);
+		mp_copy(py, &pyt);
+	}
+	/* left-hand side: y^2 + x*y  */
+	MP_CHECKOK( group->meth->field_sqr(&pyt, &accl, group->meth) );
+	MP_CHECKOK( group->meth->field_mul(&pxt, &pyt, &tmp, group->meth) );
+	MP_CHECKOK( group->meth->field_add(&accl, &tmp, &accl, group->meth) );
+	/* right-hand side: x^3 + a*x^2 + b */
+	MP_CHECKOK( group->meth->field_sqr(&pxt, &tmp, group->meth) );
+	MP_CHECKOK( group->meth->field_mul(&pxt, &tmp, &accr, group->meth) );
+	MP_CHECKOK( group->meth->field_mul(&group->curvea, &tmp, &tmp, group->meth) );
+	MP_CHECKOK( group->meth->field_add(&tmp, &accr, &accr, group->meth) );
+	MP_CHECKOK( group->meth->field_add(&accr, &group->curveb, &accr, group->meth) );
+	/* check LHS - RHS == 0 */
+	MP_CHECKOK( group->meth->field_add(&accl, &accr, &accr, group->meth) );
+	if (mp_cmp_z(&accr) != 0) {
+		res = MP_NO;
+		goto CLEANUP;
+	}
+    /* 4: Verify that the order of the curve times the publicValue
+     *    is the point at infinity.
+     */
+	MP_CHECKOK( ECPoint_mul(group, &group->order, px, py, &pxt, &pyt) );
+	if (ec_GF2m_pt_is_inf_aff(&pxt, &pyt) != MP_YES) {
+		res = MP_NO;
+		goto CLEANUP;
+	}
+
+	res = MP_YES;
+
+CLEANUP:
+	mp_clear(&accl);
+	mp_clear(&accr);
+	mp_clear(&tmp);
+	mp_clear(&pxt);
+	mp_clear(&pyt);
+	return res;
+}
diff --git a/security/nss/lib/freebl/ecl/ec2_mont.c b/security/nss/lib/freebl/ecl/ec2_mont.c
new file mode 100644
index 000000000..7167a9879
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ec2_mont.c
@@ -0,0 +1,274 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library for binary polynomial field curves.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Sheueling Chang-Shantz <sheueling.chang@sun.com>,
+ *   Stephen Fung <fungstep@hotmail.com>, and
+ *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "ec2.h"
+#include "mplogic.h"
+#include "mp_gf2m.h"
+#include <stdlib.h>
+
+/* Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery
+ * projective coordinates. Uses algorithm Mdouble in appendix of Lopez, J. 
+ * and Dahab, R.  "Fast multiplication on elliptic curves over GF(2^m)
+ * without precomputation". modified to not require precomputation of
+ * c=b^{2^{m-1}}. */
+static mp_err
+gf2m_Mdouble(mp_int *x, mp_int *z, const ECGroup *group)
+{
+	mp_err res = MP_OKAY;
+	mp_int t1;
+
+	MP_DIGITS(&t1) = 0;
+	MP_CHECKOK(mp_init(&t1));
+
+	MP_CHECKOK(group->meth->field_sqr(x, x, group->meth));
+	MP_CHECKOK(group->meth->field_sqr(z, &t1, group->meth));
+	MP_CHECKOK(group->meth->field_mul(x, &t1, z, group->meth));
+	MP_CHECKOK(group->meth->field_sqr(x, x, group->meth));
+	MP_CHECKOK(group->meth->field_sqr(&t1, &t1, group->meth));
+	MP_CHECKOK(group->meth->
+			   field_mul(&group->curveb, &t1, &t1, group->meth));
+	MP_CHECKOK(group->meth->field_add(x, &t1, x, group->meth));
+
+  CLEANUP:
+	mp_clear(&t1);
+	return res;
+}
+
+/* Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in
+ * Montgomery projective coordinates. Uses algorithm Madd in appendix of
+ * Lopex, J. and Dahab, R.  "Fast multiplication on elliptic curves over
+ * GF(2^m) without precomputation". */
+static mp_err
+gf2m_Madd(const mp_int *x, mp_int *x1, mp_int *z1, mp_int *x2, mp_int *z2,
+		  const ECGroup *group)
+{
+	mp_err res = MP_OKAY;
+	mp_int t1, t2;
+
+	MP_DIGITS(&t1) = 0;
+	MP_DIGITS(&t2) = 0;
+	MP_CHECKOK(mp_init(&t1));
+	MP_CHECKOK(mp_init(&t2));
+
+	MP_CHECKOK(mp_copy(x, &t1));
+	MP_CHECKOK(group->meth->field_mul(x1, z2, x1, group->meth));
+	MP_CHECKOK(group->meth->field_mul(z1, x2, z1, group->meth));
+	MP_CHECKOK(group->meth->field_mul(x1, z1, &t2, group->meth));
+	MP_CHECKOK(group->meth->field_add(z1, x1, z1, group->meth));
+	MP_CHECKOK(group->meth->field_sqr(z1, z1, group->meth));
+	MP_CHECKOK(group->meth->field_mul(z1, &t1, x1, group->meth));
+	MP_CHECKOK(group->meth->field_add(x1, &t2, x1, group->meth));
+
+  CLEANUP:
+	mp_clear(&t1);
+	mp_clear(&t2);
+	return res;
+}
+
+/* Compute the x, y affine coordinates from the point (x1, z1) (x2, z2)
+ * using Montgomery point multiplication algorithm Mxy() in appendix of
+ * Lopex, J. and Dahab, R.  "Fast multiplication on elliptic curves over
+ * GF(2^m) without precomputation". Returns: 0 on error 1 if return value
+ * should be the point at infinity 2 otherwise */
+static int
+gf2m_Mxy(const mp_int *x, const mp_int *y, mp_int *x1, mp_int *z1,
+		 mp_int *x2, mp_int *z2, const ECGroup *group)
+{
+	mp_err res = MP_OKAY;
+	int ret = 0;
+	mp_int t3, t4, t5;
+
+	MP_DIGITS(&t3) = 0;
+	MP_DIGITS(&t4) = 0;
+	MP_DIGITS(&t5) = 0;
+	MP_CHECKOK(mp_init(&t3));
+	MP_CHECKOK(mp_init(&t4));
+	MP_CHECKOK(mp_init(&t5));
+
+	if (mp_cmp_z(z1) == 0) {
+		mp_zero(x2);
+		mp_zero(z2);
+		ret = 1;
+		goto CLEANUP;
+	}
+
+	if (mp_cmp_z(z2) == 0) {
+		MP_CHECKOK(mp_copy(x, x2));
+		MP_CHECKOK(group->meth->field_add(x, y, z2, group->meth));
+		ret = 2;
+		goto CLEANUP;
+	}
+
+	MP_CHECKOK(mp_set_int(&t5, 1));
+	if (group->meth->field_enc) {
+		MP_CHECKOK(group->meth->field_enc(&t5, &t5, group->meth));
+	}
+
+	MP_CHECKOK(group->meth->field_mul(z1, z2, &t3, group->meth));
+
+	MP_CHECKOK(group->meth->field_mul(z1, x, z1, group->meth));
+	MP_CHECKOK(group->meth->field_add(z1, x1, z1, group->meth));
+	MP_CHECKOK(group->meth->field_mul(z2, x, z2, group->meth));
+	MP_CHECKOK(group->meth->field_mul(z2, x1, x1, group->meth));
+	MP_CHECKOK(group->meth->field_add(z2, x2, z2, group->meth));
+
+	MP_CHECKOK(group->meth->field_mul(z2, z1, z2, group->meth));
+	MP_CHECKOK(group->meth->field_sqr(x, &t4, group->meth));
+	MP_CHECKOK(group->meth->field_add(&t4, y, &t4, group->meth));
+	MP_CHECKOK(group->meth->field_mul(&t4, &t3, &t4, group->meth));
+	MP_CHECKOK(group->meth->field_add(&t4, z2, &t4, group->meth));
+
+	MP_CHECKOK(group->meth->field_mul(&t3, x, &t3, group->meth));
+	MP_CHECKOK(group->meth->field_div(&t5, &t3, &t3, group->meth));
+	MP_CHECKOK(group->meth->field_mul(&t3, &t4, &t4, group->meth));
+	MP_CHECKOK(group->meth->field_mul(x1, &t3, x2, group->meth));
+	MP_CHECKOK(group->meth->field_add(x2, x, z2, group->meth));
+
+	MP_CHECKOK(group->meth->field_mul(z2, &t4, z2, group->meth));
+	MP_CHECKOK(group->meth->field_add(z2, y, z2, group->meth));
+
+	ret = 2;
+
+  CLEANUP:
+	mp_clear(&t3);
+	mp_clear(&t4);
+	mp_clear(&t5);
+	if (res == MP_OKAY) {
+		return ret;
+	} else {
+		return 0;
+	}
+}
+
+/* Computes R = nP based on algorithm 2P of Lopex, J. and Dahab, R.  "Fast 
+ * multiplication on elliptic curves over GF(2^m) without
+ * precomputation". Elliptic curve points P and R can be identical. Uses
+ * Montgomery projective coordinates. */
+mp_err
+ec_GF2m_pt_mul_mont(const mp_int *n, const mp_int *px, const mp_int *py,
+					mp_int *rx, mp_int *ry, const ECGroup *group)
+{
+	mp_err res = MP_OKAY;
+	mp_int x1, x2, z1, z2;
+	int i, j;
+	mp_digit top_bit, mask;
+
+	MP_DIGITS(&x1) = 0;
+	MP_DIGITS(&x2) = 0;
+	MP_DIGITS(&z1) = 0;
+	MP_DIGITS(&z2) = 0;
+	MP_CHECKOK(mp_init(&x1));
+	MP_CHECKOK(mp_init(&x2));
+	MP_CHECKOK(mp_init(&z1));
+	MP_CHECKOK(mp_init(&z2));
+
+	/* if result should be point at infinity */
+	if ((mp_cmp_z(n) == 0) || (ec_GF2m_pt_is_inf_aff(px, py) == MP_YES)) {
+		MP_CHECKOK(ec_GF2m_pt_set_inf_aff(rx, ry));
+		goto CLEANUP;
+	}
+
+	MP_CHECKOK(mp_copy(px, &x1));	/* x1 = px */
+	MP_CHECKOK(mp_set_int(&z1, 1));	/* z1 = 1 */
+	MP_CHECKOK(group->meth->field_sqr(&x1, &z2, group->meth));	/* z2 =
+																 * x1^2 =
+																 * px^2 */
+	MP_CHECKOK(group->meth->field_sqr(&z2, &x2, group->meth));
+	MP_CHECKOK(group->meth->field_add(&x2, &group->curveb, &x2, group->meth));	/* x2 
+																				 * = 
+																				 * px^4 
+																				 * + 
+																				 * b 
+																				 */
+
+	/* find top-most bit and go one past it */
+	i = MP_USED(n) - 1;
+	j = MP_DIGIT_BIT - 1;
+	top_bit = 1;
+	top_bit <<= MP_DIGIT_BIT - 1;
+	mask = top_bit;
+	while (!(MP_DIGITS(n)[i] & mask)) {
+		mask >>= 1;
+		j--;
+	}
+	mask >>= 1;
+	j--;
+
+	/* if top most bit was at word break, go to next word */
+	if (!mask) {
+		i--;
+		j = MP_DIGIT_BIT - 1;
+		mask = top_bit;
+	}
+
+	for (; i >= 0; i--) {
+		for (; j >= 0; j--) {
+			if (MP_DIGITS(n)[i] & mask) {
+				MP_CHECKOK(gf2m_Madd(px, &x1, &z1, &x2, &z2, group));
+				MP_CHECKOK(gf2m_Mdouble(&x2, &z2, group));
+			} else {
+				MP_CHECKOK(gf2m_Madd(px, &x2, &z2, &x1, &z1, group));
+				MP_CHECKOK(gf2m_Mdouble(&x1, &z1, group));
+			}
+			mask >>= 1;
+		}
+		j = MP_DIGIT_BIT - 1;
+		mask = top_bit;
+	}
+
+	/* convert out of "projective" coordinates */
+	i = gf2m_Mxy(px, py, &x1, &z1, &x2, &z2, group);
+	if (i == 0) {
+		res = MP_BADARG;
+		goto CLEANUP;
+	} else if (i == 1) {
+		MP_CHECKOK(ec_GF2m_pt_set_inf_aff(rx, ry));
+	} else {
+		MP_CHECKOK(mp_copy(&x2, rx));
+		MP_CHECKOK(mp_copy(&z2, ry));
+	}
+
+  CLEANUP:
+	mp_clear(&x1);
+	mp_clear(&x2);
+	mp_clear(&z1);
+	mp_clear(&z2);
+	return res;
+}
diff --git a/security/nss/lib/freebl/ecl/ec2_proj.c b/security/nss/lib/freebl/ecl/ec2_proj.c
new file mode 100644
index 000000000..340e47d08
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ec2_proj.c
@@ -0,0 +1,369 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library for binary polynomial field curves.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Sheueling Chang-Shantz <sheueling.chang@sun.com>,
+ *   Stephen Fung <fungstep@hotmail.com>, and
+ *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "ec2.h"
+#include "mplogic.h"
+#include "mp_gf2m.h"
+#include <stdlib.h>
+#ifdef ECL_DEBUG
+#include <assert.h>
+#endif
+
+/* by default, these routines are unused and thus don't need to be compiled */
+#ifdef ECL_ENABLE_GF2M_PROJ
+/* Converts a point P(px, py) from affine coordinates to projective
+ * coordinates R(rx, ry, rz). Assumes input is already field-encoded using 
+ * field_enc, and returns output that is still field-encoded. */
+mp_err
+ec_GF2m_pt_aff2proj(const mp_int *px, const mp_int *py, mp_int *rx,
+					mp_int *ry, mp_int *rz, const ECGroup *group)
+{
+	mp_err res = MP_OKAY;
+
+	MP_CHECKOK(mp_copy(px, rx));
+	MP_CHECKOK(mp_copy(py, ry));
+	MP_CHECKOK(mp_set_int(rz, 1));
+	if (group->meth->field_enc) {
+		MP_CHECKOK(group->meth->field_enc(rz, rz, group->meth));
+	}
+  CLEANUP:
+	return res;
+}
+
+/* Converts a point P(px, py, pz) from projective coordinates to affine
+ * coordinates R(rx, ry).  P and R can share x and y coordinates. Assumes
+ * input is already field-encoded using field_enc, and returns output that
+ * is still field-encoded. */
+mp_err
+ec_GF2m_pt_proj2aff(const mp_int *px, const mp_int *py, const mp_int *pz,
+					mp_int *rx, mp_int *ry, const ECGroup *group)
+{
+	mp_err res = MP_OKAY;
+	mp_int z1, z2;
+
+	MP_DIGITS(&z1) = 0;
+	MP_DIGITS(&z2) = 0;
+	MP_CHECKOK(mp_init(&z1));
+	MP_CHECKOK(mp_init(&z2));
+
+	/* if point at infinity, then set point at infinity and exit */
+	if (ec_GF2m_pt_is_inf_proj(px, py, pz) == MP_YES) {
+		MP_CHECKOK(ec_GF2m_pt_set_inf_aff(rx, ry));
+		goto CLEANUP;
+	}
+
+	/* transform (px, py, pz) into (px / pz, py / pz^2) */
+	if (mp_cmp_d(pz, 1) == 0) {
+		MP_CHECKOK(mp_copy(px, rx));
+		MP_CHECKOK(mp_copy(py, ry));
+	} else {
+		MP_CHECKOK(group->meth->field_div(NULL, pz, &z1, group->meth));
+		MP_CHECKOK(group->meth->field_sqr(&z1, &z2, group->meth));
+		MP_CHECKOK(group->meth->field_mul(px, &z1, rx, group->meth));
+		MP_CHECKOK(group->meth->field_mul(py, &z2, ry, group->meth));
+	}
+
+  CLEANUP:
+	mp_clear(&z1);
+	mp_clear(&z2);
+	return res;
+}
+
+/* Checks if point P(px, py, pz) is at infinity. Uses projective
+ * coordinates. */
+mp_err
+ec_GF2m_pt_is_inf_proj(const mp_int *px, const mp_int *py,
+					   const mp_int *pz)
+{
+	return mp_cmp_z(pz);
+}
+
+/* Sets P(px, py, pz) to be the point at infinity.  Uses projective
+ * coordinates. */
+mp_err
+ec_GF2m_pt_set_inf_proj(mp_int *px, mp_int *py, mp_int *pz)
+{
+	mp_zero(pz);
+	return MP_OKAY;
+}
+
+/* Computes R = P + Q where R is (rx, ry, rz), P is (px, py, pz) and Q is
+ * (qx, qy, 1).  Elliptic curve points P, Q, and R can all be identical.
+ * Uses mixed projective-affine coordinates. Assumes input is already
+ * field-encoded using field_enc, and returns output that is still
+ * field-encoded. Uses equation (3) from Hankerson, Hernandez, Menezes.
+ * Software Implementation of Elliptic Curve Cryptography Over Binary
+ * Fields. */
+mp_err
+ec_GF2m_pt_add_proj(const mp_int *px, const mp_int *py, const mp_int *pz,
+					const mp_int *qx, const mp_int *qy, mp_int *rx,
+					mp_int *ry, mp_int *rz, const ECGroup *group)
+{
+	mp_err res = MP_OKAY;
+	mp_int A, B, C, D, E, F, G;
+
+	/* If either P or Q is the point at infinity, then return the other
+	 * point */
+	if (ec_GF2m_pt_is_inf_proj(px, py, pz) == MP_YES) {
+		return ec_GF2m_pt_aff2proj(qx, qy, rx, ry, rz, group);
+	}
+	if (ec_GF2m_pt_is_inf_aff(qx, qy) == MP_YES) {
+		MP_CHECKOK(mp_copy(px, rx));
+		MP_CHECKOK(mp_copy(py, ry));
+		return mp_copy(pz, rz);
+	}
+
+	MP_DIGITS(&A) = 0;
+	MP_DIGITS(&B) = 0;
+	MP_DIGITS(&C) = 0;
+	MP_DIGITS(&D) = 0;
+	MP_DIGITS(&E) = 0;
+	MP_DIGITS(&F) = 0;
+	MP_DIGITS(&G) = 0;
+	MP_CHECKOK(mp_init(&A));
+	MP_CHECKOK(mp_init(&B));
+	MP_CHECKOK(mp_init(&C));
+	MP_CHECKOK(mp_init(&D));
+	MP_CHECKOK(mp_init(&E));
+	MP_CHECKOK(mp_init(&F));
+	MP_CHECKOK(mp_init(&G));
+
+	/* D = pz^2 */
+	MP_CHECKOK(group->meth->field_sqr(pz, &D, group->meth));
+
+	/* A = qy * pz^2 + py */
+	MP_CHECKOK(group->meth->field_mul(qy, &D, &A, group->meth));
+	MP_CHECKOK(group->meth->field_add(&A, py, &A, group->meth));
+
+	/* B = qx * pz + px */
+	MP_CHECKOK(group->meth->field_mul(qx, pz, &B, group->meth));
+	MP_CHECKOK(group->meth->field_add(&B, px, &B, group->meth));
+
+	/* C = pz * B */
+	MP_CHECKOK(group->meth->field_mul(pz, &B, &C, group->meth));
+
+	/* D = B^2 * (C + a * pz^2) (using E as a temporary variable) */
+	MP_CHECKOK(group->meth->
+			   field_mul(&group->curvea, &D, &D, group->meth));
+	MP_CHECKOK(group->meth->field_add(&C, &D, &D, group->meth));
+	MP_CHECKOK(group->meth->field_sqr(&B, &E, group->meth));
+	MP_CHECKOK(group->meth->field_mul(&E, &D, &D, group->meth));
+
+	/* rz = C^2 */
+	MP_CHECKOK(group->meth->field_sqr(&C, rz, group->meth));
+
+	/* E = A * C */
+	MP_CHECKOK(group->meth->field_mul(&A, &C, &E, group->meth));
+
+	/* rx = A^2 + D + E */
+	MP_CHECKOK(group->meth->field_sqr(&A, rx, group->meth));
+	MP_CHECKOK(group->meth->field_add(rx, &D, rx, group->meth));
+	MP_CHECKOK(group->meth->field_add(rx, &E, rx, group->meth));
+
+	/* F = rx + qx * rz */
+	MP_CHECKOK(group->meth->field_mul(qx, rz, &F, group->meth));
+	MP_CHECKOK(group->meth->field_add(rx, &F, &F, group->meth));
+
+	/* G = rx + qy * rz */
+	MP_CHECKOK(group->meth->field_mul(qy, rz, &G, group->meth));
+	MP_CHECKOK(group->meth->field_add(rx, &G, &G, group->meth));
+
+	/* ry = E * F + rz * G (using G as a temporary variable) */
+	MP_CHECKOK(group->meth->field_mul(rz, &G, &G, group->meth));
+	MP_CHECKOK(group->meth->field_mul(&E, &F, ry, group->meth));
+	MP_CHECKOK(group->meth->field_add(ry, &G, ry, group->meth));
+
+  CLEANUP:
+	mp_clear(&A);
+	mp_clear(&B);
+	mp_clear(&C);
+	mp_clear(&D);
+	mp_clear(&E);
+	mp_clear(&F);
+	mp_clear(&G);
+	return res;
+}
+
+/* Computes R = 2P.  Elliptic curve points P and R can be identical.  Uses 
+ * projective coordinates.
+ *
+ * Assumes input is already field-encoded using field_enc, and returns 
+ * output that is still field-encoded.
+ *
+ * Uses equation (3) from Hankerson, Hernandez, Menezes. Software 
+ * Implementation of Elliptic Curve Cryptography Over Binary Fields.
+ */
+mp_err
+ec_GF2m_pt_dbl_proj(const mp_int *px, const mp_int *py, const mp_int *pz,
+					mp_int *rx, mp_int *ry, mp_int *rz,
+					const ECGroup *group)
+{
+	mp_err res = MP_OKAY;
+	mp_int t0, t1;
+
+	if (ec_GF2m_pt_is_inf_proj(px, py, pz) == MP_YES) {
+		return ec_GF2m_pt_set_inf_proj(rx, ry, rz);
+	}
+
+	MP_DIGITS(&t0) = 0;
+	MP_DIGITS(&t1) = 0;
+	MP_CHECKOK(mp_init(&t0));
+	MP_CHECKOK(mp_init(&t1));
+
+	/* t0 = px^2 */
+	/* t1 = pz^2 */
+	MP_CHECKOK(group->meth->field_sqr(px, &t0, group->meth));
+	MP_CHECKOK(group->meth->field_sqr(pz, &t1, group->meth));
+
+	/* rz = px^2 * pz^2 */
+	MP_CHECKOK(group->meth->field_mul(&t0, &t1, rz, group->meth));
+
+	/* t0 = px^4 */
+	/* t1 = b * pz^4 */
+	MP_CHECKOK(group->meth->field_sqr(&t0, &t0, group->meth));
+	MP_CHECKOK(group->meth->field_sqr(&t1, &t1, group->meth));
+	MP_CHECKOK(group->meth->
+			   field_mul(&group->curveb, &t1, &t1, group->meth));
+
+	/* rx = px^4 + b * pz^4 */
+	MP_CHECKOK(group->meth->field_add(&t0, &t1, rx, group->meth));
+
+	/* ry = b * pz^4 * rz + rx * (a * rz + py^2 + b * pz^4) */
+	MP_CHECKOK(group->meth->field_sqr(py, ry, group->meth));
+	MP_CHECKOK(group->meth->field_add(ry, &t1, ry, group->meth));
+	/* t0 = a * rz */
+	MP_CHECKOK(group->meth->
+			   field_mul(&group->curvea, rz, &t0, group->meth));
+	MP_CHECKOK(group->meth->field_add(&t0, ry, ry, group->meth));
+	MP_CHECKOK(group->meth->field_mul(rx, ry, ry, group->meth));
+	/* t1 = b * pz^4 * rz */
+	MP_CHECKOK(group->meth->field_mul(&t1, rz, &t1, group->meth));
+	MP_CHECKOK(group->meth->field_add(&t1, ry, ry, group->meth));
+
+  CLEANUP:
+	mp_clear(&t0);
+	mp_clear(&t1);
+	return res;
+}
+
+/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
+ * a, b and p are the elliptic curve coefficients and the prime that
+ * determines the field GF2m.  Elliptic curve points P and R can be
+ * identical.  Uses mixed projective-affine coordinates. Assumes input is
+ * already field-encoded using field_enc, and returns output that is still
+ * field-encoded. Uses 4-bit window method. */
+mp_err
+ec_GF2m_pt_mul_proj(const mp_int *n, const mp_int *px, const mp_int *py,
+					mp_int *rx, mp_int *ry, const ECGroup *group)
+{
+	mp_err res = MP_OKAY;
+	mp_int precomp[16][2], rz;
+	mp_digit precomp_arr[ECL_MAX_FIELD_SIZE_DIGITS * 16 * 2], *t;
+	int i, ni, d;
+
+	ARGCHK(group != NULL, MP_BADARG);
+	ARGCHK((n != NULL) && (px != NULL) && (py != NULL), MP_BADARG);
+
+	/* initialize precomputation table */
+	t = precomp_arr;
+	for (i = 0; i < 16; i++) {
+		/* x co-ord */
+		MP_SIGN(&precomp[i][0]) = MP_ZPOS;
+		MP_ALLOC(&precomp[i][0]) = ECL_MAX_FIELD_SIZE_DIGITS;
+		MP_USED(&precomp[i][0]) = 1;
+		*t = 0;
+		MP_DIGITS(&precomp[i][0]) = t;
+		t += ECL_MAX_FIELD_SIZE_DIGITS;
+		/* y co-ord */
+		MP_SIGN(&precomp[i][1]) = MP_ZPOS;
+		MP_ALLOC(&precomp[i][1]) = ECL_MAX_FIELD_SIZE_DIGITS;
+		MP_USED(&precomp[i][1]) = 1;
+		*t = 0;
+		MP_DIGITS(&precomp[i][1]) = t;
+		t += ECL_MAX_FIELD_SIZE_DIGITS;
+	}
+
+	/* fill precomputation table */
+	mp_zero(&precomp[0][0]);
+	mp_zero(&precomp[0][1]);
+	MP_CHECKOK(mp_copy(px, &precomp[1][0]));
+	MP_CHECKOK(mp_copy(py, &precomp[1][1]));
+	for (i = 2; i < 16; i++) {
+		MP_CHECKOK(group->
+				   point_add(&precomp[1][0], &precomp[1][1],
+							 &precomp[i - 1][0], &precomp[i - 1][1],
+							 &precomp[i][0], &precomp[i][1], group));
+	}
+
+	d = (mpl_significant_bits(n) + 3) / 4;
+
+	/* R = inf */
+	MP_DIGITS(&rz) = 0;
+	MP_CHECKOK(mp_init(&rz));
+	MP_CHECKOK(ec_GF2m_pt_set_inf_proj(rx, ry, &rz));
+
+	for (i = d - 1; i >= 0; i--) {
+		/* compute window ni */
+		ni = MP_GET_BIT(n, 4 * i + 3);
+		ni <<= 1;
+		ni |= MP_GET_BIT(n, 4 * i + 2);
+		ni <<= 1;
+		ni |= MP_GET_BIT(n, 4 * i + 1);
+		ni <<= 1;
+		ni |= MP_GET_BIT(n, 4 * i);
+		/* R = 2^4 * R */
+		MP_CHECKOK(ec_GF2m_pt_dbl_proj(rx, ry, &rz, rx, ry, &rz, group));
+		MP_CHECKOK(ec_GF2m_pt_dbl_proj(rx, ry, &rz, rx, ry, &rz, group));
+		MP_CHECKOK(ec_GF2m_pt_dbl_proj(rx, ry, &rz, rx, ry, &rz, group));
+		MP_CHECKOK(ec_GF2m_pt_dbl_proj(rx, ry, &rz, rx, ry, &rz, group));
+		/* R = R + (ni * P) */
+		MP_CHECKOK(ec_GF2m_pt_add_proj
+				   (rx, ry, &rz, &precomp[ni][0], &precomp[ni][1], rx, ry,
+					&rz, group));
+	}
+
+	/* convert result S to affine coordinates */
+	MP_CHECKOK(ec_GF2m_pt_proj2aff(rx, ry, &rz, rx, ry, group));
+
+  CLEANUP:
+	mp_clear(&rz);
+	return res;
+}
+#endif
diff --git a/security/nss/lib/freebl/ecl/ec_naf.c b/security/nss/lib/freebl/ecl/ec_naf.c
new file mode 100644
index 000000000..9ef3a55f2
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ec_naf.c
@@ -0,0 +1,103 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Stephen Fung <fungstep@hotmail.com>, Sun Microsystems Laboratories
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "ecl-priv.h"
+
+/* Returns 2^e as an integer. This is meant to be used for small powers of 
+ * two. */
+int
+ec_twoTo(int e)
+{
+	int a = 1;
+	int i;
+
+	for (i = 0; i < e; i++) {
+		a *= 2;
+	}
+	return a;
+}
+
+/* Computes the windowed non-adjacent-form (NAF) of a scalar. Out should
+ * be an array of signed char's to output to, bitsize should be the number 
+ * of bits of out, in is the original scalar, and w is the window size.
+ * NAF is discussed in the paper: D. Hankerson, J. Hernandez and A.
+ * Menezes, "Software implementation of elliptic curve cryptography over
+ * binary fields", Proc. CHES 2000. */
+mp_err
+ec_compute_wNAF(signed char *out, int bitsize, const mp_int *in, int w)
+{
+	mp_int k;
+	mp_err res = MP_OKAY;
+	int i, twowm1, mask;
+
+	twowm1 = ec_twoTo(w - 1);
+	mask = 2 * twowm1 - 1;
+
+	MP_DIGITS(&k) = 0;
+	MP_CHECKOK(mp_init_copy(&k, in));
+
+	i = 0;
+	/* Compute wNAF form */
+	while (mp_cmp_z(&k) > 0) {
+		if (mp_isodd(&k)) {
+			out[i] = MP_DIGIT(&k, 0) & mask;
+			if (out[i] >= twowm1)
+				out[i] -= 2 * twowm1;
+
+			/* Subtract off out[i].  Note mp_sub_d only works with
+			 * unsigned digits */
+			if (out[i] >= 0) {
+				mp_sub_d(&k, out[i], &k);
+			} else {
+				mp_add_d(&k, -(out[i]), &k);
+			}
+		} else {
+			out[i] = 0;
+		}
+		mp_div_2(&k, &k);
+		i++;
+	}
+	/* Zero out the remaining elements of the out array. */
+	for (; i < bitsize + 1; i++) {
+		out[i] = 0;
+	}
+  CLEANUP:
+	mp_clear(&k);
+	return res;
+
+}
diff --git a/security/nss/lib/freebl/ecl/ecl-curve.h b/security/nss/lib/freebl/ecl/ecl-curve.h
new file mode 100644
index 000000000..3a01dc835
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ecl-curve.h
@@ -0,0 +1,144 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "ecl-exp.h"
+#include <stdlib.h>
+
+#ifndef __ecl_curve_h_
+#define __ecl_curve_h_
+
+#ifdef NSS_ECC_MORE_THAN_SUITE_B
+#error This source file is for Basic ECC only .
+#endif
+
+static const ECCurveParams ecCurve_NIST_P256 = {
+	"NIST-P256", ECField_GFp, 256,
+	"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
+	"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
+	"5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
+	"6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
+	"4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",
+	"FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", 1
+};
+
+static const ECCurveParams ecCurve_NIST_P384 = {
+	"NIST-P384", ECField_GFp, 384,
+	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
+	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",
+	"B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
+	"AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",
+	"3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F",
+	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973",
+	1
+};
+
+static const ECCurveParams ecCurve_NIST_P521 = {
+	"NIST-P521", ECField_GFp, 521,
+	"01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
+	"01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
+	"0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
+	"00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
+	"011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650",
+	"01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
+	1
+};
+
+/* mapping between ECCurveName enum and pointers to ECCurveParams */
+static const ECCurveParams *ecCurve_map[] = {
+	NULL,			/* ECCurve_noName */
+	NULL,			/* ECCurve_NIST_P192 */
+	NULL,			/* ECCurve_NIST_P224 */
+	&ecCurve_NIST_P256,	/* ECCurve_NIST_P256 */
+	&ecCurve_NIST_P384,	/* ECCurve_NIST_P384 */
+	&ecCurve_NIST_P521,	/* ECCurve_NIST_P521 */
+	NULL,			/* ECCurve_NIST_K163 */
+	NULL,			/* ECCurve_NIST_B163 */
+	NULL,			/* ECCurve_NIST_K233 */
+	NULL,			/* ECCurve_NIST_B233 */
+	NULL,			/* ECCurve_NIST_K283 */
+	NULL,			/* ECCurve_NIST_B283 */
+	NULL,			/* ECCurve_NIST_K409 */
+	NULL,			/* ECCurve_NIST_B409 */
+	NULL,			/* ECCurve_NIST_K571 */
+	NULL,			/* ECCurve_NIST_B571 */
+	NULL,			/* ECCurve_X9_62_PRIME_192V2 */
+	NULL,			/* ECCurve_X9_62_PRIME_192V3 */
+	NULL,			/* ECCurve_X9_62_PRIME_239V1 */
+	NULL,			/* ECCurve_X9_62_PRIME_239V2 */
+	NULL,			/* ECCurve_X9_62_PRIME_239V3 */
+	NULL,			/* ECCurve_X9_62_CHAR2_PNB163V1 */
+	NULL,			/* ECCurve_X9_62_CHAR2_PNB163V2 */
+	NULL,			/* ECCurve_X9_62_CHAR2_PNB163V3 */
+	NULL,			/* ECCurve_X9_62_CHAR2_PNB176V1 */
+	NULL,			/* ECCurve_X9_62_CHAR2_TNB191V1 */
+	NULL,			/* ECCurve_X9_62_CHAR2_TNB191V2 */
+	NULL,			/* ECCurve_X9_62_CHAR2_TNB191V3 */
+	NULL,			/* ECCurve_X9_62_CHAR2_PNB208W1 */
+	NULL,			/* ECCurve_X9_62_CHAR2_TNB239V1 */
+	NULL,			/* ECCurve_X9_62_CHAR2_TNB239V2 */
+	NULL,			/* ECCurve_X9_62_CHAR2_TNB239V3 */
+	NULL,			/* ECCurve_X9_62_CHAR2_PNB272W1 */
+	NULL,			/* ECCurve_X9_62_CHAR2_PNB304W1 */
+	NULL,			/* ECCurve_X9_62_CHAR2_TNB359V1 */
+	NULL,			/* ECCurve_X9_62_CHAR2_PNB368W1 */
+	NULL,			/* ECCurve_X9_62_CHAR2_TNB431R1 */
+	NULL,			/* ECCurve_SECG_PRIME_112R1 */
+	NULL,			/* ECCurve_SECG_PRIME_112R2 */
+	NULL,			/* ECCurve_SECG_PRIME_128R1 */
+	NULL,			/* ECCurve_SECG_PRIME_128R2 */
+	NULL,			/* ECCurve_SECG_PRIME_160K1 */
+	NULL,			/* ECCurve_SECG_PRIME_160R1 */
+	NULL,			/* ECCurve_SECG_PRIME_160R2 */
+	NULL,			/* ECCurve_SECG_PRIME_192K1 */
+	NULL,			/* ECCurve_SECG_PRIME_224K1 */
+	NULL,			/* ECCurve_SECG_PRIME_256K1 */
+	NULL,			/* ECCurve_SECG_CHAR2_113R1 */
+	NULL,			/* ECCurve_SECG_CHAR2_113R2 */
+	NULL,			/* ECCurve_SECG_CHAR2_131R1 */
+	NULL,			/* ECCurve_SECG_CHAR2_131R2 */
+	NULL,			/* ECCurve_SECG_CHAR2_163R1 */
+	NULL,			/* ECCurve_SECG_CHAR2_193R1 */
+	NULL,			/* ECCurve_SECG_CHAR2_193R2 */
+	NULL,			/* ECCurve_SECG_CHAR2_239K1 */
+	NULL,			/* ECCurve_WTLS_1 */
+	NULL,			/* ECCurve_WTLS_8 */
+	NULL,			/* ECCurve_WTLS_9 */
+	NULL			/* ECCurve_pastLastCurve */
+};
+
+#endif
diff --git a/security/nss/lib/freebl/ecl/ecl-exp.h b/security/nss/lib/freebl/ecl/ecl-exp.h
new file mode 100644
index 000000000..77f3ebb12
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ecl-exp.h
@@ -0,0 +1,196 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#ifndef __ecl_exp_h_
+#define __ecl_exp_h_
+
+/* Curve field type */
+typedef enum {
+	ECField_GFp,
+	ECField_GF2m
+} ECField;
+
+/* Hexadecimal encoding of curve parameters */
+struct ECCurveParamsStr {
+	char *text;
+	ECField field;
+	unsigned int size;
+	char *irr;
+	char *curvea;
+	char *curveb;
+	char *genx;
+	char *geny;
+	char *order;
+	int cofactor;
+};
+typedef struct ECCurveParamsStr ECCurveParams;
+
+/* Named curve parameters */
+typedef enum {
+
+	ECCurve_noName = 0,
+
+	/* NIST prime curves */
+	ECCurve_NIST_P192,
+	ECCurve_NIST_P224,
+	ECCurve_NIST_P256,
+	ECCurve_NIST_P384,
+	ECCurve_NIST_P521,
+
+	/* NIST binary curves */
+	ECCurve_NIST_K163,
+	ECCurve_NIST_B163,
+	ECCurve_NIST_K233,
+	ECCurve_NIST_B233,
+	ECCurve_NIST_K283,
+	ECCurve_NIST_B283,
+	ECCurve_NIST_K409,
+	ECCurve_NIST_B409,
+	ECCurve_NIST_K571,
+	ECCurve_NIST_B571,
+
+	/* ANSI X9.62 prime curves */
+	/* ECCurve_X9_62_PRIME_192V1 == ECCurve_NIST_P192 */
+	ECCurve_X9_62_PRIME_192V2,
+	ECCurve_X9_62_PRIME_192V3,
+	ECCurve_X9_62_PRIME_239V1,
+	ECCurve_X9_62_PRIME_239V2,
+	ECCurve_X9_62_PRIME_239V3,
+	/* ECCurve_X9_62_PRIME_256V1 == ECCurve_NIST_P256 */
+
+	/* ANSI X9.62 binary curves */
+	ECCurve_X9_62_CHAR2_PNB163V1,
+	ECCurve_X9_62_CHAR2_PNB163V2,
+	ECCurve_X9_62_CHAR2_PNB163V3,
+	ECCurve_X9_62_CHAR2_PNB176V1,
+	ECCurve_X9_62_CHAR2_TNB191V1,
+	ECCurve_X9_62_CHAR2_TNB191V2,
+	ECCurve_X9_62_CHAR2_TNB191V3,
+	ECCurve_X9_62_CHAR2_PNB208W1,
+	ECCurve_X9_62_CHAR2_TNB239V1,
+	ECCurve_X9_62_CHAR2_TNB239V2,
+	ECCurve_X9_62_CHAR2_TNB239V3,
+	ECCurve_X9_62_CHAR2_PNB272W1,
+	ECCurve_X9_62_CHAR2_PNB304W1,
+	ECCurve_X9_62_CHAR2_TNB359V1,
+	ECCurve_X9_62_CHAR2_PNB368W1,
+	ECCurve_X9_62_CHAR2_TNB431R1,
+
+	/* SEC2 prime curves */
+	ECCurve_SECG_PRIME_112R1,
+	ECCurve_SECG_PRIME_112R2,
+	ECCurve_SECG_PRIME_128R1,
+	ECCurve_SECG_PRIME_128R2,
+	ECCurve_SECG_PRIME_160K1,
+	ECCurve_SECG_PRIME_160R1,
+	ECCurve_SECG_PRIME_160R2,
+	ECCurve_SECG_PRIME_192K1,
+	/* ECCurve_SECG_PRIME_192R1 == ECCurve_NIST_P192 */
+	ECCurve_SECG_PRIME_224K1,
+	/* ECCurve_SECG_PRIME_224R1 == ECCurve_NIST_P224 */
+	ECCurve_SECG_PRIME_256K1,
+	/* ECCurve_SECG_PRIME_256R1 == ECCurve_NIST_P256 */
+	/* ECCurve_SECG_PRIME_384R1 == ECCurve_NIST_P384 */
+	/* ECCurve_SECG_PRIME_521R1 == ECCurve_NIST_P521 */
+
+	/* SEC2 binary curves */
+	ECCurve_SECG_CHAR2_113R1,
+	ECCurve_SECG_CHAR2_113R2,
+	ECCurve_SECG_CHAR2_131R1,
+	ECCurve_SECG_CHAR2_131R2,
+	/* ECCurve_SECG_CHAR2_163K1 == ECCurve_NIST_K163 */
+	ECCurve_SECG_CHAR2_163R1,
+	/* ECCurve_SECG_CHAR2_163R2 == ECCurve_NIST_B163 */
+	ECCurve_SECG_CHAR2_193R1,
+	ECCurve_SECG_CHAR2_193R2,
+	/* ECCurve_SECG_CHAR2_233K1 == ECCurve_NIST_K233 */
+	/* ECCurve_SECG_CHAR2_233R1 == ECCurve_NIST_B233 */
+	ECCurve_SECG_CHAR2_239K1,
+	/* ECCurve_SECG_CHAR2_283K1 == ECCurve_NIST_K283 */
+	/* ECCurve_SECG_CHAR2_283R1 == ECCurve_NIST_B283 */
+	/* ECCurve_SECG_CHAR2_409K1 == ECCurve_NIST_K409 */
+	/* ECCurve_SECG_CHAR2_409R1 == ECCurve_NIST_B409 */
+	/* ECCurve_SECG_CHAR2_571K1 == ECCurve_NIST_K571 */
+	/* ECCurve_SECG_CHAR2_571R1 == ECCurve_NIST_B571 */
+
+	/* WTLS curves */
+	ECCurve_WTLS_1,
+	/* there is no WTLS 2 curve */
+	/* ECCurve_WTLS_3 == ECCurve_NIST_K163 */
+	/* ECCurve_WTLS_4 == ECCurve_SECG_CHAR2_113R1 */
+	/* ECCurve_WTLS_5 == ECCurve_X9_62_CHAR2_PNB163V1 */
+	/* ECCurve_WTLS_6 == ECCurve_SECG_PRIME_112R1 */
+	/* ECCurve_WTLS_7 == ECCurve_SECG_PRIME_160R1 */
+	ECCurve_WTLS_8,
+	ECCurve_WTLS_9,
+	/* ECCurve_WTLS_10 == ECCurve_NIST_K233 */
+	/* ECCurve_WTLS_11 == ECCurve_NIST_B233 */
+	/* ECCurve_WTLS_12 == ECCurve_NIST_P224 */
+
+	ECCurve_pastLastCurve
+} ECCurveName;
+
+/* Aliased named curves */
+
+#define ECCurve_X9_62_PRIME_192V1 ECCurve_NIST_P192
+#define ECCurve_X9_62_PRIME_256V1 ECCurve_NIST_P256
+#define ECCurve_SECG_PRIME_192R1 ECCurve_NIST_P192
+#define ECCurve_SECG_PRIME_224R1 ECCurve_NIST_P224
+#define ECCurve_SECG_PRIME_256R1 ECCurve_NIST_P256
+#define ECCurve_SECG_PRIME_384R1 ECCurve_NIST_P384
+#define ECCurve_SECG_PRIME_521R1 ECCurve_NIST_P521
+#define ECCurve_SECG_CHAR2_163K1 ECCurve_NIST_K163
+#define ECCurve_SECG_CHAR2_163R2 ECCurve_NIST_B163
+#define ECCurve_SECG_CHAR2_233K1 ECCurve_NIST_K233
+#define ECCurve_SECG_CHAR2_233R1 ECCurve_NIST_B233
+#define ECCurve_SECG_CHAR2_283K1 ECCurve_NIST_K283
+#define ECCurve_SECG_CHAR2_283R1 ECCurve_NIST_B283
+#define ECCurve_SECG_CHAR2_409K1 ECCurve_NIST_K409
+#define ECCurve_SECG_CHAR2_409R1 ECCurve_NIST_B409
+#define ECCurve_SECG_CHAR2_571K1 ECCurve_NIST_K571
+#define ECCurve_SECG_CHAR2_571R1 ECCurve_NIST_B571
+#define ECCurve_WTLS_3 ECCurve_NIST_K163
+#define ECCurve_WTLS_4 ECCurve_SECG_CHAR2_113R1
+#define ECCurve_WTLS_5 ECCurve_X9_62_CHAR2_PNB163V1
+#define ECCurve_WTLS_6 ECCurve_SECG_PRIME_112R1
+#define ECCurve_WTLS_7 ECCurve_SECG_PRIME_160R1
+#define ECCurve_WTLS_10 ECCurve_NIST_K233
+#define ECCurve_WTLS_11 ECCurve_NIST_B233
+#define ECCurve_WTLS_12 ECCurve_NIST_P224
+
+#endif							/* __ecl_exp_h_ */
diff --git a/security/nss/lib/freebl/ecl/ecl-priv.h b/security/nss/lib/freebl/ecl/ecl-priv.h
new file mode 100644
index 000000000..05abb4dff
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ecl-priv.h
@@ -0,0 +1,281 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Stephen Fung <fungstep@hotmail.com> and
+ *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#ifndef __ecl_priv_h_
+#define __ecl_priv_h_
+
+#include "ecl.h"
+#include "mpi.h"
+#include "mplogic.h"
+
+/* MAX_FIELD_SIZE_DIGITS is the maximum size of field element supported */
+/* the following needs to go away... */
+#if defined(MP_USE_LONG_LONG_DIGIT) || defined(MP_USE_LONG_DIGIT)
+#define ECL_SIXTY_FOUR_BIT
+#else
+#define ECL_THIRTY_TWO_BIT
+#endif
+
+#define ECL_CURVE_DIGITS(curve_size_in_bits) \
+	(((curve_size_in_bits)+(sizeof(mp_digit)*8-1))/(sizeof(mp_digit)*8))
+#define ECL_BITS (sizeof(mp_digit)*8)
+#define ECL_MAX_FIELD_SIZE_DIGITS (80/sizeof(mp_digit))
+
+/* Gets the i'th bit in the binary representation of a. If i >= length(a), 
+ * then return 0. (The above behaviour differs from mpl_get_bit, which
+ * causes an error if i >= length(a).) */
+#define MP_GET_BIT(a, i) \
+	((i) >= mpl_significant_bits((a))) ? 0 : mpl_get_bit((a), (i))
+
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
+#define MP_ADD_CARRY(a1, a2, s, cin, cout)   \
+    { mp_word w; \
+    w = ((mp_word)(cin)) + (a1) + (a2); \
+    s = ACCUM(w); \
+    cout = CARRYOUT(w); }
+
+#define MP_SUB_BORROW(a1, a2, s, bin, bout)   \
+    { mp_word w; \
+    w = ((mp_word)(a1)) - (a2) - (bin); \
+    s = ACCUM(w); \
+    bout = (w >> MP_DIGIT_BIT) & 1; }
+
+#else
+/* NOTE, 
+ * cin and cout could be the same variable.
+ * bin and bout could be the same variable.
+ * a1 or a2 and s could be the same variable.
+ * don't trash those outputs until their respective inputs have
+ * been read. */
+#define MP_ADD_CARRY(a1, a2, s, cin, cout)   \
+    { mp_digit tmp,sum; \
+    tmp = (a1); \
+    sum = tmp + (a2); \
+    tmp = (sum < tmp);                     /* detect overflow */ \
+    s = sum += (cin); \
+    cout = tmp + (sum < (cin)); }
+
+#define MP_SUB_BORROW(a1, a2, s, bin, bout)   \
+    { mp_digit tmp; \
+    tmp = (a1); \
+    s = tmp - (a2); \
+    tmp = (s > tmp);                    /* detect borrow */ \
+    if ((bin) && !s--) tmp++;	\
+    bout = tmp; }
+#endif
+
+
+struct GFMethodStr;
+typedef struct GFMethodStr GFMethod;
+struct GFMethodStr {
+	/* Indicates whether the structure was constructed from dynamic memory 
+	 * or statically created. */
+	int constructed;
+	/* Irreducible that defines the field. For prime fields, this is the
+	 * prime p. For binary polynomial fields, this is the bitstring
+	 * representation of the irreducible polynomial. */
+	mp_int irr;
+	/* For prime fields, the value irr_arr[0] is the number of bits in the 
+	 * field. For binary polynomial fields, the irreducible polynomial
+	 * f(t) is represented as an array of unsigned int[], where f(t) is
+	 * of the form: f(t) = t^p[0] + t^p[1] + ... + t^p[4] where m = p[0]
+	 * > p[1] > ... > p[4] = 0. */
+	unsigned int irr_arr[5];
+	/* Field arithmetic methods. All methods (except field_enc and
+	 * field_dec) are assumed to take field-encoded parameters and return
+	 * field-encoded values. All methods (except field_enc and field_dec)
+	 * are required to be implemented. */
+	mp_err (*field_add) (const mp_int *a, const mp_int *b, mp_int *r,
+						 const GFMethod *meth);
+	mp_err (*field_neg) (const mp_int *a, mp_int *r, const GFMethod *meth);
+	mp_err (*field_sub) (const mp_int *a, const mp_int *b, mp_int *r,
+						 const GFMethod *meth);
+	mp_err (*field_mod) (const mp_int *a, mp_int *r, const GFMethod *meth);
+	mp_err (*field_mul) (const mp_int *a, const mp_int *b, mp_int *r,
+						 const GFMethod *meth);
+	mp_err (*field_sqr) (const mp_int *a, mp_int *r, const GFMethod *meth);
+	mp_err (*field_div) (const mp_int *a, const mp_int *b, mp_int *r,
+						 const GFMethod *meth);
+	mp_err (*field_enc) (const mp_int *a, mp_int *r, const GFMethod *meth);
+	mp_err (*field_dec) (const mp_int *a, mp_int *r, const GFMethod *meth);
+	/* Extra storage for implementation-specific data.  Any memory
+	 * allocated to these extra fields will be cleared by extra_free. */
+	void *extra1;
+	void *extra2;
+	void (*extra_free) (GFMethod *meth);
+};
+
+/* Construct generic GFMethods. */
+GFMethod *GFMethod_consGFp(const mp_int *irr);
+GFMethod *GFMethod_consGFp_mont(const mp_int *irr);
+GFMethod *GFMethod_consGF2m(const mp_int *irr,
+							const unsigned int irr_arr[5]);
+/* Free the memory allocated (if any) to a GFMethod object. */
+void GFMethod_free(GFMethod *meth);
+
+struct ECGroupStr {
+	/* Indicates whether the structure was constructed from dynamic memory 
+	 * or statically created. */
+	int constructed;
+	/* Field definition and arithmetic. */
+	GFMethod *meth;
+	/* Textual representation of curve name, if any. */
+	char *text;
+	/* Curve parameters, field-encoded. */
+	mp_int curvea, curveb;
+	/* x and y coordinates of the base point, field-encoded. */
+	mp_int genx, geny;
+	/* Order and cofactor of the base point. */
+	mp_int order;
+	int cofactor;
+	/* Point arithmetic methods. All methods are assumed to take
+	 * field-encoded parameters and return field-encoded values. All
+	 * methods (except base_point_mul and points_mul) are required to be
+	 * implemented. */
+	mp_err (*point_add) (const mp_int *px, const mp_int *py,
+						 const mp_int *qx, const mp_int *qy, mp_int *rx,
+						 mp_int *ry, const ECGroup *group);
+	mp_err (*point_sub) (const mp_int *px, const mp_int *py,
+						 const mp_int *qx, const mp_int *qy, mp_int *rx,
+						 mp_int *ry, const ECGroup *group);
+	mp_err (*point_dbl) (const mp_int *px, const mp_int *py, mp_int *rx,
+						 mp_int *ry, const ECGroup *group);
+	mp_err (*point_mul) (const mp_int *n, const mp_int *px,
+						 const mp_int *py, mp_int *rx, mp_int *ry,
+						 const ECGroup *group);
+	mp_err (*base_point_mul) (const mp_int *n, mp_int *rx, mp_int *ry,
+							  const ECGroup *group);
+	mp_err (*points_mul) (const mp_int *k1, const mp_int *k2,
+						  const mp_int *px, const mp_int *py, mp_int *rx,
+						  mp_int *ry, const ECGroup *group);
+	mp_err (*validate_point) (const mp_int *px, const mp_int *py, const ECGroup *group);
+	/* Extra storage for implementation-specific data.  Any memory
+	 * allocated to these extra fields will be cleared by extra_free. */
+	void *extra1;
+	void *extra2;
+	void (*extra_free) (ECGroup *group);
+};
+
+/* Wrapper functions for generic prime field arithmetic. */
+mp_err ec_GFp_add(const mp_int *a, const mp_int *b, mp_int *r,
+				  const GFMethod *meth);
+mp_err ec_GFp_neg(const mp_int *a, mp_int *r, const GFMethod *meth);
+mp_err ec_GFp_sub(const mp_int *a, const mp_int *b, mp_int *r,
+				  const GFMethod *meth);
+
+/* fixed length in-line adds. Count is in words */
+mp_err ec_GFp_add_3(const mp_int *a, const mp_int *b, mp_int *r,
+				  const GFMethod *meth);
+mp_err ec_GFp_add_4(const mp_int *a, const mp_int *b, mp_int *r,
+				  const GFMethod *meth);
+mp_err ec_GFp_add_5(const mp_int *a, const mp_int *b, mp_int *r,
+				  const GFMethod *meth);
+mp_err ec_GFp_add_6(const mp_int *a, const mp_int *b, mp_int *r,
+				  const GFMethod *meth);
+mp_err ec_GFp_sub_3(const mp_int *a, const mp_int *b, mp_int *r,
+				  const GFMethod *meth);
+mp_err ec_GFp_sub_4(const mp_int *a, const mp_int *b, mp_int *r,
+				  const GFMethod *meth);
+mp_err ec_GFp_sub_5(const mp_int *a, const mp_int *b, mp_int *r,
+				  const GFMethod *meth);
+mp_err ec_GFp_sub_6(const mp_int *a, const mp_int *b, mp_int *r,
+				  const GFMethod *meth);
+
+mp_err ec_GFp_mod(const mp_int *a, mp_int *r, const GFMethod *meth);
+mp_err ec_GFp_mul(const mp_int *a, const mp_int *b, mp_int *r,
+				  const GFMethod *meth);
+mp_err ec_GFp_sqr(const mp_int *a, mp_int *r, const GFMethod *meth);
+mp_err ec_GFp_div(const mp_int *a, const mp_int *b, mp_int *r,
+				  const GFMethod *meth);
+/* Wrapper functions for generic binary polynomial field arithmetic. */
+mp_err ec_GF2m_add(const mp_int *a, const mp_int *b, mp_int *r,
+				   const GFMethod *meth);
+mp_err ec_GF2m_neg(const mp_int *a, mp_int *r, const GFMethod *meth);
+mp_err ec_GF2m_mod(const mp_int *a, mp_int *r, const GFMethod *meth);
+mp_err ec_GF2m_mul(const mp_int *a, const mp_int *b, mp_int *r,
+				   const GFMethod *meth);
+mp_err ec_GF2m_sqr(const mp_int *a, mp_int *r, const GFMethod *meth);
+mp_err ec_GF2m_div(const mp_int *a, const mp_int *b, mp_int *r,
+				   const GFMethod *meth);
+
+/* Montgomery prime field arithmetic. */
+mp_err ec_GFp_mul_mont(const mp_int *a, const mp_int *b, mp_int *r,
+					   const GFMethod *meth);
+mp_err ec_GFp_sqr_mont(const mp_int *a, mp_int *r, const GFMethod *meth);
+mp_err ec_GFp_div_mont(const mp_int *a, const mp_int *b, mp_int *r,
+					   const GFMethod *meth);
+mp_err ec_GFp_enc_mont(const mp_int *a, mp_int *r, const GFMethod *meth);
+mp_err ec_GFp_dec_mont(const mp_int *a, mp_int *r, const GFMethod *meth);
+void ec_GFp_extra_free_mont(GFMethod *meth);
+
+/* point multiplication */
+mp_err ec_pts_mul_basic(const mp_int *k1, const mp_int *k2,
+						const mp_int *px, const mp_int *py, mp_int *rx,
+						mp_int *ry, const ECGroup *group);
+mp_err ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2,
+						   const mp_int *px, const mp_int *py, mp_int *rx,
+						   mp_int *ry, const ECGroup *group);
+
+/* Computes the windowed non-adjacent-form (NAF) of a scalar. Out should
+ * be an array of signed char's to output to, bitsize should be the number 
+ * of bits of out, in is the original scalar, and w is the window size.
+ * NAF is discussed in the paper: D. Hankerson, J. Hernandez and A.
+ * Menezes, "Software implementation of elliptic curve cryptography over
+ * binary fields", Proc. CHES 2000. */
+mp_err ec_compute_wNAF(signed char *out, int bitsize, const mp_int *in,
+					   int w);
+
+/* Optimized field arithmetic */
+mp_err ec_group_set_gfp192(ECGroup *group, ECCurveName);
+mp_err ec_group_set_gfp224(ECGroup *group, ECCurveName);
+mp_err ec_group_set_gfp256(ECGroup *group, ECCurveName);
+mp_err ec_group_set_gfp384(ECGroup *group, ECCurveName);
+mp_err ec_group_set_gfp521(ECGroup *group, ECCurveName);
+mp_err ec_group_set_gf2m163(ECGroup *group, ECCurveName name);
+mp_err ec_group_set_gf2m193(ECGroup *group, ECCurveName name);
+mp_err ec_group_set_gf2m233(ECGroup *group, ECCurveName name);
+
+/* Optimized floating-point arithmetic */
+#ifdef ECL_USE_FP
+mp_err ec_group_set_secp160r1_fp(ECGroup *group);
+mp_err ec_group_set_nistp192_fp(ECGroup *group);
+mp_err ec_group_set_nistp224_fp(ECGroup *group);
+#endif
+
+#endif							/* __ecl_priv_h_ */
diff --git a/security/nss/lib/freebl/ecl/ecl.c b/security/nss/lib/freebl/ecl/ecl.c
new file mode 100644
index 000000000..84080df3c
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ecl.c
@@ -0,0 +1,429 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "mpi.h"
+#include "mplogic.h"
+#include "ecl.h"
+#include "ecl-priv.h"
+#include "ec2.h"
+#include "ecp.h"
+#include <stdlib.h>
+#include <string.h>
+
+/* Allocate memory for a new ECGroup object. */
+ECGroup *
+ECGroup_new()
+{
+	mp_err res = MP_OKAY;
+	ECGroup *group;
+	group = (ECGroup *) malloc(sizeof(ECGroup));
+	if (group == NULL)
+		return NULL;
+	group->constructed = MP_YES;
+        group->meth = NULL;
+	group->text = NULL;
+	MP_DIGITS(&group->curvea) = 0;
+	MP_DIGITS(&group->curveb) = 0;
+	MP_DIGITS(&group->genx) = 0;
+	MP_DIGITS(&group->geny) = 0;
+	MP_DIGITS(&group->order) = 0;
+	group->base_point_mul = NULL;
+	group->points_mul = NULL;
+	group->validate_point = NULL;
+	group->extra1 = NULL;
+	group->extra2 = NULL;
+	group->extra_free = NULL;
+	MP_CHECKOK(mp_init(&group->curvea));
+	MP_CHECKOK(mp_init(&group->curveb));
+	MP_CHECKOK(mp_init(&group->genx));
+	MP_CHECKOK(mp_init(&group->geny));
+	MP_CHECKOK(mp_init(&group->order));
+
+  CLEANUP:
+	if (res != MP_OKAY) {
+		ECGroup_free(group);
+		return NULL;
+	}
+	return group;
+}
+
+/* Construct a generic ECGroup for elliptic curves over prime fields. */
+ECGroup *
+ECGroup_consGFp(const mp_int *irr, const mp_int *curvea,
+				const mp_int *curveb, const mp_int *genx,
+				const mp_int *geny, const mp_int *order, int cofactor)
+{
+	mp_err res = MP_OKAY;
+	ECGroup *group = NULL;
+
+	group = ECGroup_new();
+	if (group == NULL)
+		return NULL;
+
+	group->meth = GFMethod_consGFp(irr);
+	if (group->meth == NULL) {
+		res = MP_MEM;
+		goto CLEANUP;
+	}
+	MP_CHECKOK(mp_copy(curvea, &group->curvea));
+	MP_CHECKOK(mp_copy(curveb, &group->curveb));
+	MP_CHECKOK(mp_copy(genx, &group->genx));
+	MP_CHECKOK(mp_copy(geny, &group->geny));
+	MP_CHECKOK(mp_copy(order, &group->order));
+	group->cofactor = cofactor;
+	group->point_add = &ec_GFp_pt_add_aff;
+	group->point_sub = &ec_GFp_pt_sub_aff;
+	group->point_dbl = &ec_GFp_pt_dbl_aff;
+	group->point_mul = &ec_GFp_pt_mul_jm_wNAF;
+	group->base_point_mul = NULL;
+	group->points_mul = &ec_GFp_pts_mul_jac;
+	group->validate_point = &ec_GFp_validate_point;
+
+  CLEANUP:
+	if (res != MP_OKAY) {
+		ECGroup_free(group);
+		return NULL;
+	}
+	return group;
+}
+
+/* Construct a generic ECGroup for elliptic curves over prime fields with
+ * field arithmetic implemented in Montgomery coordinates. */
+ECGroup *
+ECGroup_consGFp_mont(const mp_int *irr, const mp_int *curvea,
+					 const mp_int *curveb, const mp_int *genx,
+					 const mp_int *geny, const mp_int *order, int cofactor)
+{
+	mp_err res = MP_OKAY;
+	ECGroup *group = NULL;
+
+	group = ECGroup_new();
+	if (group == NULL)
+		return NULL;
+
+	group->meth = GFMethod_consGFp_mont(irr);
+	if (group->meth == NULL) {
+		res = MP_MEM;
+		goto CLEANUP;
+	}
+	MP_CHECKOK(group->meth->
+			   field_enc(curvea, &group->curvea, group->meth));
+	MP_CHECKOK(group->meth->
+			   field_enc(curveb, &group->curveb, group->meth));
+	MP_CHECKOK(group->meth->field_enc(genx, &group->genx, group->meth));
+	MP_CHECKOK(group->meth->field_enc(geny, &group->geny, group->meth));
+	MP_CHECKOK(mp_copy(order, &group->order));
+	group->cofactor = cofactor;
+	group->point_add = &ec_GFp_pt_add_aff;
+	group->point_sub = &ec_GFp_pt_sub_aff;
+	group->point_dbl = &ec_GFp_pt_dbl_aff;
+	group->point_mul = &ec_GFp_pt_mul_jm_wNAF;
+	group->base_point_mul = NULL;
+	group->points_mul = &ec_GFp_pts_mul_jac;
+	group->validate_point = &ec_GFp_validate_point;
+
+  CLEANUP:
+	if (res != MP_OKAY) {
+		ECGroup_free(group);
+		return NULL;
+	}
+	return group;
+}
+
+#ifdef NSS_ECC_MORE_THAN_SUITE_B
+/* Construct a generic ECGroup for elliptic curves over binary polynomial
+ * fields. */
+ECGroup *
+ECGroup_consGF2m(const mp_int *irr, const unsigned int irr_arr[5],
+				 const mp_int *curvea, const mp_int *curveb,
+				 const mp_int *genx, const mp_int *geny,
+				 const mp_int *order, int cofactor)
+{
+	mp_err res = MP_OKAY;
+	ECGroup *group = NULL;
+
+	group = ECGroup_new();
+	if (group == NULL)
+		return NULL;
+
+	group->meth = GFMethod_consGF2m(irr, irr_arr);
+	if (group->meth == NULL) {
+		res = MP_MEM;
+		goto CLEANUP;
+	}
+	MP_CHECKOK(mp_copy(curvea, &group->curvea));
+	MP_CHECKOK(mp_copy(curveb, &group->curveb));
+	MP_CHECKOK(mp_copy(genx, &group->genx));
+	MP_CHECKOK(mp_copy(geny, &group->geny));
+	MP_CHECKOK(mp_copy(order, &group->order));
+	group->cofactor = cofactor;
+	group->point_add = &ec_GF2m_pt_add_aff;
+	group->point_sub = &ec_GF2m_pt_sub_aff;
+	group->point_dbl = &ec_GF2m_pt_dbl_aff;
+	group->point_mul = &ec_GF2m_pt_mul_mont;
+	group->base_point_mul = NULL;
+	group->points_mul = &ec_pts_mul_basic;
+	group->validate_point = &ec_GF2m_validate_point;
+
+  CLEANUP:
+	if (res != MP_OKAY) {
+		ECGroup_free(group);
+		return NULL;
+	}
+	return group;
+}
+#endif
+
+/* Construct ECGroup from hex parameters and name, if any. Called by
+ * ECGroup_fromHex and ECGroup_fromName. */
+ECGroup *
+ecgroup_fromNameAndHex(const ECCurveName name,
+					   const ECCurveParams * params)
+{
+	mp_int irr, curvea, curveb, genx, geny, order;
+	int bits;
+	ECGroup *group = NULL;
+	mp_err res = MP_OKAY;
+
+	/* initialize values */
+	MP_DIGITS(&irr) = 0;
+	MP_DIGITS(&curvea) = 0;
+	MP_DIGITS(&curveb) = 0;
+	MP_DIGITS(&genx) = 0;
+	MP_DIGITS(&geny) = 0;
+	MP_DIGITS(&order) = 0;
+	MP_CHECKOK(mp_init(&irr));
+	MP_CHECKOK(mp_init(&curvea));
+	MP_CHECKOK(mp_init(&curveb));
+	MP_CHECKOK(mp_init(&genx));
+	MP_CHECKOK(mp_init(&geny));
+	MP_CHECKOK(mp_init(&order));
+	MP_CHECKOK(mp_read_radix(&irr, params->irr, 16));
+	MP_CHECKOK(mp_read_radix(&curvea, params->curvea, 16));
+	MP_CHECKOK(mp_read_radix(&curveb, params->curveb, 16));
+	MP_CHECKOK(mp_read_radix(&genx, params->genx, 16));
+	MP_CHECKOK(mp_read_radix(&geny, params->geny, 16));
+	MP_CHECKOK(mp_read_radix(&order, params->order, 16));
+
+	/* determine number of bits */
+	bits = mpl_significant_bits(&irr) - 1;
+	if (bits < MP_OKAY) {
+		res = bits;
+		goto CLEANUP;
+	}
+
+	/* determine which optimizations (if any) to use */
+	if (params->field == ECField_GFp) {
+#ifdef NSS_ECC_MORE_THAN_SUITE_B
+	    switch (name) {
+#ifdef ECL_USE_FP
+		case ECCurve_SECG_PRIME_160R1:
+			group =
+				ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
+								&order, params->cofactor);
+			if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
+			MP_CHECKOK(ec_group_set_secp160r1_fp(group));
+			break;
+#endif
+		case ECCurve_SECG_PRIME_192R1:
+#ifdef ECL_USE_FP
+			group =
+				ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
+								&order, params->cofactor);
+			if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
+			MP_CHECKOK(ec_group_set_nistp192_fp(group));
+#else
+			group =
+				ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
+								&order, params->cofactor);
+			if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
+			MP_CHECKOK(ec_group_set_gfp192(group, name));
+#endif
+			break;
+		case ECCurve_SECG_PRIME_224R1:
+#ifdef ECL_USE_FP
+			group =
+				ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
+								&order, params->cofactor);
+			if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
+			MP_CHECKOK(ec_group_set_nistp224_fp(group));
+#else
+			group =
+				ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
+								&order, params->cofactor);
+			if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
+			MP_CHECKOK(ec_group_set_gfp224(group, name));
+#endif
+			break;
+		case ECCurve_SECG_PRIME_256R1:
+			group =
+				ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
+								&order, params->cofactor);
+			if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
+			MP_CHECKOK(ec_group_set_gfp256(group, name));
+			break;
+		case ECCurve_SECG_PRIME_521R1:
+			group =
+				ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
+								&order, params->cofactor);
+			if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
+			MP_CHECKOK(ec_group_set_gfp521(group, name));
+			break;
+		default:
+			/* use generic arithmetic */
+#endif
+			group =
+				ECGroup_consGFp_mont(&irr, &curvea, &curveb, &genx, &geny,
+									 &order, params->cofactor);
+			if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
+#ifdef NSS_ECC_MORE_THAN_SUITE_B
+		}
+	} else if (params->field == ECField_GF2m) {
+		group = ECGroup_consGF2m(&irr, NULL, &curvea, &curveb, &genx, &geny, &order, params->cofactor);
+		if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
+		if ((name == ECCurve_NIST_K163) ||
+		    (name == ECCurve_NIST_B163) ||
+		    (name == ECCurve_SECG_CHAR2_163R1)) {
+			MP_CHECKOK(ec_group_set_gf2m163(group, name));
+		} else if ((name == ECCurve_SECG_CHAR2_193R1) ||
+		           (name == ECCurve_SECG_CHAR2_193R2)) {
+			MP_CHECKOK(ec_group_set_gf2m193(group, name));
+		} else if ((name == ECCurve_NIST_K233) ||
+		           (name == ECCurve_NIST_B233)) {
+			MP_CHECKOK(ec_group_set_gf2m233(group, name));
+		}
+#endif
+	} else {
+		res = MP_UNDEF;
+		goto CLEANUP;
+	}
+
+	/* set name, if any */
+	if ((group != NULL) && (params->text != NULL)) {
+		group->text = strdup(params->text);
+		if (group->text == NULL) {
+			res = MP_MEM;
+		}
+	}
+
+  CLEANUP:
+	mp_clear(&irr);
+	mp_clear(&curvea);
+	mp_clear(&curveb);
+	mp_clear(&genx);
+	mp_clear(&geny);
+	mp_clear(&order);
+	if (res != MP_OKAY) {
+		ECGroup_free(group);
+		return NULL;
+	}
+	return group;
+}
+
+/* Construct ECGroup from hexadecimal representations of parameters. */
+ECGroup *
+ECGroup_fromHex(const ECCurveParams * params)
+{
+	return ecgroup_fromNameAndHex(ECCurve_noName, params);
+}
+
+/* Construct ECGroup from named parameters. */
+ECGroup *
+ECGroup_fromName(const ECCurveName name)
+{
+	ECGroup *group = NULL;
+	ECCurveParams *params = NULL;
+	mp_err res = MP_OKAY;
+
+	params = EC_GetNamedCurveParams(name);
+	if (params == NULL) {
+		res = MP_UNDEF;
+		goto CLEANUP;
+	}
+
+	/* construct actual group */
+	group = ecgroup_fromNameAndHex(name, params);
+	if (group == NULL) {
+		res = MP_UNDEF;
+		goto CLEANUP;
+	}
+
+  CLEANUP:
+	EC_FreeCurveParams(params);
+	if (res != MP_OKAY) {
+		ECGroup_free(group);
+		return NULL;
+	}
+	return group;
+}
+
+/* Validates an EC public key as described in Section 5.2.2 of X9.62. */
+mp_err ECPoint_validate(const ECGroup *group, const mp_int *px, const 
+					mp_int *py)
+{
+    /* 1: Verify that publicValue is not the point at infinity */
+    /* 2: Verify that the coordinates of publicValue are elements 
+     *    of the field.
+     */
+    /* 3: Verify that publicValue is on the curve. */
+    /* 4: Verify that the order of the curve times the publicValue
+     *    is the point at infinity.
+     */
+	return group->validate_point(px, py, group);
+}
+
+/* Free the memory allocated (if any) to an ECGroup object. */
+void
+ECGroup_free(ECGroup *group)
+{
+	if (group == NULL)
+		return;
+	GFMethod_free(group->meth);
+	if (group->constructed == MP_NO)
+		return;
+	mp_clear(&group->curvea);
+	mp_clear(&group->curveb);
+	mp_clear(&group->genx);
+	mp_clear(&group->geny);
+	mp_clear(&group->order);
+	if (group->text != NULL)
+		free(group->text);
+	if (group->extra_free != NULL)
+		group->extra_free(group);
+	free(group);
+}
diff --git a/security/nss/lib/freebl/ecl/ecl.h b/security/nss/lib/freebl/ecl/ecl.h
new file mode 100644
index 000000000..dbd86c253
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ecl.h
@@ -0,0 +1,91 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+/* Although this is not an exported header file, code which uses elliptic
+ * curve point operations will need to include it. */
+
+#ifndef __ecl_h_
+#define __ecl_h_
+
+#include "ecl-exp.h"
+#include "mpi.h"
+
+struct ECGroupStr;
+typedef struct ECGroupStr ECGroup;
+
+/* Construct ECGroup from hexadecimal representations of parameters. */
+ECGroup *ECGroup_fromHex(const ECCurveParams * params);
+
+/* Construct ECGroup from named parameters. */
+ECGroup *ECGroup_fromName(const ECCurveName name);
+
+/* Free an allocated ECGroup. */
+void ECGroup_free(ECGroup *group);
+
+/* Construct ECCurveParams from an ECCurveName */
+ECCurveParams *EC_GetNamedCurveParams(const ECCurveName name);
+
+/* Duplicates an ECCurveParams */
+ECCurveParams *ECCurveParams_dup(const ECCurveParams * params);
+
+/* Free an allocated ECCurveParams */
+void EC_FreeCurveParams(ECCurveParams * params);
+
+/* Elliptic curve scalar-point multiplication. Computes Q(x, y) = k * P(x, 
+ * y).  If x, y = NULL, then P is assumed to be the generator (base point) 
+ * of the group of points on the elliptic curve. Input and output values
+ * are assumed to be NOT field-encoded. */
+mp_err ECPoint_mul(const ECGroup *group, const mp_int *k, const mp_int *px,
+				   const mp_int *py, mp_int *qx, mp_int *qy);
+
+/* Elliptic curve scalar-point multiplication. Computes Q(x, y) = k1 * G + 
+ * k2 * P(x, y), where G is the generator (base point) of the group of
+ * points on the elliptic curve. Input and output values are assumed to
+ * be NOT field-encoded. */
+mp_err ECPoints_mul(const ECGroup *group, const mp_int *k1,
+					const mp_int *k2, const mp_int *px, const mp_int *py,
+					mp_int *qx, mp_int *qy);
+
+/* Validates an EC public key as described in Section 5.2.2 of X9.62.
+ * Returns MP_YES if the public key is valid, MP_NO if the public key
+ * is invalid, or an error code if the validation could not be
+ * performed. */
+mp_err ECPoint_validate(const ECGroup *group, const mp_int *px, const 
+					mp_int *py);
+
+#endif							/* __ecl_h_ */
diff --git a/security/nss/lib/freebl/ecl/ecl_curve.c b/security/nss/lib/freebl/ecl/ecl_curve.c
new file mode 100644
index 000000000..a0a7bd316
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ecl_curve.c
@@ -0,0 +1,123 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "ecl.h"
+#include "ecl-curve.h"
+#include "ecl-priv.h"
+#include <stdlib.h>
+#include <string.h>
+
+#define CHECK(func) if ((func) == NULL) { res = 0; goto CLEANUP; }
+
+/* Duplicates an ECCurveParams */
+ECCurveParams *
+ECCurveParams_dup(const ECCurveParams * params)
+{
+	int res = 1;
+	ECCurveParams *ret = NULL;
+
+	CHECK(ret = (ECCurveParams *) calloc(1, sizeof(ECCurveParams)));
+	if (params->text != NULL) {
+		CHECK(ret->text = strdup(params->text));
+	}
+	ret->field = params->field;
+	ret->size = params->size;
+	if (params->irr != NULL) {
+		CHECK(ret->irr = strdup(params->irr));
+	}
+	if (params->curvea != NULL) {
+		CHECK(ret->curvea = strdup(params->curvea));
+	}
+	if (params->curveb != NULL) {
+		CHECK(ret->curveb = strdup(params->curveb));
+	}
+	if (params->genx != NULL) {
+		CHECK(ret->genx = strdup(params->genx));
+	}
+	if (params->geny != NULL) {
+		CHECK(ret->geny = strdup(params->geny));
+	}
+	if (params->order != NULL) {
+		CHECK(ret->order = strdup(params->order));
+	}
+	ret->cofactor = params->cofactor;
+
+  CLEANUP:
+	if (res != 1) {
+		EC_FreeCurveParams(ret);
+		return NULL;
+	}
+	return ret;
+}
+
+#undef CHECK
+
+/* Construct ECCurveParams from an ECCurveName */
+ECCurveParams *
+EC_GetNamedCurveParams(const ECCurveName name)
+{
+	if ((name <= ECCurve_noName) || (ECCurve_pastLastCurve <= name) ||
+					(ecCurve_map[name] == NULL)) {
+		return NULL;
+	} else {
+		return ECCurveParams_dup(ecCurve_map[name]);
+	}
+}
+
+/* Free the memory allocated (if any) to an ECCurveParams object. */
+void
+EC_FreeCurveParams(ECCurveParams * params)
+{
+	if (params == NULL)
+		return;
+	if (params->text != NULL)
+		free(params->text);
+	if (params->irr != NULL)
+		free(params->irr);
+	if (params->curvea != NULL)
+		free(params->curvea);
+	if (params->curveb != NULL)
+		free(params->curveb);
+	if (params->genx != NULL)
+		free(params->genx);
+	if (params->geny != NULL)
+		free(params->geny);
+	if (params->order != NULL)
+		free(params->order);
+	free(params);
+}
diff --git a/security/nss/lib/freebl/ecl/ecl_gf.c b/security/nss/lib/freebl/ecl/ecl_gf.c
new file mode 100644
index 000000000..08fa0c3e0
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ecl_gf.c
@@ -0,0 +1,1032 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Stephen Fung <fungstep@hotmail.com> and
+ *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "mpi.h"
+#include "mp_gf2m.h"
+#include "ecl-priv.h"
+#include "mpi-priv.h"
+#include <stdlib.h>
+
+/* Allocate memory for a new GFMethod object. */
+GFMethod *
+GFMethod_new()
+{
+	mp_err res = MP_OKAY;
+	GFMethod *meth;
+	meth = (GFMethod *) malloc(sizeof(GFMethod));
+	if (meth == NULL)
+		return NULL;
+	meth->constructed = MP_YES;
+	MP_DIGITS(&meth->irr) = 0;
+	meth->extra_free = NULL;
+	MP_CHECKOK(mp_init(&meth->irr));
+
+  CLEANUP:
+	if (res != MP_OKAY) {
+		GFMethod_free(meth);
+		return NULL;
+	}
+	return meth;
+}
+
+/* Construct a generic GFMethod for arithmetic over prime fields with
+ * irreducible irr. */
+GFMethod *
+GFMethod_consGFp(const mp_int *irr)
+{
+	mp_err res = MP_OKAY;
+	GFMethod *meth = NULL;
+
+	meth = GFMethod_new();
+	if (meth == NULL)
+		return NULL;
+
+	MP_CHECKOK(mp_copy(irr, &meth->irr));
+	meth->irr_arr[0] = mpl_significant_bits(irr);
+	meth->irr_arr[1] = meth->irr_arr[2] = meth->irr_arr[3] =
+		meth->irr_arr[4] = 0;
+	switch(MP_USED(&meth->irr)) {
+	/* maybe we need 1 and 2 words here as well?*/
+	case 3:
+		meth->field_add = &ec_GFp_add_3;
+		meth->field_sub = &ec_GFp_sub_3;
+		break;
+	case 4:
+		meth->field_add = &ec_GFp_add_4;
+		meth->field_sub = &ec_GFp_sub_4;
+		break;
+	case 5:
+		meth->field_add = &ec_GFp_add_5;
+		meth->field_sub = &ec_GFp_sub_5;
+		break;
+	case 6:
+		meth->field_add = &ec_GFp_add_6;
+		meth->field_sub = &ec_GFp_sub_6;
+		break;
+	default:
+		meth->field_add = &ec_GFp_add;
+		meth->field_sub = &ec_GFp_sub;
+	}
+	meth->field_neg = &ec_GFp_neg;
+	meth->field_mod = &ec_GFp_mod;
+	meth->field_mul = &ec_GFp_mul;
+	meth->field_sqr = &ec_GFp_sqr;
+	meth->field_div = &ec_GFp_div;
+	meth->field_enc = NULL;
+	meth->field_dec = NULL;
+	meth->extra1 = NULL;
+	meth->extra2 = NULL;
+	meth->extra_free = NULL;
+
+  CLEANUP:
+	if (res != MP_OKAY) {
+		GFMethod_free(meth);
+		return NULL;
+	}
+	return meth;
+}
+
+/* Construct a generic GFMethod for arithmetic over binary polynomial
+ * fields with irreducible irr that has array representation irr_arr (see
+ * ecl-priv.h for description of the representation).  If irr_arr is NULL, 
+ * then it is constructed from the bitstring representation. */
+GFMethod *
+GFMethod_consGF2m(const mp_int *irr, const unsigned int irr_arr[5])
+{
+	mp_err res = MP_OKAY;
+	int ret;
+	GFMethod *meth = NULL;
+
+	meth = GFMethod_new();
+	if (meth == NULL)
+		return NULL;
+
+	MP_CHECKOK(mp_copy(irr, &meth->irr));
+	if (irr_arr != NULL) {
+		/* Irreducible polynomials are either trinomials or pentanomials. */
+		meth->irr_arr[0] = irr_arr[0];
+		meth->irr_arr[1] = irr_arr[1];
+		meth->irr_arr[2] = irr_arr[2];
+		if (irr_arr[2] > 0) {
+			meth->irr_arr[3] = irr_arr[3];
+			meth->irr_arr[4] = irr_arr[4];
+		} else {
+			meth->irr_arr[3] = meth->irr_arr[4] = 0;
+		}
+	} else {
+		ret = mp_bpoly2arr(irr, meth->irr_arr, 5);
+		/* Irreducible polynomials are either trinomials or pentanomials. */
+		if ((ret != 5) && (ret != 3)) {
+			res = MP_UNDEF;
+			goto CLEANUP;
+		}
+	}
+	meth->field_add = &ec_GF2m_add;
+	meth->field_neg = &ec_GF2m_neg;
+	meth->field_sub = &ec_GF2m_add;
+	meth->field_mod = &ec_GF2m_mod;
+	meth->field_mul = &ec_GF2m_mul;
+	meth->field_sqr = &ec_GF2m_sqr;
+	meth->field_div = &ec_GF2m_div;
+	meth->field_enc = NULL;
+	meth->field_dec = NULL;
+	meth->extra1 = NULL;
+	meth->extra2 = NULL;
+	meth->extra_free = NULL;
+
+  CLEANUP:
+	if (res != MP_OKAY) {
+		GFMethod_free(meth);
+		return NULL;
+	}
+	return meth;
+}
+
+/* Free the memory allocated (if any) to a GFMethod object. */
+void
+GFMethod_free(GFMethod *meth)
+{
+	if (meth == NULL)
+		return;
+	if (meth->constructed == MP_NO)
+		return;
+	mp_clear(&meth->irr);
+	if (meth->extra_free != NULL)
+		meth->extra_free(meth);
+	free(meth);
+}
+
+/* Wrapper functions for generic prime field arithmetic. */
+
+/* Add two field elements.  Assumes that 0 <= a, b < meth->irr */
+mp_err
+ec_GFp_add(const mp_int *a, const mp_int *b, mp_int *r,
+		   const GFMethod *meth)
+{
+	/* PRE: 0 <= a, b < p = meth->irr POST: 0 <= r < p, r = a + b (mod p) */
+	mp_err res;
+
+	if ((res = mp_add(a, b, r)) != MP_OKAY) {
+		return res;
+	}
+	if (mp_cmp(r, &meth->irr) >= 0) {
+		return mp_sub(r, &meth->irr, r);
+	}
+	return res;
+}
+
+/* Negates a field element.  Assumes that 0 <= a < meth->irr */
+mp_err
+ec_GFp_neg(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+	/* PRE: 0 <= a < p = meth->irr POST: 0 <= r < p, r = -a (mod p) */
+
+	if (mp_cmp_z(a) == 0) {
+		mp_zero(r);
+		return MP_OKAY;
+	}
+	return mp_sub(&meth->irr, a, r);
+}
+
+/* Subtracts two field elements.  Assumes that 0 <= a, b < meth->irr */
+mp_err
+ec_GFp_sub(const mp_int *a, const mp_int *b, mp_int *r,
+		   const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+
+	/* PRE: 0 <= a, b < p = meth->irr POST: 0 <= r < p, r = a - b (mod p) */
+	res = mp_sub(a, b, r);
+	if (res == MP_RANGE) {
+		MP_CHECKOK(mp_sub(b, a, r));
+		if (mp_cmp_z(r) < 0) {
+			MP_CHECKOK(mp_add(r, &meth->irr, r));
+		}
+		MP_CHECKOK(ec_GFp_neg(r, r, meth));
+	}
+	if (mp_cmp_z(r) < 0) {
+		MP_CHECKOK(mp_add(r, &meth->irr, r));
+	}
+  CLEANUP:
+	return res;
+}
+/* 
+ * Inline adds for small curve lengths.
+ */
+/* 3 words */
+mp_err
+ec_GFp_add_3(const mp_int *a, const mp_int *b, mp_int *r, 
+			const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	mp_digit a0 = 0, a1 = 0, a2 = 0;
+	mp_digit r0 = 0, r1 = 0, r2 = 0;
+	mp_digit carry;
+
+	switch(MP_USED(a)) {
+	case 3:
+		a2 = MP_DIGIT(a,2);
+	case 2:
+		a1 = MP_DIGIT(a,1);
+	case 1:
+		a0 = MP_DIGIT(a,0);
+	}
+	switch(MP_USED(b)) {
+	case 3:
+		r2 = MP_DIGIT(b,2);
+	case 2:
+		r1 = MP_DIGIT(b,1);
+	case 1:
+		r0 = MP_DIGIT(b,0);
+	}
+
+#ifndef MPI_AMD64_ADD
+	MP_ADD_CARRY(a0, r0, r0, 0,     carry);
+	MP_ADD_CARRY(a1, r1, r1, carry, carry);
+	MP_ADD_CARRY(a2, r2, r2, carry, carry);
+#else
+	__asm__ (
+                "xorq   %3,%3           \n\t"
+                "addq   %4,%0           \n\t"
+                "adcq   %5,%1           \n\t"
+                "adcq   %6,%2           \n\t"
+                "adcq   $0,%3           \n\t"
+                : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(carry)
+                : "r" (a0), "r" (a1), "r" (a2),
+		  "0" (r0), "1" (r1), "2" (r2)
+                : "%cc" );
+#endif
+
+	MP_CHECKOK(s_mp_pad(r, 3));
+	MP_DIGIT(r, 2) = r2;
+	MP_DIGIT(r, 1) = r1;
+	MP_DIGIT(r, 0) = r0;
+	MP_SIGN(r) = MP_ZPOS;
+	MP_USED(r) = 3;
+
+	/* Do quick 'subract' if we've gone over 
+	 * (add the 2's complement of the curve field) */
+	 a2 = MP_DIGIT(&meth->irr,2);
+	if (carry ||  r2 >  a2 ||
+		((r2 == a2) && mp_cmp(r,&meth->irr) != MP_LT)) {
+		a1 = MP_DIGIT(&meth->irr,1);
+		a0 = MP_DIGIT(&meth->irr,0);
+#ifndef MPI_AMD64_ADD
+		MP_SUB_BORROW(r0, a0, r0, 0,     carry);
+		MP_SUB_BORROW(r1, a1, r1, carry, carry);
+		MP_SUB_BORROW(r2, a2, r2, carry, carry);
+#else
+		__asm__ (
+			"subq   %3,%0           \n\t"
+			"sbbq   %4,%1           \n\t"
+			"sbbq   %5,%2           \n\t"
+			: "=r"(r0), "=r"(r1), "=r"(r2)
+			: "r" (a0), "r" (a1), "r" (a2),
+			  "0" (r0), "1" (r1), "2" (r2)
+			: "%cc" );
+#endif
+		MP_DIGIT(r, 2) = r2;
+		MP_DIGIT(r, 1) = r1;
+		MP_DIGIT(r, 0) = r0;
+	}
+	
+	s_mp_clamp(r);
+
+  CLEANUP:
+	return res;
+}
+
+/* 4 words */
+mp_err
+ec_GFp_add_4(const mp_int *a, const mp_int *b, mp_int *r, 
+			const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	mp_digit a0 = 0, a1 = 0, a2 = 0, a3 = 0;
+	mp_digit r0 = 0, r1 = 0, r2 = 0, r3 = 0;
+	mp_digit carry;
+
+	switch(MP_USED(a)) {
+	case 4:
+		a3 = MP_DIGIT(a,3);
+	case 3:
+		a2 = MP_DIGIT(a,2);
+	case 2:
+		a1 = MP_DIGIT(a,1);
+	case 1:
+		a0 = MP_DIGIT(a,0);
+	}
+	switch(MP_USED(b)) {
+	case 4:
+		r3 = MP_DIGIT(b,3);
+	case 3:
+		r2 = MP_DIGIT(b,2);
+	case 2:
+		r1 = MP_DIGIT(b,1);
+	case 1:
+		r0 = MP_DIGIT(b,0);
+	}
+
+#ifndef MPI_AMD64_ADD
+	MP_ADD_CARRY(a0, r0, r0, 0,     carry);
+	MP_ADD_CARRY(a1, r1, r1, carry, carry);
+	MP_ADD_CARRY(a2, r2, r2, carry, carry);
+	MP_ADD_CARRY(a3, r3, r3, carry, carry);
+#else
+	__asm__ (
+                "xorq   %4,%4           \n\t"
+                "addq   %5,%0           \n\t"
+                "adcq   %6,%1           \n\t"
+                "adcq   %7,%2           \n\t"
+                "adcq   %8,%3           \n\t"
+                "adcq   $0,%4           \n\t"
+                : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(r3), "=r"(carry)
+                : "r" (a0), "r" (a1), "r" (a2), "r" (a3),
+		  "0" (r0), "1" (r1), "2" (r2), "3" (r3)
+                : "%cc" );
+#endif
+
+	MP_CHECKOK(s_mp_pad(r, 4));
+	MP_DIGIT(r, 3) = r3;
+	MP_DIGIT(r, 2) = r2;
+	MP_DIGIT(r, 1) = r1;
+	MP_DIGIT(r, 0) = r0;
+	MP_SIGN(r) = MP_ZPOS;
+	MP_USED(r) = 4;
+
+	/* Do quick 'subract' if we've gone over 
+	 * (add the 2's complement of the curve field) */
+	 a3 = MP_DIGIT(&meth->irr,3);
+	if (carry ||  r3 >  a3 ||
+		((r3 == a3) && mp_cmp(r,&meth->irr) != MP_LT)) {
+		a2 = MP_DIGIT(&meth->irr,2);
+		a1 = MP_DIGIT(&meth->irr,1);
+		a0 = MP_DIGIT(&meth->irr,0);
+#ifndef MPI_AMD64_ADD
+		MP_SUB_BORROW(r0, a0, r0, 0,     carry);
+		MP_SUB_BORROW(r1, a1, r1, carry, carry);
+		MP_SUB_BORROW(r2, a2, r2, carry, carry);
+		MP_SUB_BORROW(r3, a3, r3, carry, carry);
+#else
+		__asm__ (
+			"subq   %4,%0           \n\t"
+			"sbbq   %5,%1           \n\t"
+			"sbbq   %6,%2           \n\t"
+			"sbbq   %7,%3           \n\t"
+			: "=r"(r0), "=r"(r1), "=r"(r2), "=r"(r3)
+			: "r" (a0), "r" (a1), "r" (a2), "r" (a3),
+			  "0" (r0), "1" (r1), "2" (r2), "3" (r3)
+			: "%cc" );
+#endif
+		MP_DIGIT(r, 3) = r3;
+		MP_DIGIT(r, 2) = r2;
+		MP_DIGIT(r, 1) = r1;
+		MP_DIGIT(r, 0) = r0;
+	}
+	
+	s_mp_clamp(r);
+
+  CLEANUP:
+	return res;
+}
+
+/* 5 words */
+mp_err
+ec_GFp_add_5(const mp_int *a, const mp_int *b, mp_int *r, 
+			const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	mp_digit a0 = 0, a1 = 0, a2 = 0, a3 = 0, a4 = 0;
+	mp_digit r0 = 0, r1 = 0, r2 = 0, r3 = 0, r4 = 0;
+	mp_digit carry;
+
+	switch(MP_USED(a)) {
+	case 5:
+		a4 = MP_DIGIT(a,4);
+	case 4:
+		a3 = MP_DIGIT(a,3);
+	case 3:
+		a2 = MP_DIGIT(a,2);
+	case 2:
+		a1 = MP_DIGIT(a,1);
+	case 1:
+		a0 = MP_DIGIT(a,0);
+	}
+	switch(MP_USED(b)) {
+	case 5:
+		r4 = MP_DIGIT(b,4);
+	case 4:
+		r3 = MP_DIGIT(b,3);
+	case 3:
+		r2 = MP_DIGIT(b,2);
+	case 2:
+		r1 = MP_DIGIT(b,1);
+	case 1:
+		r0 = MP_DIGIT(b,0);
+	}
+
+	MP_ADD_CARRY(a0, r0, r0, 0,     carry);
+	MP_ADD_CARRY(a1, r1, r1, carry, carry);
+	MP_ADD_CARRY(a2, r2, r2, carry, carry);
+	MP_ADD_CARRY(a3, r3, r3, carry, carry);
+	MP_ADD_CARRY(a4, r4, r4, carry, carry);
+
+	MP_CHECKOK(s_mp_pad(r, 5));
+	MP_DIGIT(r, 4) = r4;
+	MP_DIGIT(r, 3) = r3;
+	MP_DIGIT(r, 2) = r2;
+	MP_DIGIT(r, 1) = r1;
+	MP_DIGIT(r, 0) = r0;
+	MP_SIGN(r) = MP_ZPOS;
+	MP_USED(r) = 5;
+
+	/* Do quick 'subract' if we've gone over 
+	 * (add the 2's complement of the curve field) */
+	 a4 = MP_DIGIT(&meth->irr,4);
+	if (carry ||  r4 >  a4 ||
+		((r4 == a4) && mp_cmp(r,&meth->irr) != MP_LT)) {
+		a3 = MP_DIGIT(&meth->irr,3);
+		a2 = MP_DIGIT(&meth->irr,2);
+		a1 = MP_DIGIT(&meth->irr,1);
+		a0 = MP_DIGIT(&meth->irr,0);
+		MP_SUB_BORROW(r0, a0, r0, 0,     carry);
+		MP_SUB_BORROW(r1, a1, r1, carry, carry);
+		MP_SUB_BORROW(r2, a2, r2, carry, carry);
+		MP_SUB_BORROW(r3, a3, r3, carry, carry);
+		MP_SUB_BORROW(r4, a4, r4, carry, carry);
+		MP_DIGIT(r, 4) = r4;
+		MP_DIGIT(r, 3) = r3;
+		MP_DIGIT(r, 2) = r2;
+		MP_DIGIT(r, 1) = r1;
+		MP_DIGIT(r, 0) = r0;
+	}
+	
+	s_mp_clamp(r);
+
+  CLEANUP:
+	return res;
+}
+
+/* 6 words */
+mp_err
+ec_GFp_add_6(const mp_int *a, const mp_int *b, mp_int *r, 
+			const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	mp_digit a0 = 0, a1 = 0, a2 = 0, a3 = 0, a4 = 0, a5 = 0;
+	mp_digit r0 = 0, r1 = 0, r2 = 0, r3 = 0, r4 = 0, r5 = 0;
+	mp_digit carry;
+
+	switch(MP_USED(a)) {
+	case 6:
+		a5 = MP_DIGIT(a,5);
+	case 5:
+		a4 = MP_DIGIT(a,4);
+	case 4:
+		a3 = MP_DIGIT(a,3);
+	case 3:
+		a2 = MP_DIGIT(a,2);
+	case 2:
+		a1 = MP_DIGIT(a,1);
+	case 1:
+		a0 = MP_DIGIT(a,0);
+	}
+	switch(MP_USED(b)) {
+	case 6:
+		r5 = MP_DIGIT(b,5);
+	case 5:
+		r4 = MP_DIGIT(b,4);
+	case 4:
+		r3 = MP_DIGIT(b,3);
+	case 3:
+		r2 = MP_DIGIT(b,2);
+	case 2:
+		r1 = MP_DIGIT(b,1);
+	case 1:
+		r0 = MP_DIGIT(b,0);
+	}
+
+	MP_ADD_CARRY(a0, r0, r0, 0,     carry);
+	MP_ADD_CARRY(a1, r1, r1, carry, carry);
+	MP_ADD_CARRY(a2, r2, r2, carry, carry);
+	MP_ADD_CARRY(a3, r3, r3, carry, carry);
+	MP_ADD_CARRY(a4, r4, r4, carry, carry);
+	MP_ADD_CARRY(a5, r5, r5, carry, carry);
+
+	MP_CHECKOK(s_mp_pad(r, 6));
+	MP_DIGIT(r, 5) = r5;
+	MP_DIGIT(r, 4) = r4;
+	MP_DIGIT(r, 3) = r3;
+	MP_DIGIT(r, 2) = r2;
+	MP_DIGIT(r, 1) = r1;
+	MP_DIGIT(r, 0) = r0;
+	MP_SIGN(r) = MP_ZPOS;
+	MP_USED(r) = 6;
+
+	/* Do quick 'subract' if we've gone over 
+	 * (add the 2's complement of the curve field) */
+	a5 = MP_DIGIT(&meth->irr,5);
+	if (carry ||  r5 >  a5 ||
+		((r5 == a5) && mp_cmp(r,&meth->irr) != MP_LT)) {
+		a4 = MP_DIGIT(&meth->irr,4);
+		a3 = MP_DIGIT(&meth->irr,3);
+		a2 = MP_DIGIT(&meth->irr,2);
+		a1 = MP_DIGIT(&meth->irr,1);
+		a0 = MP_DIGIT(&meth->irr,0);
+		MP_SUB_BORROW(r0, a0, r0, 0,     carry);
+		MP_SUB_BORROW(r1, a1, r1, carry, carry);
+		MP_SUB_BORROW(r2, a2, r2, carry, carry);
+		MP_SUB_BORROW(r3, a3, r3, carry, carry);
+		MP_SUB_BORROW(r4, a4, r4, carry, carry);
+		MP_SUB_BORROW(r5, a5, r5, carry, carry);
+		MP_DIGIT(r, 5) = r5;
+		MP_DIGIT(r, 4) = r4;
+		MP_DIGIT(r, 3) = r3;
+		MP_DIGIT(r, 2) = r2;
+		MP_DIGIT(r, 1) = r1;
+		MP_DIGIT(r, 0) = r0;
+	}
+	
+	s_mp_clamp(r);
+
+  CLEANUP:
+	return res;
+}
+
+/*
+ * The following subraction functions do in-line subractions based
+ * on our curve size.
+ *
+ * ... 3 words
+ */
+mp_err
+ec_GFp_sub_3(const mp_int *a, const mp_int *b, mp_int *r, 
+			const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	mp_digit b0 = 0, b1 = 0, b2 = 0;
+	mp_digit r0 = 0, r1 = 0, r2 = 0;
+	mp_digit borrow;
+
+	switch(MP_USED(a)) {
+	case 3:
+		r2 = MP_DIGIT(a,2);
+	case 2:
+		r1 = MP_DIGIT(a,1);
+	case 1:
+		r0 = MP_DIGIT(a,0);
+	}
+	switch(MP_USED(b)) {
+	case 3:
+		b2 = MP_DIGIT(b,2);
+	case 2:
+		b1 = MP_DIGIT(b,1);
+	case 1:
+		b0 = MP_DIGIT(b,0);
+	}
+
+#ifndef MPI_AMD64_ADD
+	MP_SUB_BORROW(r0, b0, r0, 0,     borrow);
+	MP_SUB_BORROW(r1, b1, r1, borrow, borrow);
+	MP_SUB_BORROW(r2, b2, r2, borrow, borrow);
+#else
+	__asm__ (
+                "xorq   %3,%3           \n\t"
+                "subq   %4,%0           \n\t"
+                "sbbq   %5,%1           \n\t"
+                "sbbq   %6,%2           \n\t"
+                "adcq   $0,%3           \n\t"
+                : "=r"(r0), "=r"(r1), "=r"(r2), "=r" (borrow)
+                : "r" (b0), "r" (b1), "r" (b2), 
+		  "0" (r0), "1" (r1), "2" (r2)
+                : "%cc" );
+#endif
+
+	/* Do quick 'add' if we've gone under 0
+	 * (subtract the 2's complement of the curve field) */
+	if (borrow) {
+	 	b2 = MP_DIGIT(&meth->irr,2);
+		b1 = MP_DIGIT(&meth->irr,1);
+		b0 = MP_DIGIT(&meth->irr,0);
+#ifndef MPI_AMD64_ADD
+		MP_ADD_CARRY(b0, r0, r0, 0,      borrow);
+		MP_ADD_CARRY(b1, r1, r1, borrow, borrow);
+		MP_ADD_CARRY(b2, r2, r2, borrow, borrow);
+#else
+		__asm__ (
+			"addq   %3,%0           \n\t"
+			"adcq   %4,%1           \n\t"
+			"adcq   %5,%2           \n\t"
+			: "=r"(r0), "=r"(r1), "=r"(r2)
+			: "r" (b0), "r" (b1), "r" (b2),
+  			  "0" (r0), "1" (r1), "2" (r2)
+			: "%cc" );
+#endif
+	}
+
+#ifdef MPI_AMD64_ADD
+	/* compiler fakeout? */
+	if ((r2 == b0) && (r1 == b0) && (r0 == b0)) { 
+		MP_CHECKOK(s_mp_pad(r, 4));
+	} 
+#endif
+	MP_CHECKOK(s_mp_pad(r, 3));
+	MP_DIGIT(r, 2) = r2;
+	MP_DIGIT(r, 1) = r1;
+	MP_DIGIT(r, 0) = r0;
+	MP_SIGN(r) = MP_ZPOS;
+	MP_USED(r) = 3;
+	s_mp_clamp(r);
+
+  CLEANUP:
+	return res;
+}
+
+/* 4 words */
+mp_err
+ec_GFp_sub_4(const mp_int *a, const mp_int *b, mp_int *r, 
+			const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	mp_digit b0 = 0, b1 = 0, b2 = 0, b3 = 0;
+	mp_digit r0 = 0, r1 = 0, r2 = 0, r3 = 0;
+	mp_digit borrow;
+
+	switch(MP_USED(a)) {
+	case 4:
+		r3 = MP_DIGIT(a,3);
+	case 3:
+		r2 = MP_DIGIT(a,2);
+	case 2:
+		r1 = MP_DIGIT(a,1);
+	case 1:
+		r0 = MP_DIGIT(a,0);
+	}
+	switch(MP_USED(b)) {
+	case 4:
+		b3 = MP_DIGIT(b,3);
+	case 3:
+		b2 = MP_DIGIT(b,2);
+	case 2:
+		b1 = MP_DIGIT(b,1);
+	case 1:
+		b0 = MP_DIGIT(b,0);
+	}
+
+#ifndef MPI_AMD64_ADD
+	MP_SUB_BORROW(r0, b0, r0, 0,     borrow);
+	MP_SUB_BORROW(r1, b1, r1, borrow, borrow);
+	MP_SUB_BORROW(r2, b2, r2, borrow, borrow);
+	MP_SUB_BORROW(r3, b3, r3, borrow, borrow);
+#else
+	__asm__ (
+                "xorq   %4,%4           \n\t"
+                "subq   %5,%0           \n\t"
+                "sbbq   %6,%1           \n\t"
+                "sbbq   %7,%2           \n\t"
+                "sbbq   %8,%3           \n\t"
+                "adcq   $0,%4           \n\t"
+                : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(r3), "=r" (borrow)
+                : "r" (b0), "r" (b1), "r" (b2), "r" (b3),
+		  "0" (r0), "1" (r1), "2" (r2), "3" (r3)
+                : "%cc" );
+#endif
+
+	/* Do quick 'add' if we've gone under 0
+	 * (subtract the 2's complement of the curve field) */
+	if (borrow) {
+	 	b3 = MP_DIGIT(&meth->irr,3);
+	 	b2 = MP_DIGIT(&meth->irr,2);
+		b1 = MP_DIGIT(&meth->irr,1);
+		b0 = MP_DIGIT(&meth->irr,0);
+#ifndef MPI_AMD64_ADD
+		MP_ADD_CARRY(b0, r0, r0, 0,      borrow);
+		MP_ADD_CARRY(b1, r1, r1, borrow, borrow);
+		MP_ADD_CARRY(b2, r2, r2, borrow, borrow);
+		MP_ADD_CARRY(b3, r3, r3, borrow, borrow);
+#else
+		__asm__ (
+			"addq   %4,%0           \n\t"
+			"adcq   %5,%1           \n\t"
+			"adcq   %6,%2           \n\t"
+			"adcq   %7,%3           \n\t"
+			: "=r"(r0), "=r"(r1), "=r"(r2), "=r"(r3)
+			: "r" (b0), "r" (b1), "r" (b2), "r" (b3),
+  			  "0" (r0), "1" (r1), "2" (r2), "3" (r3)
+			: "%cc" );
+#endif
+	}
+#ifdef MPI_AMD64_ADD
+	/* compiler fakeout? */
+	if ((r3 == b0) && (r1 == b0) && (r0 == b0)) { 
+		MP_CHECKOK(s_mp_pad(r, 4));
+	} 
+#endif
+	MP_CHECKOK(s_mp_pad(r, 4));
+	MP_DIGIT(r, 3) = r3;
+	MP_DIGIT(r, 2) = r2;
+	MP_DIGIT(r, 1) = r1;
+	MP_DIGIT(r, 0) = r0;
+	MP_SIGN(r) = MP_ZPOS;
+	MP_USED(r) = 4;
+	s_mp_clamp(r);
+
+  CLEANUP:
+	return res;
+}
+
+/* 5 words */
+mp_err
+ec_GFp_sub_5(const mp_int *a, const mp_int *b, mp_int *r, 
+			const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	mp_digit b0 = 0, b1 = 0, b2 = 0, b3 = 0, b4 = 0;
+	mp_digit r0 = 0, r1 = 0, r2 = 0, r3 = 0, r4 = 0;
+	mp_digit borrow;
+
+	switch(MP_USED(a)) {
+	case 5:
+		r4 = MP_DIGIT(a,4);
+	case 4:
+		r3 = MP_DIGIT(a,3);
+	case 3:
+		r2 = MP_DIGIT(a,2);
+	case 2:
+		r1 = MP_DIGIT(a,1);
+	case 1:
+		r0 = MP_DIGIT(a,0);
+	}
+	switch(MP_USED(b)) {
+	case 5:
+		b4 = MP_DIGIT(b,4);
+	case 4:
+		b3 = MP_DIGIT(b,3);
+	case 3:
+		b2 = MP_DIGIT(b,2);
+	case 2:
+		b1 = MP_DIGIT(b,1);
+	case 1:
+		b0 = MP_DIGIT(b,0);
+	}
+
+	MP_SUB_BORROW(r0, b0, r0, 0,     borrow);
+	MP_SUB_BORROW(r1, b1, r1, borrow, borrow);
+	MP_SUB_BORROW(r2, b2, r2, borrow, borrow);
+	MP_SUB_BORROW(r3, b3, r3, borrow, borrow);
+	MP_SUB_BORROW(r4, b4, r4, borrow, borrow);
+
+	/* Do quick 'add' if we've gone under 0
+	 * (subtract the 2's complement of the curve field) */
+	if (borrow) {
+	 	b4 = MP_DIGIT(&meth->irr,4);
+	 	b3 = MP_DIGIT(&meth->irr,3);
+	 	b2 = MP_DIGIT(&meth->irr,2);
+		b1 = MP_DIGIT(&meth->irr,1);
+		b0 = MP_DIGIT(&meth->irr,0);
+		MP_ADD_CARRY(b0, r0, r0, 0,      borrow);
+		MP_ADD_CARRY(b1, r1, r1, borrow, borrow);
+		MP_ADD_CARRY(b2, r2, r2, borrow, borrow);
+		MP_ADD_CARRY(b3, r3, r3, borrow, borrow);
+	}
+	MP_CHECKOK(s_mp_pad(r, 5));
+	MP_DIGIT(r, 4) = r4;
+	MP_DIGIT(r, 3) = r3;
+	MP_DIGIT(r, 2) = r2;
+	MP_DIGIT(r, 1) = r1;
+	MP_DIGIT(r, 0) = r0;
+	MP_SIGN(r) = MP_ZPOS;
+	MP_USED(r) = 5;
+	s_mp_clamp(r);
+
+  CLEANUP:
+	return res;
+}
+
+/* 6 words */
+mp_err
+ec_GFp_sub_6(const mp_int *a, const mp_int *b, mp_int *r, 
+			const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	mp_digit b0 = 0, b1 = 0, b2 = 0, b3 = 0, b4 = 0, b5 = 0;
+	mp_digit r0 = 0, r1 = 0, r2 = 0, r3 = 0, r4 = 0, r5 = 0;
+	mp_digit borrow;
+
+	switch(MP_USED(a)) {
+	case 6:
+		r5 = MP_DIGIT(a,5);
+	case 5:
+		r4 = MP_DIGIT(a,4);
+	case 4:
+		r3 = MP_DIGIT(a,3);
+	case 3:
+		r2 = MP_DIGIT(a,2);
+	case 2:
+		r1 = MP_DIGIT(a,1);
+	case 1:
+		r0 = MP_DIGIT(a,0);
+	}
+	switch(MP_USED(b)) {
+	case 6:
+		b5 = MP_DIGIT(b,5);
+	case 5:
+		b4 = MP_DIGIT(b,4);
+	case 4:
+		b3 = MP_DIGIT(b,3);
+	case 3:
+		b2 = MP_DIGIT(b,2);
+	case 2:
+		b1 = MP_DIGIT(b,1);
+	case 1:
+		b0 = MP_DIGIT(b,0);
+	}
+
+	MP_SUB_BORROW(r0, b0, r0, 0,     borrow);
+	MP_SUB_BORROW(r1, b1, r1, borrow, borrow);
+	MP_SUB_BORROW(r2, b2, r2, borrow, borrow);
+	MP_SUB_BORROW(r3, b3, r3, borrow, borrow);
+	MP_SUB_BORROW(r4, b4, r4, borrow, borrow);
+	MP_SUB_BORROW(r5, b5, r5, borrow, borrow);
+
+	/* Do quick 'add' if we've gone under 0
+	 * (subtract the 2's complement of the curve field) */
+	if (borrow) {
+	 	b5 = MP_DIGIT(&meth->irr,5);
+	 	b4 = MP_DIGIT(&meth->irr,4);
+	 	b3 = MP_DIGIT(&meth->irr,3);
+	 	b2 = MP_DIGIT(&meth->irr,2);
+		b1 = MP_DIGIT(&meth->irr,1);
+		b0 = MP_DIGIT(&meth->irr,0);
+		MP_ADD_CARRY(b0, r0, r0, 0,      borrow);
+		MP_ADD_CARRY(b1, r1, r1, borrow, borrow);
+		MP_ADD_CARRY(b2, r2, r2, borrow, borrow);
+		MP_ADD_CARRY(b3, r3, r3, borrow, borrow);
+		MP_ADD_CARRY(b4, r4, r4, borrow, borrow);
+	}
+
+	MP_CHECKOK(s_mp_pad(r, 6));
+	MP_DIGIT(r, 5) = r5;
+	MP_DIGIT(r, 4) = r4;
+	MP_DIGIT(r, 3) = r3;
+	MP_DIGIT(r, 2) = r2;
+	MP_DIGIT(r, 1) = r1;
+	MP_DIGIT(r, 0) = r0;
+	MP_SIGN(r) = MP_ZPOS;
+	MP_USED(r) = 6;
+	s_mp_clamp(r);
+
+  CLEANUP:
+	return res;
+}
+
+
+/* Reduces an integer to a field element. */
+mp_err
+ec_GFp_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+	return mp_mod(a, &meth->irr, r);
+}
+
+/* Multiplies two field elements. */
+mp_err
+ec_GFp_mul(const mp_int *a, const mp_int *b, mp_int *r,
+		   const GFMethod *meth)
+{
+	return mp_mulmod(a, b, &meth->irr, r);
+}
+
+/* Squares a field element. */
+mp_err
+ec_GFp_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+	return mp_sqrmod(a, &meth->irr, r);
+}
+
+/* Divides two field elements. If a is NULL, then returns the inverse of
+ * b. */
+mp_err
+ec_GFp_div(const mp_int *a, const mp_int *b, mp_int *r,
+		   const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	mp_int t;
+
+	/* If a is NULL, then return the inverse of b, otherwise return a/b. */
+	if (a == NULL) {
+		return mp_invmod(b, &meth->irr, r);
+	} else {
+		/* MPI doesn't support divmod, so we implement it using invmod and 
+		 * mulmod. */
+		MP_CHECKOK(mp_init(&t));
+		MP_CHECKOK(mp_invmod(b, &meth->irr, &t));
+		MP_CHECKOK(mp_mulmod(a, &t, &meth->irr, r));
+	  CLEANUP:
+		mp_clear(&t);
+		return res;
+	}
+}
+
+/* Wrapper functions for generic binary polynomial field arithmetic. */
+
+/* Adds two field elements. */
+mp_err
+ec_GF2m_add(const mp_int *a, const mp_int *b, mp_int *r,
+			const GFMethod *meth)
+{
+	return mp_badd(a, b, r);
+}
+
+/* Negates a field element. Note that for binary polynomial fields, the
+ * negation of a field element is the field element itself. */
+mp_err
+ec_GF2m_neg(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+	if (a == r) {
+		return MP_OKAY;
+	} else {
+		return mp_copy(a, r);
+	}
+}
+
+/* Reduces a binary polynomial to a field element. */
+mp_err
+ec_GF2m_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+	return mp_bmod(a, meth->irr_arr, r);
+}
+
+/* Multiplies two field elements. */
+mp_err
+ec_GF2m_mul(const mp_int *a, const mp_int *b, mp_int *r,
+			const GFMethod *meth)
+{
+	return mp_bmulmod(a, b, meth->irr_arr, r);
+}
+
+/* Squares a field element. */
+mp_err
+ec_GF2m_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+	return mp_bsqrmod(a, meth->irr_arr, r);
+}
+
+/* Divides two field elements. If a is NULL, then returns the inverse of
+ * b. */
+mp_err
+ec_GF2m_div(const mp_int *a, const mp_int *b, mp_int *r,
+			const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	mp_int t;
+
+	/* If a is NULL, then return the inverse of b, otherwise return a/b. */
+	if (a == NULL) {
+		/* The GF(2^m) portion of MPI doesn't support invmod, so we
+		 * compute 1/b. */
+		MP_CHECKOK(mp_init(&t));
+		MP_CHECKOK(mp_set_int(&t, 1));
+		MP_CHECKOK(mp_bdivmod(&t, b, &meth->irr, meth->irr_arr, r));
+	  CLEANUP:
+		mp_clear(&t);
+		return res;
+	} else {
+		return mp_bdivmod(a, b, &meth->irr, meth->irr_arr, r);
+	}
+}
diff --git a/security/nss/lib/freebl/ecl/ecl_mult.c b/security/nss/lib/freebl/ecl/ecl_mult.c
new file mode 100644
index 000000000..050d0a747
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ecl_mult.c
@@ -0,0 +1,356 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "mpi.h"
+#include "mplogic.h"
+#include "ecl.h"
+#include "ecl-priv.h"
+#include <stdlib.h>
+
+/* Elliptic curve scalar-point multiplication. Computes R(x, y) = k * P(x, 
+ * y).  If x, y = NULL, then P is assumed to be the generator (base point) 
+ * of the group of points on the elliptic curve. Input and output values
+ * are assumed to be NOT field-encoded. */
+mp_err
+ECPoint_mul(const ECGroup *group, const mp_int *k, const mp_int *px,
+			const mp_int *py, mp_int *rx, mp_int *ry)
+{
+	mp_err res = MP_OKAY;
+	mp_int kt;
+
+	ARGCHK((k != NULL) && (group != NULL), MP_BADARG);
+	MP_DIGITS(&kt) = 0;
+
+	/* want scalar to be less than or equal to group order */
+	if (mp_cmp(k, &group->order) > 0) {
+		MP_CHECKOK(mp_init(&kt));
+		MP_CHECKOK(mp_mod(k, &group->order, &kt));
+	} else {
+		MP_SIGN(&kt) = MP_ZPOS;
+		MP_USED(&kt) = MP_USED(k);
+		MP_ALLOC(&kt) = MP_ALLOC(k);
+		MP_DIGITS(&kt) = MP_DIGITS(k);
+	}
+
+	if ((px == NULL) || (py == NULL)) {
+		if (group->base_point_mul) {
+			MP_CHECKOK(group->base_point_mul(&kt, rx, ry, group));
+		} else {
+			MP_CHECKOK(group->
+					   point_mul(&kt, &group->genx, &group->geny, rx, ry,
+								 group));
+		}
+	} else {
+		if (group->meth->field_enc) {
+			MP_CHECKOK(group->meth->field_enc(px, rx, group->meth));
+			MP_CHECKOK(group->meth->field_enc(py, ry, group->meth));
+			MP_CHECKOK(group->point_mul(&kt, rx, ry, rx, ry, group));
+		} else {
+			MP_CHECKOK(group->point_mul(&kt, px, py, rx, ry, group));
+		}
+	}
+	if (group->meth->field_dec) {
+		MP_CHECKOK(group->meth->field_dec(rx, rx, group->meth));
+		MP_CHECKOK(group->meth->field_dec(ry, ry, group->meth));
+	}
+
+  CLEANUP:
+	if (MP_DIGITS(&kt) != MP_DIGITS(k)) {
+		mp_clear(&kt);
+	}
+	return res;
+}
+
+/* Elliptic curve scalar-point multiplication. Computes R(x, y) = k1 * G + 
+ * k2 * P(x, y), where G is the generator (base point) of the group of
+ * points on the elliptic curve. Allows k1 = NULL or { k2, P } = NULL.
+ * Input and output values are assumed to be NOT field-encoded. */
+mp_err
+ec_pts_mul_basic(const mp_int *k1, const mp_int *k2, const mp_int *px,
+				 const mp_int *py, mp_int *rx, mp_int *ry,
+				 const ECGroup *group)
+{
+	mp_err res = MP_OKAY;
+	mp_int sx, sy;
+
+	ARGCHK(group != NULL, MP_BADARG);
+	ARGCHK(!((k1 == NULL)
+			 && ((k2 == NULL) || (px == NULL)
+				 || (py == NULL))), MP_BADARG);
+
+	/* if some arguments are not defined used ECPoint_mul */
+	if (k1 == NULL) {
+		return ECPoint_mul(group, k2, px, py, rx, ry);
+	} else if ((k2 == NULL) || (px == NULL) || (py == NULL)) {
+		return ECPoint_mul(group, k1, NULL, NULL, rx, ry);
+	}
+
+	MP_DIGITS(&sx) = 0;
+	MP_DIGITS(&sy) = 0;
+	MP_CHECKOK(mp_init(&sx));
+	MP_CHECKOK(mp_init(&sy));
+
+	MP_CHECKOK(ECPoint_mul(group, k1, NULL, NULL, &sx, &sy));
+	MP_CHECKOK(ECPoint_mul(group, k2, px, py, rx, ry));
+
+	if (group->meth->field_enc) {
+		MP_CHECKOK(group->meth->field_enc(&sx, &sx, group->meth));
+		MP_CHECKOK(group->meth->field_enc(&sy, &sy, group->meth));
+		MP_CHECKOK(group->meth->field_enc(rx, rx, group->meth));
+		MP_CHECKOK(group->meth->field_enc(ry, ry, group->meth));
+	}
+
+	MP_CHECKOK(group->point_add(&sx, &sy, rx, ry, rx, ry, group));
+
+	if (group->meth->field_dec) {
+		MP_CHECKOK(group->meth->field_dec(rx, rx, group->meth));
+		MP_CHECKOK(group->meth->field_dec(ry, ry, group->meth));
+	}
+
+  CLEANUP:
+	mp_clear(&sx);
+	mp_clear(&sy);
+	return res;
+}
+
+/* Elliptic curve scalar-point multiplication. Computes R(x, y) = k1 * G + 
+ * k2 * P(x, y), where G is the generator (base point) of the group of
+ * points on the elliptic curve. Allows k1 = NULL or { k2, P } = NULL.
+ * Input and output values are assumed to be NOT field-encoded. Uses
+ * algorithm 15 (simultaneous multiple point multiplication) from Brown,
+ * Hankerson, Lopez, Menezes. Software Implementation of the NIST
+ * Elliptic Curves over Prime Fields. */
+mp_err
+ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2, const mp_int *px,
+					const mp_int *py, mp_int *rx, mp_int *ry,
+					const ECGroup *group)
+{
+	mp_err res = MP_OKAY;
+	mp_int precomp[4][4][2];
+	const mp_int *a, *b;
+	int i, j;
+	int ai, bi, d;
+
+	ARGCHK(group != NULL, MP_BADARG);
+	ARGCHK(!((k1 == NULL)
+			 && ((k2 == NULL) || (px == NULL)
+				 || (py == NULL))), MP_BADARG);
+
+	/* if some arguments are not defined used ECPoint_mul */
+	if (k1 == NULL) {
+		return ECPoint_mul(group, k2, px, py, rx, ry);
+	} else if ((k2 == NULL) || (px == NULL) || (py == NULL)) {
+		return ECPoint_mul(group, k1, NULL, NULL, rx, ry);
+	}
+
+	/* initialize precomputation table */
+	for (i = 0; i < 4; i++) {
+		for (j = 0; j < 4; j++) {
+			MP_DIGITS(&precomp[i][j][0]) = 0;
+			MP_DIGITS(&precomp[i][j][1]) = 0;
+		}
+	}
+	for (i = 0; i < 4; i++) {
+		for (j = 0; j < 4; j++) {
+			 MP_CHECKOK( mp_init_size(&precomp[i][j][0],
+						 ECL_MAX_FIELD_SIZE_DIGITS) );
+			 MP_CHECKOK( mp_init_size(&precomp[i][j][1],
+						 ECL_MAX_FIELD_SIZE_DIGITS) );
+		}
+	}
+
+	/* fill precomputation table */
+	/* assign {k1, k2} = {a, b} such that len(a) >= len(b) */
+	if (mpl_significant_bits(k1) < mpl_significant_bits(k2)) {
+		a = k2;
+		b = k1;
+		if (group->meth->field_enc) {
+			MP_CHECKOK(group->meth->
+					   field_enc(px, &precomp[1][0][0], group->meth));
+			MP_CHECKOK(group->meth->
+					   field_enc(py, &precomp[1][0][1], group->meth));
+		} else {
+			MP_CHECKOK(mp_copy(px, &precomp[1][0][0]));
+			MP_CHECKOK(mp_copy(py, &precomp[1][0][1]));
+		}
+		MP_CHECKOK(mp_copy(&group->genx, &precomp[0][1][0]));
+		MP_CHECKOK(mp_copy(&group->geny, &precomp[0][1][1]));
+	} else {
+		a = k1;
+		b = k2;
+		MP_CHECKOK(mp_copy(&group->genx, &precomp[1][0][0]));
+		MP_CHECKOK(mp_copy(&group->geny, &precomp[1][0][1]));
+		if (group->meth->field_enc) {
+			MP_CHECKOK(group->meth->
+					   field_enc(px, &precomp[0][1][0], group->meth));
+			MP_CHECKOK(group->meth->
+					   field_enc(py, &precomp[0][1][1], group->meth));
+		} else {
+			MP_CHECKOK(mp_copy(px, &precomp[0][1][0]));
+			MP_CHECKOK(mp_copy(py, &precomp[0][1][1]));
+		}
+	}
+	/* precompute [*][0][*] */
+	mp_zero(&precomp[0][0][0]);
+	mp_zero(&precomp[0][0][1]);
+	MP_CHECKOK(group->
+			   point_dbl(&precomp[1][0][0], &precomp[1][0][1],
+						 &precomp[2][0][0], &precomp[2][0][1], group));
+	MP_CHECKOK(group->
+			   point_add(&precomp[1][0][0], &precomp[1][0][1],
+						 &precomp[2][0][0], &precomp[2][0][1],
+						 &precomp[3][0][0], &precomp[3][0][1], group));
+	/* precompute [*][1][*] */
+	for (i = 1; i < 4; i++) {
+		MP_CHECKOK(group->
+				   point_add(&precomp[0][1][0], &precomp[0][1][1],
+							 &precomp[i][0][0], &precomp[i][0][1],
+							 &precomp[i][1][0], &precomp[i][1][1], group));
+	}
+	/* precompute [*][2][*] */
+	MP_CHECKOK(group->
+			   point_dbl(&precomp[0][1][0], &precomp[0][1][1],
+						 &precomp[0][2][0], &precomp[0][2][1], group));
+	for (i = 1; i < 4; i++) {
+		MP_CHECKOK(group->
+				   point_add(&precomp[0][2][0], &precomp[0][2][1],
+							 &precomp[i][0][0], &precomp[i][0][1],
+							 &precomp[i][2][0], &precomp[i][2][1], group));
+	}
+	/* precompute [*][3][*] */
+	MP_CHECKOK(group->
+			   point_add(&precomp[0][1][0], &precomp[0][1][1],
+						 &precomp[0][2][0], &precomp[0][2][1],
+						 &precomp[0][3][0], &precomp[0][3][1], group));
+	for (i = 1; i < 4; i++) {
+		MP_CHECKOK(group->
+				   point_add(&precomp[0][3][0], &precomp[0][3][1],
+							 &precomp[i][0][0], &precomp[i][0][1],
+							 &precomp[i][3][0], &precomp[i][3][1], group));
+	}
+
+	d = (mpl_significant_bits(a) + 1) / 2;
+
+	/* R = inf */
+	mp_zero(rx);
+	mp_zero(ry);
+
+	for (i = d - 1; i >= 0; i--) {
+		ai = MP_GET_BIT(a, 2 * i + 1);
+		ai <<= 1;
+		ai |= MP_GET_BIT(a, 2 * i);
+		bi = MP_GET_BIT(b, 2 * i + 1);
+		bi <<= 1;
+		bi |= MP_GET_BIT(b, 2 * i);
+		/* R = 2^2 * R */
+		MP_CHECKOK(group->point_dbl(rx, ry, rx, ry, group));
+		MP_CHECKOK(group->point_dbl(rx, ry, rx, ry, group));
+		/* R = R + (ai * A + bi * B) */
+		MP_CHECKOK(group->
+				   point_add(rx, ry, &precomp[ai][bi][0],
+							 &precomp[ai][bi][1], rx, ry, group));
+	}
+
+	if (group->meth->field_dec) {
+		MP_CHECKOK(group->meth->field_dec(rx, rx, group->meth));
+		MP_CHECKOK(group->meth->field_dec(ry, ry, group->meth));
+	}
+
+  CLEANUP:
+	for (i = 0; i < 4; i++) {
+		for (j = 0; j < 4; j++) {
+			mp_clear(&precomp[i][j][0]);
+			mp_clear(&precomp[i][j][1]);
+		}
+	}
+	return res;
+}
+
+/* Elliptic curve scalar-point multiplication. Computes R(x, y) = k1 * G + 
+ * k2 * P(x, y), where G is the generator (base point) of the group of
+ * points on the elliptic curve. Allows k1 = NULL or { k2, P } = NULL.
+ * Input and output values are assumed to be NOT field-encoded. */
+mp_err
+ECPoints_mul(const ECGroup *group, const mp_int *k1, const mp_int *k2,
+			 const mp_int *px, const mp_int *py, mp_int *rx, mp_int *ry)
+{
+	mp_err res = MP_OKAY;
+	mp_int k1t, k2t;
+	const mp_int *k1p, *k2p;
+
+	MP_DIGITS(&k1t) = 0;
+	MP_DIGITS(&k2t) = 0;
+
+	ARGCHK(group != NULL, MP_BADARG);
+
+	/* want scalar to be less than or equal to group order */
+	if (k1 != NULL) {
+		if (mp_cmp(k1, &group->order) >= 0) {
+			MP_CHECKOK(mp_init(&k1t));
+			MP_CHECKOK(mp_mod(k1, &group->order, &k1t));
+			k1p = &k1t;
+		} else {
+			k1p = k1;
+		}
+	} else {
+		k1p = k1;
+	}
+	if (k2 != NULL) {
+		if (mp_cmp(k2, &group->order) >= 0) {
+			MP_CHECKOK(mp_init(&k2t));
+			MP_CHECKOK(mp_mod(k2, &group->order, &k2t));
+			k2p = &k2t;
+		} else {
+			k2p = k2;
+		}
+	} else {
+		k2p = k2;
+	}
+
+	/* if points_mul is defined, then use it */
+	if (group->points_mul) {
+		res = group->points_mul(k1p, k2p, px, py, rx, ry, group);
+	} else {
+		res = ec_pts_mul_simul_w2(k1p, k2p, px, py, rx, ry, group);
+	}
+
+  CLEANUP:
+	mp_clear(&k1t);
+	mp_clear(&k2t);
+	return res;
+}
diff --git a/security/nss/lib/freebl/ecl/ecp.h b/security/nss/lib/freebl/ecl/ecp.h
new file mode 100644
index 000000000..1d247b154
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ecp.h
@@ -0,0 +1,140 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library for prime field curves.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#ifndef __ecp_h_
+#define __ecp_h_
+
+#include "ecl-priv.h"
+
+/* Checks if point P(px, py) is at infinity.  Uses affine coordinates. */
+mp_err ec_GFp_pt_is_inf_aff(const mp_int *px, const mp_int *py);
+
+/* Sets P(px, py) to be the point at infinity.  Uses affine coordinates. */
+mp_err ec_GFp_pt_set_inf_aff(mp_int *px, mp_int *py);
+
+/* Computes R = P + Q where R is (rx, ry), P is (px, py) and Q is (qx,
+ * qy). Uses affine coordinates. */
+mp_err ec_GFp_pt_add_aff(const mp_int *px, const mp_int *py,
+						 const mp_int *qx, const mp_int *qy, mp_int *rx,
+						 mp_int *ry, const ECGroup *group);
+
+/* Computes R = P - Q.  Uses affine coordinates. */
+mp_err ec_GFp_pt_sub_aff(const mp_int *px, const mp_int *py,
+						 const mp_int *qx, const mp_int *qy, mp_int *rx,
+						 mp_int *ry, const ECGroup *group);
+
+/* Computes R = 2P.  Uses affine coordinates. */
+mp_err ec_GFp_pt_dbl_aff(const mp_int *px, const mp_int *py, mp_int *rx,
+						 mp_int *ry, const ECGroup *group);
+
+/* Validates a point on a GFp curve. */
+mp_err ec_GFp_validate_point(const mp_int *px, const mp_int *py, const ECGroup *group);
+
+#ifdef ECL_ENABLE_GFP_PT_MUL_AFF
+/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
+ * a, b and p are the elliptic curve coefficients and the prime that
+ * determines the field GFp.  Uses affine coordinates. */
+mp_err ec_GFp_pt_mul_aff(const mp_int *n, const mp_int *px,
+						 const mp_int *py, mp_int *rx, mp_int *ry,
+						 const ECGroup *group);
+#endif
+
+/* Converts a point P(px, py) from affine coordinates to Jacobian
+ * projective coordinates R(rx, ry, rz). */
+mp_err ec_GFp_pt_aff2jac(const mp_int *px, const mp_int *py, mp_int *rx,
+						 mp_int *ry, mp_int *rz, const ECGroup *group);
+
+/* Converts a point P(px, py, pz) from Jacobian projective coordinates to
+ * affine coordinates R(rx, ry). */
+mp_err ec_GFp_pt_jac2aff(const mp_int *px, const mp_int *py,
+						 const mp_int *pz, mp_int *rx, mp_int *ry,
+						 const ECGroup *group);
+
+/* Checks if point P(px, py, pz) is at infinity.  Uses Jacobian
+ * coordinates. */
+mp_err ec_GFp_pt_is_inf_jac(const mp_int *px, const mp_int *py,
+							const mp_int *pz);
+
+/* Sets P(px, py, pz) to be the point at infinity.  Uses Jacobian
+ * coordinates. */
+mp_err ec_GFp_pt_set_inf_jac(mp_int *px, mp_int *py, mp_int *pz);
+
+/* Computes R = P + Q where R is (rx, ry, rz), P is (px, py, pz) and Q is
+ * (qx, qy, qz).  Uses Jacobian coordinates. */
+mp_err ec_GFp_pt_add_jac_aff(const mp_int *px, const mp_int *py,
+							 const mp_int *pz, const mp_int *qx,
+							 const mp_int *qy, mp_int *rx, mp_int *ry,
+							 mp_int *rz, const ECGroup *group);
+
+/* Computes R = 2P.  Uses Jacobian coordinates. */
+mp_err ec_GFp_pt_dbl_jac(const mp_int *px, const mp_int *py,
+						 const mp_int *pz, mp_int *rx, mp_int *ry,
+						 mp_int *rz, const ECGroup *group);
+
+#ifdef ECL_ENABLE_GFP_PT_MUL_JAC
+/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
+ * a, b and p are the elliptic curve coefficients and the prime that
+ * determines the field GFp.  Uses Jacobian coordinates. */
+mp_err ec_GFp_pt_mul_jac(const mp_int *n, const mp_int *px,
+						 const mp_int *py, mp_int *rx, mp_int *ry,
+						 const ECGroup *group);
+#endif
+
+/* Computes R(x, y) = k1 * G + k2 * P(x, y), where G is the generator
+ * (base point) of the group of points on the elliptic curve. Allows k1 =
+ * NULL or { k2, P } = NULL.  Implemented using mixed Jacobian-affine
+ * coordinates. Input and output values are assumed to be NOT
+ * field-encoded and are in affine form. */
+mp_err
+ ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px,
+					const mp_int *py, mp_int *rx, mp_int *ry,
+					const ECGroup *group);
+
+/* Computes R = nP where R is (rx, ry) and P is the base point. Elliptic
+ * curve points P and R can be identical. Uses mixed Modified-Jacobian
+ * co-ordinates for doubling and Chudnovsky Jacobian coordinates for
+ * additions. Assumes input is already field-encoded using field_enc, and
+ * returns output that is still field-encoded. Uses 5-bit window NAF
+ * method (algorithm 11) for scalar-point multiplication from Brown,
+ * Hankerson, Lopez, Menezes. Software Implementation of the NIST Elliptic 
+ * Curves Over Prime Fields. */
+mp_err
+ ec_GFp_pt_mul_jm_wNAF(const mp_int *n, const mp_int *px, const mp_int *py,
+					   mp_int *rx, mp_int *ry, const ECGroup *group);
+
+#endif							/* __ecp_h_ */
diff --git a/security/nss/lib/freebl/ecl/ecp_192.c b/security/nss/lib/freebl/ecl/ecp_192.c
new file mode 100644
index 000000000..f4cd42bc3
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ecp_192.c
@@ -0,0 +1,516 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library for prime field curves.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "ecp.h"
+#include "mpi.h"
+#include "mplogic.h"
+#include "mpi-priv.h"
+#include <stdlib.h>
+
+#define ECP192_DIGITS ECL_CURVE_DIGITS(192)
+
+/* Fast modular reduction for p192 = 2^192 - 2^64 - 1.  a can be r. Uses
+ * algorithm 7 from Brown, Hankerson, Lopez, Menezes. Software
+ * Implementation of the NIST Elliptic Curves over Prime Fields. */
+mp_err
+ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	mp_size a_used = MP_USED(a);
+	mp_digit r3;
+#ifndef MPI_AMD64_ADD 
+	mp_digit carry;
+#endif
+#ifdef ECL_THIRTY_TWO_BIT
+	mp_digit a5a = 0, a5b = 0, a4a = 0, a4b = 0, a3a = 0, a3b = 0;
+        mp_digit r0a, r0b, r1a, r1b, r2a, r2b;
+#else
+	mp_digit a5 = 0, a4 = 0, a3 = 0;
+        mp_digit r0, r1, r2;
+#endif
+
+	/* reduction not needed if a is not larger than field size */
+	if (a_used < ECP192_DIGITS) {
+		if (a == r) {
+			return MP_OKAY;
+		}
+		return mp_copy(a, r);
+	}
+
+	/* for polynomials larger than twice the field size, use regular
+	 * reduction */
+	if (a_used > ECP192_DIGITS*2) {
+		MP_CHECKOK(mp_mod(a, &meth->irr, r));
+	} else {
+		/* copy out upper words of a */
+
+#ifdef ECL_THIRTY_TWO_BIT
+
+		/* in all the math below,
+		 * nXb is most signifiant, nXa is least significant */
+		switch (a_used) {
+		case 12:
+			a5b = MP_DIGIT(a, 11);
+		case 11:
+			a5a = MP_DIGIT(a, 10);
+		case 10:
+			a4b = MP_DIGIT(a, 9);
+		case 9:
+			a4a = MP_DIGIT(a, 8);
+		case 8:
+			a3b = MP_DIGIT(a, 7);
+		case 7:
+			a3a = MP_DIGIT(a, 6);
+		}
+
+
+                r2b= MP_DIGIT(a, 5);
+                r2a= MP_DIGIT(a, 4);
+                r1b = MP_DIGIT(a, 3);
+                r1a = MP_DIGIT(a, 2);
+                r0b = MP_DIGIT(a, 1);
+                r0a = MP_DIGIT(a, 0);
+
+		/* implement r = (a2,a1,a0)+(a5,a5,a5)+(a4,a4,0)+(0,a3,a3) */
+		MP_ADD_CARRY(r0a, a3a, r0a, 0,    carry);
+		MP_ADD_CARRY(r0b, a3b, r0b, carry, carry);
+		MP_ADD_CARRY(r1a, a3a, r1a, carry, carry);
+		MP_ADD_CARRY(r1b, a3b, r1b, carry, carry);
+		MP_ADD_CARRY(r2a, a4a, r2a, carry, carry);
+		MP_ADD_CARRY(r2b, a4b, r2b, carry, carry);
+		r3 = carry; carry = 0;
+		MP_ADD_CARRY(r0a, a5a, r0a, 0,     carry);
+		MP_ADD_CARRY(r0b, a5b, r0b, carry, carry);
+		MP_ADD_CARRY(r1a, a5a, r1a, carry, carry);
+		MP_ADD_CARRY(r1b, a5b, r1b, carry, carry);
+		MP_ADD_CARRY(r2a, a5a, r2a, carry, carry);
+		MP_ADD_CARRY(r2b, a5b, r2b, carry, carry);
+		r3 += carry; 
+		MP_ADD_CARRY(r1a, a4a, r1a, 0,     carry);
+		MP_ADD_CARRY(r1b, a4b, r1b, carry, carry);
+		MP_ADD_CARRY(r2a,   0, r2a, carry, carry);
+		MP_ADD_CARRY(r2b,   0, r2b, carry, carry);
+		r3 += carry;
+
+		/* reduce out the carry */
+		while (r3) {
+			MP_ADD_CARRY(r0a, r3, r0a, 0,     carry);
+			MP_ADD_CARRY(r0b,  0, r0b, carry, carry);
+			MP_ADD_CARRY(r1a, r3, r1a, carry, carry);
+			MP_ADD_CARRY(r1b,  0, r1b, carry, carry);
+			MP_ADD_CARRY(r2a,  0, r2a, carry, carry);
+			MP_ADD_CARRY(r2b,  0, r2b, carry, carry);
+			r3 = carry;
+		}
+
+		/* check for final reduction */
+		/*
+		 * our field is 0xffffffffffffffff, 0xfffffffffffffffe,
+		 * 0xffffffffffffffff. That means we can only be over and need
+		 * one more reduction 
+		 *  if r2 == 0xffffffffffffffffff (same as r2+1 == 0) 
+		 *     and
+		 *     r1 == 0xffffffffffffffffff   or
+		 *     r1 == 0xfffffffffffffffffe and r0 = 0xfffffffffffffffff
+		 * In all cases, we subtract the field (or add the 2's 
+		 * complement value (1,1,0)).  (r0, r1, r2)
+		 */
+		if (((r2b == 0xffffffff) && (r2a == 0xffffffff) 
+			&& (r1b == 0xffffffff) ) &&
+			   ((r1a == 0xffffffff) || 
+			    (r1a == 0xfffffffe) && (r0a == 0xffffffff) &&
+					(r0b == 0xffffffff)) ) {
+			/* do a quick subtract */
+			MP_ADD_CARRY(r0a, 1, r0a, 0, carry);
+			r0b += carry;
+			r1a = r1b = r2a = r2b = 0;
+		}
+
+		/* set the lower words of r */
+		if (a != r) {
+			MP_CHECKOK(s_mp_pad(r, 6));
+		}
+		MP_DIGIT(r, 5) = r2b;
+		MP_DIGIT(r, 4) = r2a;
+		MP_DIGIT(r, 3) = r1b;
+		MP_DIGIT(r, 2) = r1a;
+		MP_DIGIT(r, 1) = r0b;
+		MP_DIGIT(r, 0) = r0a;
+		MP_USED(r) = 6;
+#else
+		switch (a_used) {
+		case 6:
+			a5 = MP_DIGIT(a, 5);
+		case 5:
+			a4 = MP_DIGIT(a, 4);
+		case 4:
+			a3 = MP_DIGIT(a, 3);
+		}
+
+                r2 = MP_DIGIT(a, 2);
+                r1 = MP_DIGIT(a, 1);
+                r0 = MP_DIGIT(a, 0);
+
+		/* implement r = (a2,a1,a0)+(a5,a5,a5)+(a4,a4,0)+(0,a3,a3) */
+#ifndef MPI_AMD64_ADD 
+		MP_ADD_CARRY(r0, a3, r0, 0,     carry);
+		MP_ADD_CARRY(r1, a3, r1, carry, carry);
+		MP_ADD_CARRY(r2, a4, r2, carry, carry);
+		r3 = carry; 
+		MP_ADD_CARRY(r0, a5, r0, 0,     carry);
+		MP_ADD_CARRY(r1, a5, r1, carry, carry);
+		MP_ADD_CARRY(r2, a5, r2, carry, carry);
+		r3 += carry; 
+		MP_ADD_CARRY(r1, a4, r1, 0,     carry);
+		MP_ADD_CARRY(r2,  0, r2, carry, carry);
+		r3 += carry;
+
+#else 
+                r2 = MP_DIGIT(a, 2);
+                r1 = MP_DIGIT(a, 1);
+                r0 = MP_DIGIT(a, 0);
+
+                /* set the lower words of r */
+                __asm__ (
+                "xorq   %3,%3           \n\t"
+                "addq   %4,%0           \n\t"
+                "adcq   %4,%1           \n\t"
+                "adcq   %5,%2           \n\t"
+                "adcq   $0,%3           \n\t"
+                "addq   %6,%0           \n\t"
+                "adcq   %6,%1           \n\t"
+                "adcq   %6,%2           \n\t"
+                "adcq   $0,%3           \n\t"
+                "addq   %5,%1           \n\t"
+                "adcq   $0,%2           \n\t"
+                "adcq   $0,%3           \n\t"
+                : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(r3), "=r"(a3), 
+		  "=r"(a4), "=r"(a5)
+                : "0" (r0), "1" (r1), "2" (r2), "3" (r3), 
+		  "4" (a3), "5" (a4), "6"(a5)
+                : "%cc" );
+#endif 
+
+		/* reduce out the carry */
+		while (r3) {
+#ifndef MPI_AMD64_ADD
+			MP_ADD_CARRY(r0, r3, r0, 0,     carry);
+			MP_ADD_CARRY(r1, r3, r1, carry, carry);
+			MP_ADD_CARRY(r2,  0, r2, carry, carry);
+			r3 = carry;
+#else
+			a3=r3;
+              		__asm__ (
+                	"xorq   %3,%3           \n\t"
+                	"addq   %4,%0           \n\t"
+                	"adcq   %4,%1           \n\t"
+                	"adcq   $0,%2           \n\t"
+                	"adcq   $0,%3           \n\t"
+                	: "=r"(r0), "=r"(r1), "=r"(r2), "=r"(r3), "=r"(a3)
+                	: "0" (r0), "1" (r1), "2" (r2), "3" (r3), "4"(a3)
+                	: "%cc" );
+#endif
+		}
+
+		/* check for final reduction */
+		/*
+		 * our field is 0xffffffffffffffff, 0xfffffffffffffffe,
+		 * 0xffffffffffffffff. That means we can only be over and need
+		 * one more reduction 
+		 *  if r2 == 0xffffffffffffffffff (same as r2+1 == 0) 
+		 *     and
+		 *     r1 == 0xffffffffffffffffff   or
+		 *     r1 == 0xfffffffffffffffffe and r0 = 0xfffffffffffffffff
+		 * In all cases, we subtract the field (or add the 2's 
+		 * complement value (1,1,0)).  (r0, r1, r2)
+		 */
+		if (r3 || ((r2 == MP_DIGIT_MAX) &&
+		      ((r1 == MP_DIGIT_MAX) || 
+			((r1 == (MP_DIGIT_MAX-1)) && (r0 == MP_DIGIT_MAX))))) {
+			/* do a quick subtract */
+			r0++;
+			r1 = r2 = 0;
+		}
+		/* set the lower words of r */
+		if (a != r) {
+			MP_CHECKOK(s_mp_pad(r, 3));
+		}
+		MP_DIGIT(r, 2) = r2;
+		MP_DIGIT(r, 1) = r1;
+		MP_DIGIT(r, 0) = r0;
+		MP_USED(r) = 3;
+#endif
+	}
+
+  CLEANUP:
+	return res;
+}
+
+#ifndef ECL_THIRTY_TWO_BIT
+/* Compute the sum of 192 bit curves. Do the work in-line since the
+ * number of words are so small, we don't want to overhead of mp function
+ * calls.  Uses optimized modular reduction for p192. 
+ */
+mp_err
+ec_GFp_nistp192_add(const mp_int *a, const mp_int *b, mp_int *r, 
+			const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	mp_digit a0 = 0, a1 = 0, a2 = 0;
+	mp_digit r0 = 0, r1 = 0, r2 = 0;
+	mp_digit carry;
+
+	switch(MP_USED(a)) {
+	case 3:
+		a2 = MP_DIGIT(a,2);
+	case 2:
+		a1 = MP_DIGIT(a,1);
+	case 1:
+		a0 = MP_DIGIT(a,0);
+	}
+	switch(MP_USED(b)) {
+	case 3:
+		r2 = MP_DIGIT(b,2);
+	case 2:
+		r1 = MP_DIGIT(b,1);
+	case 1:
+		r0 = MP_DIGIT(b,0);
+	}
+
+#ifndef MPI_AMD64_ADD
+	MP_ADD_CARRY(a0, r0, r0, 0,     carry);
+	MP_ADD_CARRY(a1, r1, r1, carry, carry);
+	MP_ADD_CARRY(a2, r2, r2, carry, carry);
+#else
+	__asm__ (
+                "xorq   %3,%3           \n\t"
+                "addq   %4,%0           \n\t"
+                "adcq   %5,%1           \n\t"
+                "adcq   %6,%2           \n\t"
+                "adcq   $0,%3           \n\t"
+                : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(carry)
+                : "r" (a0), "r" (a1), "r" (a2), "0" (r0), 
+		  "1" (r1), "2" (r2)
+                : "%cc" );
+#endif
+
+	/* Do quick 'subract' if we've gone over 
+	 * (add the 2's complement of the curve field) */
+	if (carry || ((r2 == MP_DIGIT_MAX) &&
+		      ((r1 == MP_DIGIT_MAX) || 
+			((r1 == (MP_DIGIT_MAX-1)) && (r0 == MP_DIGIT_MAX))))) {
+#ifndef MPI_AMD64_ADD
+		MP_ADD_CARRY(r0, 1, r0, 0,     carry);
+		MP_ADD_CARRY(r1, 1, r1, carry, carry);
+		MP_ADD_CARRY(r2, 0, r2, carry, carry);
+#else
+		__asm__ (
+			"addq   $1,%0           \n\t"
+			"adcq   $1,%1           \n\t"
+			"adcq   $0,%2           \n\t"
+			: "=r"(r0), "=r"(r1), "=r"(r2)
+			: "0" (r0), "1" (r1), "2" (r2)
+			: "%cc" );
+#endif
+	}
+
+	
+	MP_CHECKOK(s_mp_pad(r, 3));
+	MP_DIGIT(r, 2) = r2;
+	MP_DIGIT(r, 1) = r1;
+	MP_DIGIT(r, 0) = r0;
+	MP_SIGN(r) = MP_ZPOS;
+	MP_USED(r) = 3;
+	s_mp_clamp(r);
+
+
+  CLEANUP:
+	return res;
+}
+
+/* Compute the diff of 192 bit curves. Do the work in-line since the
+ * number of words are so small, we don't want to overhead of mp function
+ * calls.  Uses optimized modular reduction for p192. 
+ */
+mp_err
+ec_GFp_nistp192_sub(const mp_int *a, const mp_int *b, mp_int *r, 
+			const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	mp_digit b0 = 0, b1 = 0, b2 = 0;
+	mp_digit r0 = 0, r1 = 0, r2 = 0;
+	mp_digit borrow;
+
+	switch(MP_USED(a)) {
+	case 3:
+		r2 = MP_DIGIT(a,2);
+	case 2:
+		r1 = MP_DIGIT(a,1);
+	case 1:
+		r0 = MP_DIGIT(a,0);
+	}
+
+	switch(MP_USED(b)) {
+	case 3:
+		b2 = MP_DIGIT(b,2);
+	case 2:
+		b1 = MP_DIGIT(b,1);
+	case 1:
+		b0 = MP_DIGIT(b,0);
+	}
+
+#ifndef MPI_AMD64_ADD
+	MP_SUB_BORROW(r0, b0, r0, 0,     borrow);
+	MP_SUB_BORROW(r1, b1, r1, borrow, borrow);
+	MP_SUB_BORROW(r2, b2, r2, borrow, borrow);
+#else
+	__asm__ (
+                "xorq   %3,%3           \n\t"
+                "subq   %4,%0           \n\t"
+                "sbbq   %5,%1           \n\t"
+                "sbbq   %6,%2           \n\t"
+                "adcq   $0,%3           \n\t"
+                : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(borrow)
+                : "r" (b0), "r" (b1), "r" (b2), "0" (r0), 
+		  "1" (r1), "2" (r2)
+                : "%cc" );
+#endif
+
+	/* Do quick 'add' if we've gone under 0
+	 * (subtract the 2's complement of the curve field) */
+	if (borrow) {
+#ifndef MPI_AMD64_ADD
+		MP_SUB_BORROW(r0, 1, r0, 0,     borrow);
+		MP_SUB_BORROW(r1, 1, r1, borrow, borrow);
+		MP_SUB_BORROW(r2,  0, r2, borrow, borrow);
+#else
+		__asm__ (
+			"subq   $1,%0           \n\t"
+			"sbbq   $1,%1           \n\t"
+			"sbbq   $0,%2           \n\t"
+			: "=r"(r0), "=r"(r1), "=r"(r2)
+			: "0" (r0), "1" (r1), "2" (r2)
+			: "%cc" );
+#endif
+	}
+
+	MP_CHECKOK(s_mp_pad(r, 3));
+	MP_DIGIT(r, 2) = r2;
+	MP_DIGIT(r, 1) = r1;
+	MP_DIGIT(r, 0) = r0;
+	MP_SIGN(r) = MP_ZPOS;
+	MP_USED(r) = 3;
+	s_mp_clamp(r);
+
+  CLEANUP:
+	return res;
+}
+
+#endif
+
+/* Compute the square of polynomial a, reduce modulo p192. Store the
+ * result in r.  r could be a.  Uses optimized modular reduction for p192. 
+ */
+mp_err
+ec_GFp_nistp192_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+
+	MP_CHECKOK(mp_sqr(a, r));
+	MP_CHECKOK(ec_GFp_nistp192_mod(r, r, meth));
+  CLEANUP:
+	return res;
+}
+
+/* Compute the product of two polynomials a and b, reduce modulo p192.
+ * Store the result in r.  r could be a or b; a could be b.  Uses
+ * optimized modular reduction for p192. */
+mp_err
+ec_GFp_nistp192_mul(const mp_int *a, const mp_int *b, mp_int *r,
+					const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+
+	MP_CHECKOK(mp_mul(a, b, r));
+	MP_CHECKOK(ec_GFp_nistp192_mod(r, r, meth));
+  CLEANUP:
+	return res;
+}
+
+/* Divides two field elements. If a is NULL, then returns the inverse of
+ * b. */
+mp_err
+ec_GFp_nistp192_div(const mp_int *a, const mp_int *b, mp_int *r,
+		   const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	mp_int t;
+
+	/* If a is NULL, then return the inverse of b, otherwise return a/b. */
+	if (a == NULL) {
+		return  mp_invmod(b, &meth->irr, r);
+	} else {
+		/* MPI doesn't support divmod, so we implement it using invmod and 
+		 * mulmod. */
+		MP_CHECKOK(mp_init(&t));
+		MP_CHECKOK(mp_invmod(b, &meth->irr, &t));
+		MP_CHECKOK(mp_mul(a, &t, r));
+		MP_CHECKOK(ec_GFp_nistp192_mod(r, r, meth));
+	  CLEANUP:
+		mp_clear(&t);
+		return res;
+	}
+}
+
+/* Wire in fast field arithmetic and precomputation of base point for
+ * named curves. */
+mp_err
+ec_group_set_gfp192(ECGroup *group, ECCurveName name)
+{
+	if (name == ECCurve_NIST_P192) {
+		group->meth->field_mod = &ec_GFp_nistp192_mod;
+		group->meth->field_mul = &ec_GFp_nistp192_mul;
+		group->meth->field_sqr = &ec_GFp_nistp192_sqr;
+		group->meth->field_div = &ec_GFp_nistp192_div;
+#ifndef ECL_THIRTY_TWO_BIT
+		group->meth->field_add = &ec_GFp_nistp192_add;
+		group->meth->field_sub = &ec_GFp_nistp192_sub;
+#endif
+	}
+	return MP_OKAY;
+}
diff --git a/security/nss/lib/freebl/ecl/ecp_224.c b/security/nss/lib/freebl/ecl/ecp_224.c
new file mode 100644
index 000000000..56683e9ef
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ecp_224.c
@@ -0,0 +1,372 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library for prime field curves.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "ecp.h"
+#include "mpi.h"
+#include "mplogic.h"
+#include "mpi-priv.h"
+#include <stdlib.h>
+
+#define ECP224_DIGITS ECL_CURVE_DIGITS(224)
+
+/* Fast modular reduction for p224 = 2^224 - 2^96 + 1.  a can be r. Uses
+ * algorithm 7 from Brown, Hankerson, Lopez, Menezes. Software
+ * Implementation of the NIST Elliptic Curves over Prime Fields. */
+mp_err
+ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	mp_size a_used = MP_USED(a);
+
+	int    r3b;
+	mp_digit carry;
+#ifdef ECL_THIRTY_TWO_BIT
+        mp_digit a6a = 0, a6b = 0,
+                a5a = 0, a5b = 0, a4a = 0, a4b = 0, a3a = 0, a3b = 0;
+        mp_digit r0a, r0b, r1a, r1b, r2a, r2b, r3a;
+#else
+	mp_digit a6 = 0, a5 = 0, a4 = 0, a3b = 0, a5a = 0;
+        mp_digit a6b = 0, a6a_a5b = 0, a5b = 0, a5a_a4b = 0, a4a_a3b = 0;
+        mp_digit r0, r1, r2, r3;
+#endif
+
+	/* reduction not needed if a is not larger than field size */
+	if (a_used < ECP224_DIGITS) {
+		if (a == r) return MP_OKAY;
+		return mp_copy(a, r);
+	}
+	/* for polynomials larger than twice the field size, use regular
+	 * reduction */
+	if (a_used > ECL_CURVE_DIGITS(224*2)) {
+		MP_CHECKOK(mp_mod(a, &meth->irr, r));
+	} else {
+#ifdef ECL_THIRTY_TWO_BIT
+		/* copy out upper words of a */
+		switch (a_used) {
+		case 14:
+			a6b = MP_DIGIT(a, 13);
+		case 13:
+			a6a = MP_DIGIT(a, 12);
+		case 12:
+			a5b = MP_DIGIT(a, 11);
+		case 11:
+			a5a = MP_DIGIT(a, 10);
+		case 10:
+			a4b = MP_DIGIT(a, 9);
+		case 9:
+			a4a = MP_DIGIT(a, 8);
+		case 8:
+			a3b = MP_DIGIT(a, 7);
+		}
+		r3a = MP_DIGIT(a, 6);
+		r2b= MP_DIGIT(a, 5);
+		r2a= MP_DIGIT(a, 4);
+		r1b = MP_DIGIT(a, 3);
+		r1a = MP_DIGIT(a, 2);
+		r0b = MP_DIGIT(a, 1);
+		r0a = MP_DIGIT(a, 0);
+
+
+		/* implement r = (a3a,a2,a1,a0)
+			+(a5a, a4,a3b,  0)
+			+(  0, a6,a5b,  0)
+			-(  0	 0,    0|a6b, a6a|a5b )
+			-(  a6b, a6a|a5b, a5a|a4b, a4a|a3b ) */
+		MP_ADD_CARRY (r1b, a3b, r1b, 0,     carry);
+		MP_ADD_CARRY (r2a, a4a, r2a, carry, carry);
+		MP_ADD_CARRY (r2b, a4b, r2b, carry, carry);
+		MP_ADD_CARRY (r3a, a5a, r3a, carry, carry);
+		r3b = carry;
+		MP_ADD_CARRY (r1b, a5b, r1b, 0,     carry);
+		MP_ADD_CARRY (r2a, a6a, r2a, carry, carry);
+		MP_ADD_CARRY (r2b, a6b, r2b, carry, carry);
+		MP_ADD_CARRY (r3a,   0, r3a, carry, carry);
+		r3b += carry;
+		MP_SUB_BORROW(r0a, a3b, r0a, 0,     carry);
+		MP_SUB_BORROW(r0b, a4a, r0b, carry, carry);
+		MP_SUB_BORROW(r1a, a4b, r1a, carry, carry);
+		MP_SUB_BORROW(r1b, a5a, r1b, carry, carry);
+		MP_SUB_BORROW(r2a, a5b, r2a, carry, carry);
+		MP_SUB_BORROW(r2b, a6a, r2b, carry, carry);
+		MP_SUB_BORROW(r3a, a6b, r3a, carry, carry);
+		r3b -= carry;
+		MP_SUB_BORROW(r0a, a5b, r0a, 0,     carry);
+		MP_SUB_BORROW(r0b, a6a, r0b, carry, carry);
+		MP_SUB_BORROW(r1a, a6b, r1a, carry, carry);
+		if (carry) {
+			MP_SUB_BORROW(r1b, 0, r1b, carry, carry);
+			MP_SUB_BORROW(r2a, 0, r2a, carry, carry);
+			MP_SUB_BORROW(r2b, 0, r2b, carry, carry);
+			MP_SUB_BORROW(r3a, 0, r3a, carry, carry);
+			r3b -= carry;
+		}
+
+		while (r3b > 0) {
+			int tmp;
+			MP_ADD_CARRY(r1b, r3b, r1b, 0,     carry);
+			if (carry) {
+				MP_ADD_CARRY(r2a,  0, r2a, carry, carry);
+				MP_ADD_CARRY(r2b,  0, r2b, carry, carry);
+				MP_ADD_CARRY(r3a,  0, r3a, carry, carry);
+			}
+			tmp = carry;
+			MP_SUB_BORROW(r0a, r3b, r0a, 0,     carry);
+			if (carry) {
+				MP_SUB_BORROW(r0b, 0, r0b, carry, carry);
+				MP_SUB_BORROW(r1a, 0, r1a, carry, carry);
+				MP_SUB_BORROW(r1b, 0, r1b, carry, carry);
+				MP_SUB_BORROW(r2a, 0, r2a, carry, carry);
+				MP_SUB_BORROW(r2b, 0, r2b, carry, carry);
+				MP_SUB_BORROW(r3a, 0, r3a, carry, carry);
+				tmp -= carry;
+			}
+			r3b = tmp;
+		}
+
+		while (r3b < 0) {
+			mp_digit maxInt = MP_DIGIT_MAX;
+                	MP_ADD_CARRY (r0a, 1, r0a, 0,     carry);
+                	MP_ADD_CARRY (r0b, 0, r0b, carry, carry);
+                	MP_ADD_CARRY (r1a, 0, r1a, carry, carry);
+                	MP_ADD_CARRY (r1b, maxInt, r1b, carry, carry);
+                	MP_ADD_CARRY (r2a, maxInt, r2a, carry, carry);
+                	MP_ADD_CARRY (r2b, maxInt, r2b, carry, carry);
+                	MP_ADD_CARRY (r3a, maxInt, r3a, carry, carry);
+			r3b += carry;
+		}
+		/* check for final reduction */
+		/* now the only way we are over is if the top 4 words are all ones */
+		if ((r3a == MP_DIGIT_MAX) && (r2b == MP_DIGIT_MAX)
+			&& (r2a == MP_DIGIT_MAX) && (r1b == MP_DIGIT_MAX) &&
+			 ((r1a != 0) || (r0b != 0) || (r0a != 0)) ) {
+			/* one last subraction */
+			MP_SUB_BORROW(r0a, 1, r0a, 0,     carry);
+			MP_SUB_BORROW(r0b, 0, r0b, carry, carry);
+			MP_SUB_BORROW(r1a, 0, r1a, carry, carry);
+			r1b = r2a = r2b = r3a = 0;
+		}
+
+
+		if (a != r) {
+			MP_CHECKOK(s_mp_pad(r, 7));
+		}
+		/* set the lower words of r */
+		MP_SIGN(r) = MP_ZPOS;
+		MP_USED(r) = 7;
+		MP_DIGIT(r, 6) = r3a;
+		MP_DIGIT(r, 5) = r2b;
+		MP_DIGIT(r, 4) = r2a;
+		MP_DIGIT(r, 3) = r1b;
+		MP_DIGIT(r, 2) = r1a;
+		MP_DIGIT(r, 1) = r0b;
+		MP_DIGIT(r, 0) = r0a;
+#else
+		/* copy out upper words of a */
+		switch (a_used) {
+		case 7:
+			a6 = MP_DIGIT(a, 6);
+			a6b = a6 >> 32;
+			a6a_a5b = a6 << 32;
+		case 6:
+			a5 = MP_DIGIT(a, 5);
+			a5b = a5 >> 32;
+			a6a_a5b |= a5b;
+			a5b = a5b << 32;
+			a5a_a4b = a5 << 32;
+			a5a = a5 & 0xffffffff;
+		case 5:
+			a4 = MP_DIGIT(a, 4);
+			a5a_a4b |= a4 >> 32;
+			a4a_a3b = a4 << 32;
+		case 4:
+			a3b = MP_DIGIT(a, 3) >> 32;
+			a4a_a3b |= a3b;
+			a3b = a3b << 32;
+		}
+
+		r3 = MP_DIGIT(a, 3) & 0xffffffff;
+		r2 = MP_DIGIT(a, 2);
+		r1 = MP_DIGIT(a, 1);
+		r0 = MP_DIGIT(a, 0);
+
+		/* implement r = (a3a,a2,a1,a0)
+			+(a5a, a4,a3b,  0)
+			+(  0, a6,a5b,  0)
+			-(  0	 0,    0|a6b, a6a|a5b )
+			-(  a6b, a6a|a5b, a5a|a4b, a4a|a3b ) */
+		MP_ADD_CARRY (r1, a3b, r1, 0,     carry);
+		MP_ADD_CARRY (r2, a4 , r2, carry, carry);
+		MP_ADD_CARRY (r3, a5a, r3, carry, carry);
+		MP_ADD_CARRY (r1, a5b, r1, 0,     carry);
+		MP_ADD_CARRY (r2, a6 , r2, carry, carry);
+		MP_ADD_CARRY (r3,   0, r3, carry, carry);
+
+		MP_SUB_BORROW(r0, a4a_a3b, r0, 0,     carry);
+		MP_SUB_BORROW(r1, a5a_a4b, r1, carry, carry);
+		MP_SUB_BORROW(r2, a6a_a5b, r2, carry, carry);
+		MP_SUB_BORROW(r3, a6b    , r3, carry, carry);
+		MP_SUB_BORROW(r0, a6a_a5b, r0, 0,     carry);
+		MP_SUB_BORROW(r1, a6b    , r1, carry, carry);
+		if (carry) {
+			MP_SUB_BORROW(r2, 0, r2, carry, carry);
+			MP_SUB_BORROW(r3, 0, r3, carry, carry);
+		}
+
+
+		/* if the value is negative, r3 has a 2's complement 
+		 * high value */
+		r3b = (int)(r3 >>32);
+		while (r3b > 0) {
+			r3 &= 0xffffffff;
+			MP_ADD_CARRY(r1,((mp_digit)r3b) << 32, r1, 0, carry);
+			if (carry) {
+				MP_ADD_CARRY(r2,  0, r2, carry, carry);
+				MP_ADD_CARRY(r3,  0, r3, carry, carry);
+			}
+			MP_SUB_BORROW(r0, r3b, r0, 0, carry);
+			if (carry) {
+				MP_SUB_BORROW(r1, 0, r1, carry, carry);
+				MP_SUB_BORROW(r2, 0, r2, carry, carry);
+				MP_SUB_BORROW(r3, 0, r3, carry, carry);
+			}
+			r3b = (int)(r3 >>32);
+		}
+
+		while (r3b < 0) {
+                	MP_ADD_CARRY (r0, 1, r0, 0,     carry);
+                	MP_ADD_CARRY (r1, MP_DIGIT_MAX <<32, r1, carry, carry);
+                	MP_ADD_CARRY (r2, MP_DIGIT_MAX, r2, carry, carry);
+                	MP_ADD_CARRY (r3, MP_DIGIT_MAX >> 32, r3, carry, carry);
+			r3b = (int)(r3 >>32);
+		}
+		/* check for final reduction */
+		/* now the only way we are over is if the top 4 words are all ones */
+		if ((r3 == (MP_DIGIT_MAX >> 32)) && (r2 == MP_DIGIT_MAX)
+			&& ((r1 & MP_DIGIT_MAX << 32)== MP_DIGIT_MAX << 32) &&
+			 ((r1 != MP_DIGIT_MAX << 32 ) || (r0 != 0)) ) {
+			/* one last subraction */
+			MP_SUB_BORROW(r0, 1, r0, 0,     carry);
+			MP_SUB_BORROW(r1, 0, r1, carry, carry);
+			r2 = r3 = 0;
+		}
+
+
+		if (a != r) {
+			MP_CHECKOK(s_mp_pad(r, 4));
+		}
+		/* set the lower words of r */
+		MP_SIGN(r) = MP_ZPOS;
+		MP_USED(r) = 4;
+		MP_DIGIT(r, 3) = r3;
+		MP_DIGIT(r, 2) = r2;
+		MP_DIGIT(r, 1) = r1;
+		MP_DIGIT(r, 0) = r0;
+#endif
+	}
+
+  CLEANUP:
+	return res;
+}
+
+/* Compute the square of polynomial a, reduce modulo p224. Store the
+ * result in r.  r could be a.  Uses optimized modular reduction for p224. 
+ */
+mp_err
+ec_GFp_nistp224_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+
+	MP_CHECKOK(mp_sqr(a, r));
+	MP_CHECKOK(ec_GFp_nistp224_mod(r, r, meth));
+  CLEANUP:
+	return res;
+}
+
+/* Compute the product of two polynomials a and b, reduce modulo p224.
+ * Store the result in r.  r could be a or b; a could be b.  Uses
+ * optimized modular reduction for p224. */
+mp_err
+ec_GFp_nistp224_mul(const mp_int *a, const mp_int *b, mp_int *r,
+					const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+
+	MP_CHECKOK(mp_mul(a, b, r));
+	MP_CHECKOK(ec_GFp_nistp224_mod(r, r, meth));
+  CLEANUP:
+	return res;
+}
+
+/* Divides two field elements. If a is NULL, then returns the inverse of
+ * b. */
+mp_err
+ec_GFp_nistp224_div(const mp_int *a, const mp_int *b, mp_int *r,
+		   const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	mp_int t;
+
+	/* If a is NULL, then return the inverse of b, otherwise return a/b. */
+	if (a == NULL) {
+		return  mp_invmod(b, &meth->irr, r);
+	} else {
+		/* MPI doesn't support divmod, so we implement it using invmod and 
+		 * mulmod. */
+		MP_CHECKOK(mp_init(&t));
+		MP_CHECKOK(mp_invmod(b, &meth->irr, &t));
+		MP_CHECKOK(mp_mul(a, &t, r));
+		MP_CHECKOK(ec_GFp_nistp224_mod(r, r, meth));
+	  CLEANUP:
+		mp_clear(&t);
+		return res;
+	}
+}
+
+/* Wire in fast field arithmetic and precomputation of base point for
+ * named curves. */
+mp_err
+ec_group_set_gfp224(ECGroup *group, ECCurveName name)
+{
+	if (name == ECCurve_NIST_P224) {
+		group->meth->field_mod = &ec_GFp_nistp224_mod;
+		group->meth->field_mul = &ec_GFp_nistp224_mul;
+		group->meth->field_sqr = &ec_GFp_nistp224_sqr;
+		group->meth->field_div = &ec_GFp_nistp224_div;
+	}
+	return MP_OKAY;
+}
diff --git a/security/nss/lib/freebl/ecl/ecp_256.c b/security/nss/lib/freebl/ecl/ecp_256.c
new file mode 100644
index 000000000..15d29ab6e
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ecp_256.c
@@ -0,0 +1,429 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library for prime field curves.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Douglas Stebila <douglas@stebila.ca>
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "ecp.h"
+#include "mpi.h"
+#include "mplogic.h"
+#include "mpi-priv.h"
+#include <stdlib.h>
+
+/* Fast modular reduction for p256 = 2^256 - 2^224 + 2^192+ 2^96 - 1.  a can be r. 
+ * Uses algorithm 2.29 from Hankerson, Menezes, Vanstone. Guide to 
+ * Elliptic Curve Cryptography. */
+mp_err
+ec_GFp_nistp256_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	mp_size a_used = MP_USED(a);
+	int a_bits = mpl_significant_bits(a);
+	mp_digit carry;
+
+#ifdef ECL_THIRTY_TWO_BIT
+	mp_digit a8=0, a9=0, a10=0, a11=0, a12=0, a13=0, a14=0, a15=0;
+	mp_digit r0, r1, r2, r3, r4, r5, r6, r7;
+	int r8; /* must be a signed value ! */
+#else
+	mp_digit a4=0, a5=0, a6=0, a7=0;
+	mp_digit a4h, a4l, a5h, a5l, a6h, a6l, a7h, a7l;
+	mp_digit r0, r1, r2, r3;
+	int r4; /* must be a signed value ! */
+#endif
+	/* for polynomials larger than twice the field size 
+	 * use regular reduction */
+	if (a_bits < 256) {
+		if (a == r) return MP_OKAY;
+		return mp_copy(a,r);
+	}
+	if (a_bits > 512)  {
+		MP_CHECKOK(mp_mod(a, &meth->irr, r));
+	} else {
+
+#ifdef ECL_THIRTY_TWO_BIT
+		switch (a_used) {
+		case 16:
+			a15 = MP_DIGIT(a,15);
+		case 15:
+			a14 = MP_DIGIT(a,14);
+		case 14:
+			a13 = MP_DIGIT(a,13);
+		case 13:
+			a12 = MP_DIGIT(a,12);
+		case 12:
+			a11 = MP_DIGIT(a,11);
+		case 11:
+			a10 = MP_DIGIT(a,10);
+		case 10:
+			a9 = MP_DIGIT(a,9);
+		case 9:
+			a8 = MP_DIGIT(a,8);
+		}
+
+		r0 = MP_DIGIT(a,0);
+		r1 = MP_DIGIT(a,1);
+		r2 = MP_DIGIT(a,2);
+		r3 = MP_DIGIT(a,3);
+		r4 = MP_DIGIT(a,4);
+		r5 = MP_DIGIT(a,5);
+		r6 = MP_DIGIT(a,6);
+		r7 = MP_DIGIT(a,7);
+
+		/* sum 1 */
+		MP_ADD_CARRY(r3, a11, r3, 0,     carry);
+		MP_ADD_CARRY(r4, a12, r4, carry, carry);
+		MP_ADD_CARRY(r5, a13, r5, carry, carry);
+		MP_ADD_CARRY(r6, a14, r6, carry, carry);
+		MP_ADD_CARRY(r7, a15, r7, carry, carry);
+		r8 = carry;
+		MP_ADD_CARRY(r3, a11, r3, 0,     carry);
+		MP_ADD_CARRY(r4, a12, r4, carry, carry);
+		MP_ADD_CARRY(r5, a13, r5, carry, carry);
+		MP_ADD_CARRY(r6, a14, r6, carry, carry);
+		MP_ADD_CARRY(r7, a15, r7, carry, carry);
+		r8 += carry;
+		/* sum 2 */
+		MP_ADD_CARRY(r3, a12, r3, 0,     carry);
+		MP_ADD_CARRY(r4, a13, r4, carry, carry);
+		MP_ADD_CARRY(r5, a14, r5, carry, carry);
+		MP_ADD_CARRY(r6, a15, r6, carry, carry);
+		MP_ADD_CARRY(r7,   0, r7, carry, carry);
+		r8 += carry;
+		/* combine last bottom of sum 3 with second sum 2 */
+		MP_ADD_CARRY(r0, a8,  r0, 0,     carry);
+		MP_ADD_CARRY(r1, a9,  r1, carry, carry);
+		MP_ADD_CARRY(r2, a10, r2, carry, carry);
+		MP_ADD_CARRY(r3, a12, r3, carry, carry);
+		MP_ADD_CARRY(r4, a13, r4, carry, carry);
+		MP_ADD_CARRY(r5, a14, r5, carry, carry);
+		MP_ADD_CARRY(r6, a15, r6, carry, carry);
+		MP_ADD_CARRY(r7, a15, r7, carry, carry); /* from sum 3 */
+		r8 += carry;
+		/* sum 3 (rest of it)*/
+		MP_ADD_CARRY(r6, a14, r6, 0,     carry);
+		MP_ADD_CARRY(r7,   0, r7, carry, carry);
+		r8 += carry;
+		/* sum 4 (rest of it)*/
+		MP_ADD_CARRY(r0, a9,  r0, 0,     carry);
+		MP_ADD_CARRY(r1, a10, r1, carry, carry);
+		MP_ADD_CARRY(r2, a11, r2, carry, carry);
+		MP_ADD_CARRY(r3, a13, r3, carry, carry);
+		MP_ADD_CARRY(r4, a14, r4, carry, carry);
+		MP_ADD_CARRY(r5, a15, r5, carry, carry);
+		MP_ADD_CARRY(r6, a13, r6, carry, carry);
+		MP_ADD_CARRY(r7, a8,  r7, carry, carry);
+		r8 += carry;
+		/* diff 5 */
+		MP_SUB_BORROW(r0, a11, r0, 0,     carry);
+		MP_SUB_BORROW(r1, a12, r1, carry, carry);
+		MP_SUB_BORROW(r2, a13, r2, carry, carry);
+		MP_SUB_BORROW(r3,   0, r3, carry, carry);
+		MP_SUB_BORROW(r4,   0, r4, carry, carry);
+		MP_SUB_BORROW(r5,   0, r5, carry, carry);
+		MP_SUB_BORROW(r6, a8,  r6, carry, carry);
+		MP_SUB_BORROW(r7, a10, r7, carry, carry);
+		r8 -= carry;
+		/* diff 6 */
+		MP_SUB_BORROW(r0, a12, r0, 0,     carry);
+		MP_SUB_BORROW(r1, a13, r1, carry, carry);
+		MP_SUB_BORROW(r2, a14, r2, carry, carry);
+		MP_SUB_BORROW(r3, a15, r3, carry, carry);
+		MP_SUB_BORROW(r4,   0, r4, carry, carry);
+		MP_SUB_BORROW(r5,   0, r5, carry, carry);
+		MP_SUB_BORROW(r6, a9,  r6, carry, carry);
+		MP_SUB_BORROW(r7, a11, r7, carry, carry);
+		r8 -= carry;
+		/* diff 7 */
+		MP_SUB_BORROW(r0, a13, r0, 0,     carry);
+		MP_SUB_BORROW(r1, a14, r1, carry, carry);
+		MP_SUB_BORROW(r2, a15, r2, carry, carry);
+		MP_SUB_BORROW(r3, a8,  r3, carry, carry);
+		MP_SUB_BORROW(r4, a9,  r4, carry, carry);
+		MP_SUB_BORROW(r5, a10, r5, carry, carry);
+		MP_SUB_BORROW(r6, 0,   r6, carry, carry);
+		MP_SUB_BORROW(r7, a12, r7, carry, carry);
+		r8 -= carry;
+		/* diff 8 */
+		MP_SUB_BORROW(r0, a14, r0, 0,     carry);
+		MP_SUB_BORROW(r1, a15, r1, carry, carry);
+		MP_SUB_BORROW(r2, 0,   r2, carry, carry);
+		MP_SUB_BORROW(r3, a9,  r3, carry, carry);
+		MP_SUB_BORROW(r4, a10, r4, carry, carry);
+		MP_SUB_BORROW(r5, a11, r5, carry, carry);
+		MP_SUB_BORROW(r6, 0,   r6, carry, carry);
+		MP_SUB_BORROW(r7, a13, r7, carry, carry);
+		r8 -= carry;
+
+		/* reduce the overflows */
+		while (r8 > 0) {
+			mp_digit r8_d = r8;
+			MP_ADD_CARRY(r0, r8_d,         r0, 0,     carry);
+			MP_ADD_CARRY(r1, 0,            r1, carry, carry);
+			MP_ADD_CARRY(r2, 0,            r2, carry, carry);
+			MP_ADD_CARRY(r3, -r8_d,        r3, carry, carry);
+			MP_ADD_CARRY(r4, MP_DIGIT_MAX, r4, carry, carry);
+			MP_ADD_CARRY(r5, MP_DIGIT_MAX, r5, carry, carry);
+			MP_ADD_CARRY(r6, -(r8_d+1),    r6, carry, carry);
+			MP_ADD_CARRY(r7, (r8_d-1),     r7, carry, carry);
+			r8 = carry;
+		}
+
+		/* reduce the underflows */
+		while (r8 < 0) {
+			mp_digit r8_d = -r8;
+			MP_SUB_BORROW(r0, r8_d,         r0, 0,     carry);
+			MP_SUB_BORROW(r1, 0,            r1, carry, carry);
+			MP_SUB_BORROW(r2, 0,            r2, carry, carry);
+			MP_SUB_BORROW(r3, -r8_d,        r3, carry, carry);
+			MP_SUB_BORROW(r4, MP_DIGIT_MAX, r4, carry, carry);
+			MP_SUB_BORROW(r5, MP_DIGIT_MAX, r5, carry, carry);
+			MP_SUB_BORROW(r6, -(r8_d+1),    r6, carry, carry);
+			MP_SUB_BORROW(r7, (r8_d-1),     r7, carry, carry);
+			r8 = -carry;
+		}
+		if (a != r) {
+			MP_CHECKOK(s_mp_pad(r,8));
+		}
+		MP_SIGN(r) = MP_ZPOS;
+		MP_USED(r) = 8;
+
+		MP_DIGIT(r,7) = r7;
+		MP_DIGIT(r,6) = r6;
+		MP_DIGIT(r,5) = r5;
+		MP_DIGIT(r,4) = r4;
+		MP_DIGIT(r,3) = r3;
+		MP_DIGIT(r,2) = r2;
+		MP_DIGIT(r,1) = r1;
+		MP_DIGIT(r,0) = r0;
+
+		/* final reduction if necessary */
+		if ((r7 == MP_DIGIT_MAX) &&
+			((r6 > 1) || ((r6 == 1) &&
+			(r5 || r4 || r3 || 
+				((r2 == MP_DIGIT_MAX) && (r1 == MP_DIGIT_MAX)
+				  && (r0 == MP_DIGIT_MAX)))))) {
+			MP_CHECKOK(mp_sub(r, &meth->irr, r));
+		}
+#ifdef notdef
+			
+
+		/* smooth the negatives */
+		while (MP_SIGN(r) != MP_ZPOS) {
+			MP_CHECKOK(mp_add(r, &meth->irr, r));
+		}
+		while (MP_USED(r) > 8) {
+			MP_CHECKOK(mp_sub(r, &meth->irr, r));
+		}
+
+		/* final reduction if necessary */
+		if (MP_DIGIT(r,7) >= MP_DIGIT(&meth->irr,7)) {
+		    if (mp_cmp(r,&meth->irr) != MP_LT) {
+			MP_CHECKOK(mp_sub(r, &meth->irr, r));
+		    }
+		}
+#endif
+		s_mp_clamp(r);
+#else
+		switch (a_used) {
+		case 8:
+			a7 = MP_DIGIT(a,7);
+		case 7:
+			a6 = MP_DIGIT(a,6);
+		case 6:
+			a5 = MP_DIGIT(a,5);
+		case 5:
+			a4 = MP_DIGIT(a,4);
+		}
+		a7l = a7 << 32;
+		a7h = a7 >> 32;
+		a6l = a6 << 32;
+		a6h = a6 >> 32;
+		a5l = a5 << 32;
+		a5h = a5 >> 32;
+		a4l = a4 << 32;
+		a4h = a4 >> 32;
+		r3 = MP_DIGIT(a,3);
+		r2 = MP_DIGIT(a,2);
+		r1 = MP_DIGIT(a,1);
+		r0 = MP_DIGIT(a,0);
+
+		/* sum 1 */
+		MP_ADD_CARRY(r1, a5h << 32, r1, 0,     carry);
+		MP_ADD_CARRY(r2, a6,        r2, carry, carry);
+		MP_ADD_CARRY(r3, a7,        r3, carry, carry);
+		r4 = carry;
+		MP_ADD_CARRY(r1, a5h << 32, r1, 0,     carry);
+		MP_ADD_CARRY(r2, a6,        r2, carry, carry);
+		MP_ADD_CARRY(r3, a7,        r3, carry, carry);
+		r4 += carry;
+		/* sum 2 */
+		MP_ADD_CARRY(r1, a6l,       r1, 0,     carry);
+		MP_ADD_CARRY(r2, a6h | a7l, r2, carry, carry);
+		MP_ADD_CARRY(r3, a7h,       r3, carry, carry);
+		r4 += carry;
+		MP_ADD_CARRY(r1, a6l,       r1, 0,     carry);
+		MP_ADD_CARRY(r2, a6h | a7l, r2, carry, carry);
+		MP_ADD_CARRY(r3, a7h,       r3, carry, carry);
+		r4 += carry;
+
+		/* sum 3 */
+		MP_ADD_CARRY(r0, a4,        r0, 0,     carry);
+		MP_ADD_CARRY(r1, a5l >> 32, r1, carry, carry);
+		MP_ADD_CARRY(r2, 0,         r2, carry, carry);
+		MP_ADD_CARRY(r3, a7,        r3, carry, carry);
+		r4 += carry;
+		/* sum 4 */
+		MP_ADD_CARRY(r0, a4h | a5l,     r0, 0,     carry);
+		MP_ADD_CARRY(r1, a5h|(a6h<<32), r1, carry, carry);
+		MP_ADD_CARRY(r2, a7,            r2, carry, carry);
+		MP_ADD_CARRY(r3, a6h | a4l,     r3, carry, carry);
+		r4 += carry;
+		/* diff 5 */
+		MP_SUB_BORROW(r0, a5h | a6l,    r0, 0,     carry);
+		MP_SUB_BORROW(r1, a6h,          r1, carry, carry);
+		MP_SUB_BORROW(r2, 0,            r2, carry, carry);
+		MP_SUB_BORROW(r3, (a4l>>32)|a5l,r3, carry, carry);
+		r4 -= carry;
+		/* diff 6 */
+		MP_SUB_BORROW(r0, a6,  		r0, 0,     carry);
+		MP_SUB_BORROW(r1, a7,           r1, carry, carry);
+		MP_SUB_BORROW(r2, 0,            r2, carry, carry);
+		MP_SUB_BORROW(r3, a4h|(a5h<<32),r3, carry, carry);
+		r4 -= carry;
+		/* diff 7 */
+		MP_SUB_BORROW(r0, a6h|a7l,	r0, 0,     carry);
+		MP_SUB_BORROW(r1, a7h|a4l,      r1, carry, carry);
+		MP_SUB_BORROW(r2, a4h|a5l,      r2, carry, carry);
+		MP_SUB_BORROW(r3, a6l,          r3, carry, carry);
+		r4 -= carry;
+		/* diff 8 */
+		MP_SUB_BORROW(r0, a7,	        r0, 0,     carry);
+		MP_SUB_BORROW(r1, a4h<<32,      r1, carry, carry);
+		MP_SUB_BORROW(r2, a5,           r2, carry, carry);
+		MP_SUB_BORROW(r3, a6h<<32,      r3, carry, carry);
+		r4 -= carry;
+
+		/* reduce the overflows */
+		while (r4 > 0) {
+			mp_digit r4_long = r4;
+			mp_digit r4l = (r4_long << 32);
+			MP_ADD_CARRY(r0, r4_long,      r0, 0,     carry);
+			MP_ADD_CARRY(r1, -r4l,         r1, carry, carry);
+			MP_ADD_CARRY(r2, MP_DIGIT_MAX, r2, carry, carry);
+			MP_ADD_CARRY(r3, r4l-r4_long-1,r3, carry, carry);
+			r4 = carry;
+		}
+
+		/* reduce the underflows */
+		while (r4 < 0) {
+			mp_digit r4_long = -r4;
+			mp_digit r4l = (r4_long << 32);
+			MP_SUB_BORROW(r0, r4_long,      r0, 0,     carry);
+			MP_SUB_BORROW(r1, -r4l,         r1, carry, carry);
+			MP_SUB_BORROW(r2, MP_DIGIT_MAX, r2, carry, carry);
+			MP_SUB_BORROW(r3, r4l-r4_long-1,r3, carry, carry);
+			r4 = -carry;
+		}
+
+		if (a != r) {
+			MP_CHECKOK(s_mp_pad(r,4));
+		}
+		MP_SIGN(r) = MP_ZPOS;
+		MP_USED(r) = 4;
+
+		MP_DIGIT(r,3) = r3;
+		MP_DIGIT(r,2) = r2;
+		MP_DIGIT(r,1) = r1;
+		MP_DIGIT(r,0) = r0;
+
+		/* final reduction if necessary */
+		if ((r3 > 0xFFFFFFFF00000001ULL) ||
+			((r3 == 0xFFFFFFFF00000001ULL) && 
+			(r2 || (r1 >> 32)|| 
+			       (r1 == 0xFFFFFFFFULL && r0 == MP_DIGIT_MAX)))) {
+			/* very rare, just use mp_sub */
+			MP_CHECKOK(mp_sub(r, &meth->irr, r));
+		}
+			
+		s_mp_clamp(r);
+#endif
+	}
+
+  CLEANUP:
+	return res;
+}
+
+/* Compute the square of polynomial a, reduce modulo p256. Store the
+ * result in r.  r could be a.  Uses optimized modular reduction for p256. 
+ */
+mp_err
+ec_GFp_nistp256_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+
+	MP_CHECKOK(mp_sqr(a, r));
+	MP_CHECKOK(ec_GFp_nistp256_mod(r, r, meth));
+  CLEANUP:
+	return res;
+}
+
+/* Compute the product of two polynomials a and b, reduce modulo p256.
+ * Store the result in r.  r could be a or b; a could be b.  Uses
+ * optimized modular reduction for p256. */
+mp_err
+ec_GFp_nistp256_mul(const mp_int *a, const mp_int *b, mp_int *r,
+					const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+
+	MP_CHECKOK(mp_mul(a, b, r));
+	MP_CHECKOK(ec_GFp_nistp256_mod(r, r, meth));
+  CLEANUP:
+	return res;
+}
+
+/* Wire in fast field arithmetic and precomputation of base point for
+ * named curves. */
+mp_err
+ec_group_set_gfp256(ECGroup *group, ECCurveName name)
+{
+	if (name == ECCurve_NIST_P256) {
+		group->meth->field_mod = &ec_GFp_nistp256_mod;
+		group->meth->field_mul = &ec_GFp_nistp256_mul;
+		group->meth->field_sqr = &ec_GFp_nistp256_sqr;
+	}
+	return MP_OKAY;
+}
diff --git a/security/nss/lib/freebl/ecl/ecp_384.c b/security/nss/lib/freebl/ecl/ecp_384.c
new file mode 100644
index 000000000..4ad4137d2
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ecp_384.c
@@ -0,0 +1,293 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library for prime field curves.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Douglas Stebila <douglas@stebila.ca>
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "ecp.h"
+#include "mpi.h"
+#include "mplogic.h"
+#include "mpi-priv.h"
+#include <stdlib.h>
+
+/* Fast modular reduction for p384 = 2^384 - 2^128 - 2^96 + 2^32 - 1.  a can be r. 
+ * Uses algorithm 2.30 from Hankerson, Menezes, Vanstone. Guide to 
+ * Elliptic Curve Cryptography. */
+mp_err
+ec_GFp_nistp384_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	int a_bits = mpl_significant_bits(a);
+	int i;
+
+	/* m1, m2 are statically-allocated mp_int of exactly the size we need */
+	mp_int m[10];
+
+#ifdef ECL_THIRTY_TWO_BIT
+	mp_digit s[10][12];
+	for (i = 0; i < 10; i++) {
+		MP_SIGN(&m[i]) = MP_ZPOS;
+		MP_ALLOC(&m[i]) = 12;
+		MP_USED(&m[i]) = 12;
+		MP_DIGITS(&m[i]) = s[i];
+	}
+#else
+	mp_digit s[10][6];
+	for (i = 0; i < 10; i++) {
+		MP_SIGN(&m[i]) = MP_ZPOS;
+		MP_ALLOC(&m[i]) = 6;
+		MP_USED(&m[i]) = 6;
+		MP_DIGITS(&m[i]) = s[i];
+	}
+#endif
+
+#ifdef ECL_THIRTY_TWO_BIT
+	/* for polynomials larger than twice the field size or polynomials 
+	 * not using all words, use regular reduction */
+	if ((a_bits > 768) || (a_bits <= 736)) {
+		MP_CHECKOK(mp_mod(a, &meth->irr, r));
+	} else {
+		for (i = 0; i < 12; i++) {
+			s[0][i] = MP_DIGIT(a, i);
+		}
+		s[1][0] = 0;
+		s[1][1] = 0;
+		s[1][2] = 0;
+		s[1][3] = 0;
+		s[1][4] = MP_DIGIT(a, 21);
+		s[1][5] = MP_DIGIT(a, 22);
+		s[1][6] = MP_DIGIT(a, 23);
+		s[1][7] = 0;
+		s[1][8] = 0;
+		s[1][9] = 0;
+		s[1][10] = 0;
+		s[1][11] = 0;
+		for (i = 0; i < 12; i++) {
+			s[2][i] = MP_DIGIT(a, i+12);
+		}
+		s[3][0] = MP_DIGIT(a, 21);
+		s[3][1] = MP_DIGIT(a, 22);
+		s[3][2] = MP_DIGIT(a, 23);
+		for (i = 3; i < 12; i++) {
+			s[3][i] = MP_DIGIT(a, i+9);
+		}
+		s[4][0] = 0;
+		s[4][1] = MP_DIGIT(a, 23);
+		s[4][2] = 0;
+		s[4][3] = MP_DIGIT(a, 20);
+		for (i = 4; i < 12; i++) {
+			s[4][i] = MP_DIGIT(a, i+8);
+		}
+		s[5][0] = 0;
+		s[5][1] = 0;
+		s[5][2] = 0;
+		s[5][3] = 0;
+		s[5][4] = MP_DIGIT(a, 20);
+		s[5][5] = MP_DIGIT(a, 21);
+		s[5][6] = MP_DIGIT(a, 22);
+		s[5][7] = MP_DIGIT(a, 23);
+		s[5][8] = 0;
+		s[5][9] = 0;
+		s[5][10] = 0;
+		s[5][11] = 0;
+		s[6][0] = MP_DIGIT(a, 20);
+		s[6][1] = 0;
+		s[6][2] = 0;
+		s[6][3] = MP_DIGIT(a, 21);
+		s[6][4] = MP_DIGIT(a, 22);
+		s[6][5] = MP_DIGIT(a, 23);
+		s[6][6] = 0;
+		s[6][7] = 0;
+		s[6][8] = 0;
+		s[6][9] = 0;
+		s[6][10] = 0;
+		s[6][11] = 0;
+		s[7][0] = MP_DIGIT(a, 23);
+		for (i = 1; i < 12; i++) {
+			s[7][i] = MP_DIGIT(a, i+11);
+		}
+		s[8][0] = 0;
+		s[8][1] = MP_DIGIT(a, 20);
+		s[8][2] = MP_DIGIT(a, 21);
+		s[8][3] = MP_DIGIT(a, 22);
+		s[8][4] = MP_DIGIT(a, 23);
+		s[8][5] = 0;
+		s[8][6] = 0;
+		s[8][7] = 0;
+		s[8][8] = 0;
+		s[8][9] = 0;
+		s[8][10] = 0;
+		s[8][11] = 0;
+		s[9][0] = 0;
+		s[9][1] = 0;
+		s[9][2] = 0;
+		s[9][3] = MP_DIGIT(a, 23);
+		s[9][4] = MP_DIGIT(a, 23);
+		s[9][5] = 0;
+		s[9][6] = 0;
+		s[9][7] = 0;
+		s[9][8] = 0;
+		s[9][9] = 0;
+		s[9][10] = 0;
+		s[9][11] = 0;
+
+		MP_CHECKOK(mp_add(&m[0], &m[1], r));
+		MP_CHECKOK(mp_add(r, &m[1], r));
+		MP_CHECKOK(mp_add(r, &m[2], r));
+		MP_CHECKOK(mp_add(r, &m[3], r));
+		MP_CHECKOK(mp_add(r, &m[4], r));
+		MP_CHECKOK(mp_add(r, &m[5], r));
+		MP_CHECKOK(mp_add(r, &m[6], r));
+		MP_CHECKOK(mp_sub(r, &m[7], r));
+		MP_CHECKOK(mp_sub(r, &m[8], r));
+		MP_CHECKOK(mp_submod(r, &m[9], &meth->irr, r));
+		s_mp_clamp(r);
+	}
+#else
+	/* for polynomials larger than twice the field size or polynomials 
+	 * not using all words, use regular reduction */
+	if ((a_bits > 768) || (a_bits <= 736)) {
+		MP_CHECKOK(mp_mod(a, &meth->irr, r));
+	} else {
+		for (i = 0; i < 6; i++) {
+			s[0][i] = MP_DIGIT(a, i);
+		}
+		s[1][0] = 0;
+		s[1][1] = 0;
+		s[1][2] = (MP_DIGIT(a, 10) >> 32) | (MP_DIGIT(a, 11) << 32);
+		s[1][3] = MP_DIGIT(a, 11) >> 32;
+		s[1][4] = 0;
+		s[1][5] = 0;
+		for (i = 0; i < 6; i++) {
+			s[2][i] = MP_DIGIT(a, i+6);
+		}
+		s[3][0] = (MP_DIGIT(a, 10) >> 32) | (MP_DIGIT(a, 11) << 32);
+		s[3][1] = (MP_DIGIT(a, 11) >> 32) | (MP_DIGIT(a, 6) << 32);
+		for (i = 2; i < 6; i++) {
+			s[3][i] = (MP_DIGIT(a, i+4) >> 32) | (MP_DIGIT(a, i+5) << 32);
+		}
+		s[4][0] = (MP_DIGIT(a, 11) >> 32) << 32;
+		s[4][1] = MP_DIGIT(a, 10) << 32;
+		for (i = 2; i < 6; i++) {
+			s[4][i] = MP_DIGIT(a, i+4);
+		}
+		s[5][0] = 0;
+		s[5][1] = 0;
+		s[5][2] = MP_DIGIT(a, 10);
+		s[5][3] = MP_DIGIT(a, 11);
+		s[5][4] = 0;
+		s[5][5] = 0;
+		s[6][0] = (MP_DIGIT(a, 10) << 32) >> 32;
+		s[6][1] = (MP_DIGIT(a, 10) >> 32) << 32;
+		s[6][2] = MP_DIGIT(a, 11);
+		s[6][3] = 0;
+		s[6][4] = 0;
+		s[6][5] = 0;
+		s[7][0] = (MP_DIGIT(a, 11) >> 32) | (MP_DIGIT(a, 6) << 32);
+		for (i = 1; i < 6; i++) {
+			s[7][i] = (MP_DIGIT(a, i+5) >> 32) | (MP_DIGIT(a, i+6) << 32);
+		}
+		s[8][0] = MP_DIGIT(a, 10) << 32;
+		s[8][1] = (MP_DIGIT(a, 10) >> 32) | (MP_DIGIT(a, 11) << 32);
+		s[8][2] = MP_DIGIT(a, 11) >> 32;
+		s[8][3] = 0;
+		s[8][4] = 0;
+		s[8][5] = 0;
+		s[9][0] = 0;
+		s[9][1] = (MP_DIGIT(a, 11) >> 32) << 32;
+		s[9][2] = MP_DIGIT(a, 11) >> 32;
+		s[9][3] = 0;
+		s[9][4] = 0;
+		s[9][5] = 0;
+
+		MP_CHECKOK(mp_add(&m[0], &m[1], r));
+		MP_CHECKOK(mp_add(r, &m[1], r));
+		MP_CHECKOK(mp_add(r, &m[2], r));
+		MP_CHECKOK(mp_add(r, &m[3], r));
+		MP_CHECKOK(mp_add(r, &m[4], r));
+		MP_CHECKOK(mp_add(r, &m[5], r));
+		MP_CHECKOK(mp_add(r, &m[6], r));
+		MP_CHECKOK(mp_sub(r, &m[7], r));
+		MP_CHECKOK(mp_sub(r, &m[8], r));
+		MP_CHECKOK(mp_submod(r, &m[9], &meth->irr, r));
+		s_mp_clamp(r);
+	}
+#endif
+
+  CLEANUP:
+	return res;
+}
+
+/* Compute the square of polynomial a, reduce modulo p384. Store the
+ * result in r.  r could be a.  Uses optimized modular reduction for p384. 
+ */
+mp_err
+ec_GFp_nistp384_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+
+	MP_CHECKOK(mp_sqr(a, r));
+	MP_CHECKOK(ec_GFp_nistp384_mod(r, r, meth));
+  CLEANUP:
+	return res;
+}
+
+/* Compute the product of two polynomials a and b, reduce modulo p384.
+ * Store the result in r.  r could be a or b; a could be b.  Uses
+ * optimized modular reduction for p384. */
+mp_err
+ec_GFp_nistp384_mul(const mp_int *a, const mp_int *b, mp_int *r,
+					const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+
+	MP_CHECKOK(mp_mul(a, b, r));
+	MP_CHECKOK(ec_GFp_nistp384_mod(r, r, meth));
+  CLEANUP:
+	return res;
+}
+
+/* Wire in fast field arithmetic and precomputation of base point for
+ * named curves. */
+mp_err
+ec_group_set_gfp384(ECGroup *group, ECCurveName name)
+{
+	if (name == ECCurve_NIST_P384) {
+		group->meth->field_mod = &ec_GFp_nistp384_mod;
+		group->meth->field_mul = &ec_GFp_nistp384_mul;
+		group->meth->field_sqr = &ec_GFp_nistp384_sqr;
+	}
+	return MP_OKAY;
+}
diff --git a/security/nss/lib/freebl/ecl/ecp_521.c b/security/nss/lib/freebl/ecl/ecp_521.c
new file mode 100644
index 000000000..685d19b9f
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ecp_521.c
@@ -0,0 +1,170 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library for prime field curves.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Douglas Stebila <douglas@stebila.ca>
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "ecp.h"
+#include "mpi.h"
+#include "mplogic.h"
+#include "mpi-priv.h"
+#include <stdlib.h>
+
+#define ECP521_DIGITS ECL_CURVE_DIGITS(521)
+
+/* Fast modular reduction for p521 = 2^521 - 1.  a can be r. Uses
+ * algorithm 2.31 from Hankerson, Menezes, Vanstone. Guide to 
+ * Elliptic Curve Cryptography. */
+mp_err
+ec_GFp_nistp521_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	int a_bits = mpl_significant_bits(a);
+	int i;
+
+	/* m1, m2 are statically-allocated mp_int of exactly the size we need */
+	mp_int m1;
+
+	mp_digit s1[ECP521_DIGITS] = { 0 };
+
+	MP_SIGN(&m1) = MP_ZPOS;
+	MP_ALLOC(&m1) = ECP521_DIGITS;
+	MP_USED(&m1) = ECP521_DIGITS;
+	MP_DIGITS(&m1) = s1;
+
+	if (a_bits < 521) {
+		if (a==r) return MP_OKAY;
+		return mp_copy(a, r);
+	}
+	/* for polynomials larger than twice the field size or polynomials 
+	 * not using all words, use regular reduction */
+	if (a_bits > (521*2)) {
+		MP_CHECKOK(mp_mod(a, &meth->irr, r));
+	} else {
+#define FIRST_DIGIT (ECP521_DIGITS-1)
+		for (i = FIRST_DIGIT; i < MP_USED(a)-1; i++) {
+			s1[i-FIRST_DIGIT] = (MP_DIGIT(a, i) >> 9) 
+				| (MP_DIGIT(a, 1+i) << (MP_DIGIT_BIT-9));
+		}
+		s1[i-FIRST_DIGIT] = MP_DIGIT(a, i) >> 9;
+
+		if ( a != r ) {
+			MP_CHECKOK(s_mp_pad(r,ECP521_DIGITS));
+			for (i = 0; i < ECP521_DIGITS; i++) {
+				MP_DIGIT(r,i) = MP_DIGIT(a, i);
+			}
+		}
+		MP_USED(r) = ECP521_DIGITS;
+		MP_DIGIT(r,FIRST_DIGIT) &=  0x1FF;
+
+		MP_CHECKOK(s_mp_add(r, &m1));
+		if (MP_DIGIT(r, FIRST_DIGIT) & 0x200) {
+			MP_CHECKOK(s_mp_add_d(r,1));
+			MP_DIGIT(r,FIRST_DIGIT) &=  0x1FF;
+		}
+		s_mp_clamp(r);
+	}
+
+  CLEANUP:
+	return res;
+}
+
+/* Compute the square of polynomial a, reduce modulo p521. Store the
+ * result in r.  r could be a.  Uses optimized modular reduction for p521. 
+ */
+mp_err
+ec_GFp_nistp521_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+
+	MP_CHECKOK(mp_sqr(a, r));
+	MP_CHECKOK(ec_GFp_nistp521_mod(r, r, meth));
+  CLEANUP:
+	return res;
+}
+
+/* Compute the product of two polynomials a and b, reduce modulo p521.
+ * Store the result in r.  r could be a or b; a could be b.  Uses
+ * optimized modular reduction for p521. */
+mp_err
+ec_GFp_nistp521_mul(const mp_int *a, const mp_int *b, mp_int *r,
+					const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+
+	MP_CHECKOK(mp_mul(a, b, r));
+	MP_CHECKOK(ec_GFp_nistp521_mod(r, r, meth));
+  CLEANUP:
+	return res;
+}
+
+/* Divides two field elements. If a is NULL, then returns the inverse of
+ * b. */
+mp_err
+ec_GFp_nistp521_div(const mp_int *a, const mp_int *b, mp_int *r,
+		   const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	mp_int t;
+
+	/* If a is NULL, then return the inverse of b, otherwise return a/b. */
+	if (a == NULL) {
+		return mp_invmod(b, &meth->irr, r);
+	} else {
+		/* MPI doesn't support divmod, so we implement it using invmod and 
+		 * mulmod. */
+		MP_CHECKOK(mp_init(&t));
+		MP_CHECKOK(mp_invmod(b, &meth->irr, &t));
+		MP_CHECKOK(mp_mul(a, &t, r));
+		MP_CHECKOK(ec_GFp_nistp521_mod(r, r, meth));
+	  CLEANUP:
+		mp_clear(&t);
+		return res;
+	}
+}
+
+/* Wire in fast field arithmetic and precomputation of base point for
+ * named curves. */
+mp_err
+ec_group_set_gfp521(ECGroup *group, ECCurveName name)
+{
+	if (name == ECCurve_NIST_P521) {
+		group->meth->field_mod = &ec_GFp_nistp521_mod;
+		group->meth->field_mul = &ec_GFp_nistp521_mul;
+		group->meth->field_sqr = &ec_GFp_nistp521_sqr;
+		group->meth->field_div = &ec_GFp_nistp521_div;
+	}
+	return MP_OKAY;
+}
diff --git a/security/nss/lib/freebl/ecl/ecp_aff.c b/security/nss/lib/freebl/ecl/ecp_aff.c
new file mode 100644
index 000000000..cda04ed22
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ecp_aff.c
@@ -0,0 +1,357 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library for prime field curves.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Sheueling Chang-Shantz <sheueling.chang@sun.com>,
+ *   Stephen Fung <fungstep@hotmail.com>, and
+ *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories.
+ *   Bodo Moeller <moeller@cdc.informatik.tu-darmstadt.de>,
+ *   Nils Larsch <nla@trustcenter.de>, and
+ *   Lenka Fibikova <fibikova@exp-math.uni-essen.de>, the OpenSSL Project
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "ecp.h"
+#include "mplogic.h"
+#include <stdlib.h>
+
+/* Checks if point P(px, py) is at infinity.  Uses affine coordinates. */
+mp_err
+ec_GFp_pt_is_inf_aff(const mp_int *px, const mp_int *py)
+{
+
+	if ((mp_cmp_z(px) == 0) && (mp_cmp_z(py) == 0)) {
+		return MP_YES;
+	} else {
+		return MP_NO;
+	}
+
+}
+
+/* Sets P(px, py) to be the point at infinity.  Uses affine coordinates. */
+mp_err
+ec_GFp_pt_set_inf_aff(mp_int *px, mp_int *py)
+{
+	mp_zero(px);
+	mp_zero(py);
+	return MP_OKAY;
+}
+
+/* Computes R = P + Q based on IEEE P1363 A.10.1. Elliptic curve points P, 
+ * Q, and R can all be identical. Uses affine coordinates. Assumes input
+ * is already field-encoded using field_enc, and returns output that is
+ * still field-encoded. */
+mp_err
+ec_GFp_pt_add_aff(const mp_int *px, const mp_int *py, const mp_int *qx,
+				  const mp_int *qy, mp_int *rx, mp_int *ry,
+				  const ECGroup *group)
+{
+	mp_err res = MP_OKAY;
+	mp_int lambda, temp, tempx, tempy;
+
+	MP_DIGITS(&lambda) = 0;
+	MP_DIGITS(&temp) = 0;
+	MP_DIGITS(&tempx) = 0;
+	MP_DIGITS(&tempy) = 0;
+	MP_CHECKOK(mp_init(&lambda));
+	MP_CHECKOK(mp_init(&temp));
+	MP_CHECKOK(mp_init(&tempx));
+	MP_CHECKOK(mp_init(&tempy));
+	/* if P = inf, then R = Q */
+	if (ec_GFp_pt_is_inf_aff(px, py) == 0) {
+		MP_CHECKOK(mp_copy(qx, rx));
+		MP_CHECKOK(mp_copy(qy, ry));
+		res = MP_OKAY;
+		goto CLEANUP;
+	}
+	/* if Q = inf, then R = P */
+	if (ec_GFp_pt_is_inf_aff(qx, qy) == 0) {
+		MP_CHECKOK(mp_copy(px, rx));
+		MP_CHECKOK(mp_copy(py, ry));
+		res = MP_OKAY;
+		goto CLEANUP;
+	}
+	/* if px != qx, then lambda = (py-qy) / (px-qx) */
+	if (mp_cmp(px, qx) != 0) {
+		MP_CHECKOK(group->meth->field_sub(py, qy, &tempy, group->meth));
+		MP_CHECKOK(group->meth->field_sub(px, qx, &tempx, group->meth));
+		MP_CHECKOK(group->meth->
+				   field_div(&tempy, &tempx, &lambda, group->meth));
+	} else {
+		/* if py != qy or qy = 0, then R = inf */
+		if (((mp_cmp(py, qy) != 0)) || (mp_cmp_z(qy) == 0)) {
+			mp_zero(rx);
+			mp_zero(ry);
+			res = MP_OKAY;
+			goto CLEANUP;
+		}
+		/* lambda = (3qx^2+a) / (2qy) */
+		MP_CHECKOK(group->meth->field_sqr(qx, &tempx, group->meth));
+		MP_CHECKOK(mp_set_int(&temp, 3));
+		if (group->meth->field_enc) {
+			MP_CHECKOK(group->meth->field_enc(&temp, &temp, group->meth));
+		}
+		MP_CHECKOK(group->meth->
+				   field_mul(&tempx, &temp, &tempx, group->meth));
+		MP_CHECKOK(group->meth->
+				   field_add(&tempx, &group->curvea, &tempx, group->meth));
+		MP_CHECKOK(mp_set_int(&temp, 2));
+		if (group->meth->field_enc) {
+			MP_CHECKOK(group->meth->field_enc(&temp, &temp, group->meth));
+		}
+		MP_CHECKOK(group->meth->field_mul(qy, &temp, &tempy, group->meth));
+		MP_CHECKOK(group->meth->
+				   field_div(&tempx, &tempy, &lambda, group->meth));
+	}
+	/* rx = lambda^2 - px - qx */
+	MP_CHECKOK(group->meth->field_sqr(&lambda, &tempx, group->meth));
+	MP_CHECKOK(group->meth->field_sub(&tempx, px, &tempx, group->meth));
+	MP_CHECKOK(group->meth->field_sub(&tempx, qx, &tempx, group->meth));
+	/* ry = (x1-x2) * lambda - y1 */
+	MP_CHECKOK(group->meth->field_sub(qx, &tempx, &tempy, group->meth));
+	MP_CHECKOK(group->meth->
+			   field_mul(&tempy, &lambda, &tempy, group->meth));
+	MP_CHECKOK(group->meth->field_sub(&tempy, qy, &tempy, group->meth));
+	MP_CHECKOK(mp_copy(&tempx, rx));
+	MP_CHECKOK(mp_copy(&tempy, ry));
+
+  CLEANUP:
+	mp_clear(&lambda);
+	mp_clear(&temp);
+	mp_clear(&tempx);
+	mp_clear(&tempy);
+	return res;
+}
+
+/* Computes R = P - Q. Elliptic curve points P, Q, and R can all be
+ * identical. Uses affine coordinates. Assumes input is already
+ * field-encoded using field_enc, and returns output that is still
+ * field-encoded. */
+mp_err
+ec_GFp_pt_sub_aff(const mp_int *px, const mp_int *py, const mp_int *qx,
+				  const mp_int *qy, mp_int *rx, mp_int *ry,
+				  const ECGroup *group)
+{
+	mp_err res = MP_OKAY;
+	mp_int nqy;
+
+	MP_DIGITS(&nqy) = 0;
+	MP_CHECKOK(mp_init(&nqy));
+	/* nqy = -qy */
+	MP_CHECKOK(group->meth->field_neg(qy, &nqy, group->meth));
+	res = group->point_add(px, py, qx, &nqy, rx, ry, group);
+  CLEANUP:
+	mp_clear(&nqy);
+	return res;
+}
+
+/* Computes R = 2P. Elliptic curve points P and R can be identical. Uses
+ * affine coordinates. Assumes input is already field-encoded using
+ * field_enc, and returns output that is still field-encoded. */
+mp_err
+ec_GFp_pt_dbl_aff(const mp_int *px, const mp_int *py, mp_int *rx,
+				  mp_int *ry, const ECGroup *group)
+{
+	return ec_GFp_pt_add_aff(px, py, px, py, rx, ry, group);
+}
+
+/* by default, this routine is unused and thus doesn't need to be compiled */
+#ifdef ECL_ENABLE_GFP_PT_MUL_AFF
+/* Computes R = nP based on IEEE P1363 A.10.3. Elliptic curve points P and 
+ * R can be identical. Uses affine coordinates. Assumes input is already
+ * field-encoded using field_enc, and returns output that is still
+ * field-encoded. */
+mp_err
+ec_GFp_pt_mul_aff(const mp_int *n, const mp_int *px, const mp_int *py,
+				  mp_int *rx, mp_int *ry, const ECGroup *group)
+{
+	mp_err res = MP_OKAY;
+	mp_int k, k3, qx, qy, sx, sy;
+	int b1, b3, i, l;
+
+	MP_DIGITS(&k) = 0;
+	MP_DIGITS(&k3) = 0;
+	MP_DIGITS(&qx) = 0;
+	MP_DIGITS(&qy) = 0;
+	MP_DIGITS(&sx) = 0;
+	MP_DIGITS(&sy) = 0;
+	MP_CHECKOK(mp_init(&k));
+	MP_CHECKOK(mp_init(&k3));
+	MP_CHECKOK(mp_init(&qx));
+	MP_CHECKOK(mp_init(&qy));
+	MP_CHECKOK(mp_init(&sx));
+	MP_CHECKOK(mp_init(&sy));
+
+	/* if n = 0 then r = inf */
+	if (mp_cmp_z(n) == 0) {
+		mp_zero(rx);
+		mp_zero(ry);
+		res = MP_OKAY;
+		goto CLEANUP;
+	}
+	/* Q = P, k = n */
+	MP_CHECKOK(mp_copy(px, &qx));
+	MP_CHECKOK(mp_copy(py, &qy));
+	MP_CHECKOK(mp_copy(n, &k));
+	/* if n < 0 then Q = -Q, k = -k */
+	if (mp_cmp_z(n) < 0) {
+		MP_CHECKOK(group->meth->field_neg(&qy, &qy, group->meth));
+		MP_CHECKOK(mp_neg(&k, &k));
+	}
+#ifdef ECL_DEBUG				/* basic double and add method */
+	l = mpl_significant_bits(&k) - 1;
+	MP_CHECKOK(mp_copy(&qx, &sx));
+	MP_CHECKOK(mp_copy(&qy, &sy));
+	for (i = l - 1; i >= 0; i--) {
+		/* S = 2S */
+		MP_CHECKOK(group->point_dbl(&sx, &sy, &sx, &sy, group));
+		/* if k_i = 1, then S = S + Q */
+		if (mpl_get_bit(&k, i) != 0) {
+			MP_CHECKOK(group->
+					   point_add(&sx, &sy, &qx, &qy, &sx, &sy, group));
+		}
+	}
+#else							/* double and add/subtract method from
+								 * standard */
+	/* k3 = 3 * k */
+	MP_CHECKOK(mp_set_int(&k3, 3));
+	MP_CHECKOK(mp_mul(&k, &k3, &k3));
+	/* S = Q */
+	MP_CHECKOK(mp_copy(&qx, &sx));
+	MP_CHECKOK(mp_copy(&qy, &sy));
+	/* l = index of high order bit in binary representation of 3*k */
+	l = mpl_significant_bits(&k3) - 1;
+	/* for i = l-1 downto 1 */
+	for (i = l - 1; i >= 1; i--) {
+		/* S = 2S */
+		MP_CHECKOK(group->point_dbl(&sx, &sy, &sx, &sy, group));
+		b3 = MP_GET_BIT(&k3, i);
+		b1 = MP_GET_BIT(&k, i);
+		/* if k3_i = 1 and k_i = 0, then S = S + Q */
+		if ((b3 == 1) && (b1 == 0)) {
+			MP_CHECKOK(group->
+					   point_add(&sx, &sy, &qx, &qy, &sx, &sy, group));
+			/* if k3_i = 0 and k_i = 1, then S = S - Q */
+		} else if ((b3 == 0) && (b1 == 1)) {
+			MP_CHECKOK(group->
+					   point_sub(&sx, &sy, &qx, &qy, &sx, &sy, group));
+		}
+	}
+#endif
+	/* output S */
+	MP_CHECKOK(mp_copy(&sx, rx));
+	MP_CHECKOK(mp_copy(&sy, ry));
+
+  CLEANUP:
+	mp_clear(&k);
+	mp_clear(&k3);
+	mp_clear(&qx);
+	mp_clear(&qy);
+	mp_clear(&sx);
+	mp_clear(&sy);
+	return res;
+}
+#endif
+
+/* Validates a point on a GFp curve. */
+mp_err 
+ec_GFp_validate_point(const mp_int *px, const mp_int *py, const ECGroup *group)
+{
+	mp_err res = MP_NO;
+	mp_int accl, accr, tmp, pxt, pyt;
+
+	MP_DIGITS(&accl) = 0;
+	MP_DIGITS(&accr) = 0;
+	MP_DIGITS(&tmp) = 0;
+	MP_DIGITS(&pxt) = 0;
+	MP_DIGITS(&pyt) = 0;
+	MP_CHECKOK(mp_init(&accl));
+	MP_CHECKOK(mp_init(&accr));
+	MP_CHECKOK(mp_init(&tmp));
+	MP_CHECKOK(mp_init(&pxt));
+	MP_CHECKOK(mp_init(&pyt));
+
+    /* 1: Verify that publicValue is not the point at infinity */
+	if (ec_GFp_pt_is_inf_aff(px, py) == MP_YES) {
+		res = MP_NO;
+		goto CLEANUP;
+	}
+    /* 2: Verify that the coordinates of publicValue are elements 
+     *    of the field.
+     */
+	if ((MP_SIGN(px) == MP_NEG) || (mp_cmp(px, &group->meth->irr) >= 0) || 
+		(MP_SIGN(py) == MP_NEG) || (mp_cmp(py, &group->meth->irr) >= 0)) {
+		res = MP_NO;
+		goto CLEANUP;
+	}
+    /* 3: Verify that publicValue is on the curve. */
+	if (group->meth->field_enc) {
+		group->meth->field_enc(px, &pxt, group->meth);
+		group->meth->field_enc(py, &pyt, group->meth);
+	} else {
+		mp_copy(px, &pxt);
+		mp_copy(py, &pyt);
+	}
+	/* left-hand side: y^2  */
+	MP_CHECKOK( group->meth->field_sqr(&pyt, &accl, group->meth) );
+	/* right-hand side: x^3 + a*x + b */
+	MP_CHECKOK( group->meth->field_sqr(&pxt, &tmp, group->meth) );
+	MP_CHECKOK( group->meth->field_mul(&pxt, &tmp, &accr, group->meth) );
+	MP_CHECKOK( group->meth->field_mul(&group->curvea, &pxt, &tmp, group->meth) );
+	MP_CHECKOK( group->meth->field_add(&tmp, &accr, &accr, group->meth) );
+	MP_CHECKOK( group->meth->field_add(&accr, &group->curveb, &accr, group->meth) );
+	/* check LHS - RHS == 0 */
+	MP_CHECKOK( group->meth->field_sub(&accl, &accr, &accr, group->meth) );
+	if (mp_cmp_z(&accr) != 0) {
+		res = MP_NO;
+		goto CLEANUP;
+	}
+    /* 4: Verify that the order of the curve times the publicValue
+     *    is the point at infinity.
+     */
+	MP_CHECKOK( ECPoint_mul(group, &group->order, px, py, &pxt, &pyt) );
+	if (ec_GFp_pt_is_inf_aff(&pxt, &pyt) != MP_YES) {
+		res = MP_NO;
+		goto CLEANUP;
+	}
+
+	res = MP_YES;
+
+CLEANUP:
+	mp_clear(&accl);
+	mp_clear(&accr);
+	mp_clear(&tmp);
+	mp_clear(&pxt);
+	mp_clear(&pyt);
+	return res;
+}
diff --git a/security/nss/lib/freebl/ecl/ecp_fp.c b/security/nss/lib/freebl/ecl/ecp_fp.c
new file mode 100644
index 000000000..9dcb7b073
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ecp_fp.c
@@ -0,0 +1,568 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library for prime field curves
+ * using floating point operations.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Sheueling Chang-Shantz <sheueling.chang@sun.com>,
+ *   Stephen Fung <fungstep@hotmail.com>, and
+ *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "ecp_fp.h"
+#include "ecl-priv.h"
+#include <stdlib.h>
+
+/* Performs tidying on a short multi-precision floating point integer (the 
+ * lower group->numDoubles floats). */
+void
+ecfp_tidyShort(double *t, const EC_group_fp * group)
+{
+	group->ecfp_tidy(t, group->alpha, group);
+}
+
+/* Performs tidying on only the upper float digits of a multi-precision
+ * floating point integer, i.e. the digits beyond the regular length which 
+ * are removed in the reduction step. */
+void
+ecfp_tidyUpper(double *t, const EC_group_fp * group)
+{
+	group->ecfp_tidy(t + group->numDoubles,
+					 group->alpha + group->numDoubles, group);
+}
+
+/* Performs a "tidy" operation, which performs carrying, moving excess
+ * bits from one double to the next double, so that the precision of the
+ * doubles is reduced to the regular precision group->doubleBitSize. This
+ * might result in some float digits being negative. Alternative C version 
+ * for portability. */
+void
+ecfp_tidy(double *t, const double *alpha, const EC_group_fp * group)
+{
+	double q;
+	int i;
+
+	/* Do carrying */
+	for (i = 0; i < group->numDoubles - 1; i++) {
+		q = t[i] + alpha[i + 1];
+		q -= alpha[i + 1];
+		t[i] -= q;
+		t[i + 1] += q;
+
+		/* If we don't assume that truncation rounding is used, then q
+		 * might be 2^n bigger than expected (if it rounds up), then t[0]
+		 * could be negative and t[1] 2^n larger than expected. */
+	}
+}
+
+/* Performs a more mathematically precise "tidying" so that each term is
+ * positive.  This is slower than the regular tidying, and is used for
+ * conversion from floating point to integer. */
+void
+ecfp_positiveTidy(double *t, const EC_group_fp * group)
+{
+	double q;
+	int i;
+
+	/* Do carrying */
+	for (i = 0; i < group->numDoubles - 1; i++) {
+		/* Subtract beta to force rounding down */
+		q = t[i] - ecfp_beta[i + 1];
+		q += group->alpha[i + 1];
+		q -= group->alpha[i + 1];
+		t[i] -= q;
+		t[i + 1] += q;
+
+		/* Due to subtracting ecfp_beta, we should have each term a
+		 * non-negative int */
+		ECFP_ASSERT(t[i] / ecfp_exp[i] ==
+					(unsigned long long) (t[i] / ecfp_exp[i]));
+		ECFP_ASSERT(t[i] >= 0);
+	}
+}
+
+/* Converts from a floating point representation into an mp_int. Expects
+ * that d is already reduced. */
+void
+ecfp_fp2i(mp_int *mpout, double *d, const ECGroup *ecgroup)
+{
+	EC_group_fp *group = (EC_group_fp *) ecgroup->extra1;
+	unsigned short i16[(group->primeBitSize + 15) / 16];
+	double q = 1;
+
+#ifdef ECL_THIRTY_TWO_BIT
+	/* TEST uint32_t z = 0; */
+	unsigned int z = 0;
+#else
+	uint64_t z = 0;
+#endif
+	int zBits = 0;
+	int copiedBits = 0;
+	int i = 0;
+	int j = 0;
+
+	mp_digit *out;
+
+	/* Result should always be >= 0, so set sign accordingly */
+	MP_SIGN(mpout) = MP_ZPOS;
+
+	/* Tidy up so we're just dealing with positive numbers */
+	ecfp_positiveTidy(d, group);
+
+	/* We might need to do this reduction step more than once if the
+	 * reduction adds smaller terms which carry-over to cause another
+	 * reduction. However, this should happen very rarely, if ever,
+	 * depending on the elliptic curve. */
+	do {
+		/* Init loop data */
+		z = 0;
+		zBits = 0;
+		q = 1;
+		i = 0;
+		j = 0;
+		copiedBits = 0;
+
+		/* Might have to do a bit more reduction */
+		group->ecfp_singleReduce(d, group);
+
+		/* Grow the size of the mpint if it's too small */
+		s_mp_grow(mpout, group->numInts);
+		MP_USED(mpout) = group->numInts;
+		out = MP_DIGITS(mpout);
+
+		/* Convert double to 16 bit integers */
+		while (copiedBits < group->primeBitSize) {
+			if (zBits < 16) {
+				z += d[i] * q;
+				i++;
+				ECFP_ASSERT(i < (group->primeBitSize + 15) / 16);
+				zBits += group->doubleBitSize;
+			}
+			i16[j] = z;
+			j++;
+			z >>= 16;
+			zBits -= 16;
+			q *= ecfp_twom16;
+			copiedBits += 16;
+		}
+	} while (z != 0);
+
+	/* Convert 16 bit integers to mp_digit */
+#ifdef ECL_THIRTY_TWO_BIT
+	for (i = 0; i < (group->primeBitSize + 15) / 16; i += 2) {
+		*out = 0;
+		if (i + 1 < (group->primeBitSize + 15) / 16) {
+			*out = i16[i + 1];
+			*out <<= 16;
+		}
+		*out++ += i16[i];
+	}
+#else							/* 64 bit */
+	for (i = 0; i < (group->primeBitSize + 15) / 16; i += 4) {
+		*out = 0;
+		if (i + 3 < (group->primeBitSize + 15) / 16) {
+			*out = i16[i + 3];
+			*out <<= 16;
+		}
+		if (i + 2 < (group->primeBitSize + 15) / 16) {
+			*out += i16[i + 2];
+			*out <<= 16;
+		}
+		if (i + 1 < (group->primeBitSize + 15) / 16) {
+			*out += i16[i + 1];
+			*out <<= 16;
+		}
+		*out++ += i16[i];
+	}
+#endif
+
+	/* Perform final reduction.  mpout should already be the same number
+	 * of bits as p, but might not be less than p.  Make it so. Since
+	 * mpout has the same number of bits as p, and 2p has a larger bit
+	 * size, then mpout < 2p, so a single subtraction of p will suffice. */
+	if (mp_cmp(mpout, &ecgroup->meth->irr) >= 0) {
+		mp_sub(mpout, &ecgroup->meth->irr, mpout);
+	}
+
+	/* Shrink the size of the mp_int to the actual used size (required for 
+	 * mp_cmp_z == 0) */
+	out = MP_DIGITS(mpout);
+	for (i = group->numInts - 1; i > 0; i--) {
+		if (out[i] != 0)
+			break;
+	}
+	MP_USED(mpout) = i + 1;
+
+	/* Should be between 0 and p-1 */
+	ECFP_ASSERT(mp_cmp(mpout, &ecgroup->meth->irr) < 0);
+	ECFP_ASSERT(mp_cmp_z(mpout) >= 0);
+}
+
+/* Converts from an mpint into a floating point representation. */
+void
+ecfp_i2fp(double *out, const mp_int *x, const ECGroup *ecgroup)
+{
+	int i;
+	int j = 0;
+	int size;
+	double shift = 1;
+	mp_digit *in;
+	EC_group_fp *group = (EC_group_fp *) ecgroup->extra1;
+
+#ifdef ECL_DEBUG
+	/* if debug mode, convert result back using ecfp_fp2i into cmp, then
+	 * compare to x. */
+	mp_int cmp;
+
+	MP_DIGITS(&cmp) = NULL;
+	mp_init(&cmp);
+#endif
+
+	ECFP_ASSERT(group != NULL);
+
+	/* init output to 0 (since we skip over some terms) */
+	for (i = 0; i < group->numDoubles; i++)
+		out[i] = 0;
+	i = 0;
+
+	size = MP_USED(x);
+	in = MP_DIGITS(x);
+
+	/* Copy from int into doubles */
+#ifdef ECL_THIRTY_TWO_BIT
+	while (j < size) {
+		while (group->doubleBitSize * (i + 1) <= 32 * j) {
+			i++;
+		}
+		ECFP_ASSERT(group->doubleBitSize * i <= 32 * j);
+		out[i] = in[j];
+		out[i] *= shift;
+		shift *= ecfp_two32;
+		j++;
+	}
+#else
+	while (j < size) {
+		while (group->doubleBitSize * (i + 1) <= 64 * j) {
+			i++;
+		}
+		ECFP_ASSERT(group->doubleBitSize * i <= 64 * j);
+		out[i] = (in[j] & 0x00000000FFFFFFFF) * shift;
+
+		while (group->doubleBitSize * (i + 1) <= 64 * j + 32) {
+			i++;
+		}
+		ECFP_ASSERT(24 * i <= 64 * j + 32);
+		out[i] = (in[j] & 0xFFFFFFFF00000000) * shift;
+
+		shift *= ecfp_two64;
+		j++;
+	}
+#endif
+	/* Realign bits to match double boundaries */
+	ecfp_tidyShort(out, group);
+
+#ifdef ECL_DEBUG
+	/* Convert result back to mp_int, compare to original */
+	ecfp_fp2i(&cmp, out, ecgroup);
+	ECFP_ASSERT(mp_cmp(&cmp, x) == 0);
+	mp_clear(&cmp);
+#endif
+}
+
+/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
+ * a, b and p are the elliptic curve coefficients and the prime that
+ * determines the field GFp.  Elliptic curve points P and R can be
+ * identical.  Uses Jacobian coordinates. Uses 4-bit window method. */
+mp_err
+ec_GFp_point_mul_jac_4w_fp(const mp_int *n, const mp_int *px,
+						   const mp_int *py, mp_int *rx, mp_int *ry,
+						   const ECGroup *ecgroup)
+{
+	mp_err res = MP_OKAY;
+	ecfp_jac_pt precomp[16], r;
+	ecfp_aff_pt p;
+	EC_group_fp *group;
+
+	mp_int rz;
+	int i, ni, d;
+
+	ARGCHK(ecgroup != NULL, MP_BADARG);
+	ARGCHK((n != NULL) && (px != NULL) && (py != NULL), MP_BADARG);
+
+	group = (EC_group_fp *) ecgroup->extra1;
+	MP_DIGITS(&rz) = 0;
+	MP_CHECKOK(mp_init(&rz));
+
+	/* init p, da */
+	ecfp_i2fp(p.x, px, ecgroup);
+	ecfp_i2fp(p.y, py, ecgroup);
+	ecfp_i2fp(group->curvea, &ecgroup->curvea, ecgroup);
+
+	/* Do precomputation */
+	group->precompute_jac(precomp, &p, group);
+
+	/* Do main body of calculations */
+	d = (mpl_significant_bits(n) + 3) / 4;
+
+	/* R = inf */
+	for (i = 0; i < group->numDoubles; i++) {
+		r.z[i] = 0;
+	}
+
+	for (i = d - 1; i >= 0; i--) {
+		/* compute window ni */
+		ni = MP_GET_BIT(n, 4 * i + 3);
+		ni <<= 1;
+		ni |= MP_GET_BIT(n, 4 * i + 2);
+		ni <<= 1;
+		ni |= MP_GET_BIT(n, 4 * i + 1);
+		ni <<= 1;
+		ni |= MP_GET_BIT(n, 4 * i);
+
+		/* R = 2^4 * R */
+		group->pt_dbl_jac(&r, &r, group);
+		group->pt_dbl_jac(&r, &r, group);
+		group->pt_dbl_jac(&r, &r, group);
+		group->pt_dbl_jac(&r, &r, group);
+
+		/* R = R + (ni * P) */
+		group->pt_add_jac(&r, &precomp[ni], &r, group);
+	}
+
+	/* Convert back to integer */
+	ecfp_fp2i(rx, r.x, ecgroup);
+	ecfp_fp2i(ry, r.y, ecgroup);
+	ecfp_fp2i(&rz, r.z, ecgroup);
+
+	/* convert result S to affine coordinates */
+	MP_CHECKOK(ec_GFp_pt_jac2aff(rx, ry, &rz, rx, ry, ecgroup));
+
+  CLEANUP:
+	mp_clear(&rz);
+	return res;
+}
+
+/* Uses mixed Jacobian-affine coordinates to perform a point
+ * multiplication: R = n * P, n scalar. Uses mixed Jacobian-affine
+ * coordinates (Jacobian coordinates for doubles and affine coordinates
+ * for additions; based on recommendation from Brown et al.). Not very
+ * time efficient but quite space efficient, no precomputation needed.
+ * group contains the elliptic curve coefficients and the prime that
+ * determines the field GFp.  Elliptic curve points P and R can be
+ * identical. Performs calculations in floating point number format, since 
+ * this is faster than the integer operations on the ULTRASPARC III.
+ * Uses left-to-right binary method (double & add) (algorithm 9) for
+ * scalar-point multiplication from Brown, Hankerson, Lopez, Menezes.
+ * Software Implementation of the NIST Elliptic Curves Over Prime Fields. */
+mp_err
+ec_GFp_pt_mul_jac_fp(const mp_int *n, const mp_int *px, const mp_int *py,
+					 mp_int *rx, mp_int *ry, const ECGroup *ecgroup)
+{
+	mp_err res;
+	mp_int sx, sy, sz;
+
+	ecfp_aff_pt p;
+	ecfp_jac_pt r;
+	EC_group_fp *group = (EC_group_fp *) ecgroup->extra1;
+
+	int i, l;
+
+	MP_DIGITS(&sx) = 0;
+	MP_DIGITS(&sy) = 0;
+	MP_DIGITS(&sz) = 0;
+	MP_CHECKOK(mp_init(&sx));
+	MP_CHECKOK(mp_init(&sy));
+	MP_CHECKOK(mp_init(&sz));
+
+	/* if n = 0 then r = inf */
+	if (mp_cmp_z(n) == 0) {
+		mp_zero(rx);
+		mp_zero(ry);
+		res = MP_OKAY;
+		goto CLEANUP;
+		/* if n < 0 then out of range error */
+	} else if (mp_cmp_z(n) < 0) {
+		res = MP_RANGE;
+		goto CLEANUP;
+	}
+
+	/* Convert from integer to floating point */
+	ecfp_i2fp(p.x, px, ecgroup);
+	ecfp_i2fp(p.y, py, ecgroup);
+	ecfp_i2fp(group->curvea, &(ecgroup->curvea), ecgroup);
+
+	/* Init r to point at infinity */
+	for (i = 0; i < group->numDoubles; i++) {
+		r.z[i] = 0;
+	}
+
+	/* double and add method */
+	l = mpl_significant_bits(n) - 1;
+
+	for (i = l; i >= 0; i--) {
+		/* R = 2R */
+		group->pt_dbl_jac(&r, &r, group);
+
+		/* if n_i = 1, then R = R + Q */
+		if (MP_GET_BIT(n, i) != 0) {
+			group->pt_add_jac_aff(&r, &p, &r, group);
+		}
+	}
+
+	/* Convert from floating point to integer */
+	ecfp_fp2i(&sx, r.x, ecgroup);
+	ecfp_fp2i(&sy, r.y, ecgroup);
+	ecfp_fp2i(&sz, r.z, ecgroup);
+
+	/* convert result R to affine coordinates */
+	MP_CHECKOK(ec_GFp_pt_jac2aff(&sx, &sy, &sz, rx, ry, ecgroup));
+
+  CLEANUP:
+	mp_clear(&sx);
+	mp_clear(&sy);
+	mp_clear(&sz);
+	return res;
+}
+
+/* Computes R = nP where R is (rx, ry) and P is the base point. Elliptic
+ * curve points P and R can be identical. Uses mixed Modified-Jacobian
+ * co-ordinates for doubling and Chudnovsky Jacobian coordinates for
+ * additions. Uses 5-bit window NAF method (algorithm 11) for scalar-point 
+ * multiplication from Brown, Hankerson, Lopez, Menezes. Software
+ * Implementation of the NIST Elliptic Curves Over Prime Fields. */
+mp_err
+ec_GFp_point_mul_wNAF_fp(const mp_int *n, const mp_int *px,
+						 const mp_int *py, mp_int *rx, mp_int *ry,
+						 const ECGroup *ecgroup)
+{
+	mp_err res = MP_OKAY;
+	mp_int sx, sy, sz;
+	EC_group_fp *group = (EC_group_fp *) ecgroup->extra1;
+	ecfp_chud_pt precomp[16];
+
+	ecfp_aff_pt p;
+	ecfp_jm_pt r;
+
+	signed char naf[group->orderBitSize + 1];
+	int i;
+
+	MP_DIGITS(&sx) = 0;
+	MP_DIGITS(&sy) = 0;
+	MP_DIGITS(&sz) = 0;
+	MP_CHECKOK(mp_init(&sx));
+	MP_CHECKOK(mp_init(&sy));
+	MP_CHECKOK(mp_init(&sz));
+
+	/* if n = 0 then r = inf */
+	if (mp_cmp_z(n) == 0) {
+		mp_zero(rx);
+		mp_zero(ry);
+		res = MP_OKAY;
+		goto CLEANUP;
+		/* if n < 0 then out of range error */
+	} else if (mp_cmp_z(n) < 0) {
+		res = MP_RANGE;
+		goto CLEANUP;
+	}
+
+	/* Convert from integer to floating point */
+	ecfp_i2fp(p.x, px, ecgroup);
+	ecfp_i2fp(p.y, py, ecgroup);
+	ecfp_i2fp(group->curvea, &(ecgroup->curvea), ecgroup);
+
+	/* Perform precomputation */
+	group->precompute_chud(precomp, &p, group);
+
+	/* Compute 5NAF */
+	ec_compute_wNAF(naf, group->orderBitSize, n, 5);
+
+	/* Init R = pt at infinity */
+	for (i = 0; i < group->numDoubles; i++) {
+		r.z[i] = 0;
+	}
+
+	/* wNAF method */
+	for (i = group->orderBitSize; i >= 0; i--) {
+		/* R = 2R */
+		group->pt_dbl_jm(&r, &r, group);
+
+		if (naf[i] != 0) {
+			group->pt_add_jm_chud(&r, &precomp[(naf[i] + 15) / 2], &r,
+								  group);
+		}
+	}
+
+	/* Convert from floating point to integer */
+	ecfp_fp2i(&sx, r.x, ecgroup);
+	ecfp_fp2i(&sy, r.y, ecgroup);
+	ecfp_fp2i(&sz, r.z, ecgroup);
+
+	/* convert result R to affine coordinates */
+	MP_CHECKOK(ec_GFp_pt_jac2aff(&sx, &sy, &sz, rx, ry, ecgroup));
+
+  CLEANUP:
+	mp_clear(&sx);
+	mp_clear(&sy);
+	mp_clear(&sz);
+	return res;
+}
+
+/* Cleans up extra memory allocated in ECGroup for this implementation. */
+void
+ec_GFp_extra_free_fp(ECGroup *group)
+{
+	if (group->extra1 != NULL) {
+		free(group->extra1);
+		group->extra1 = NULL;
+	}
+}
+
+/* Tests what precision floating point arithmetic is set to. This should
+ * be either a 53-bit mantissa (IEEE standard) or a 64-bit mantissa
+ * (extended precision on x86) and sets it into the EC_group_fp. Returns
+ * either 53 or 64 accordingly. */
+int
+ec_set_fp_precision(EC_group_fp * group)
+{
+	double a = 9007199254740992.0;	/* 2^53 */
+	double b = a + 1;
+
+	if (a == b) {
+		group->fpPrecision = 53;
+		group->alpha = ecfp_alpha_53;
+		return 53;
+	}
+	group->fpPrecision = 64;
+	group->alpha = ecfp_alpha_64;
+	return 64;
+}
diff --git a/security/nss/lib/freebl/ecl/ecp_fp.h b/security/nss/lib/freebl/ecl/ecp_fp.h
new file mode 100644
index 000000000..8eedeb4be
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ecp_fp.h
@@ -0,0 +1,406 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library for prime field curves using floating point operations.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Stephen Fung <fungstep@hotmail.com>, Sun Microsystems Laboratories
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#ifndef __ecp_fp_h_
+#define __ecp_fp_h_
+
+#include "mpi.h"
+#include "ecl.h"
+#include "ecp.h"
+
+#include <sys/types.h>
+#include "mpi-priv.h"
+
+#ifdef ECL_DEBUG
+#include <assert.h>
+#endif
+
+/* Largest number of doubles to store one reduced number in floating
+ * point. Used for memory allocation on the stack. */
+#define ECFP_MAXDOUBLES 10
+
+/* For debugging purposes */
+#ifndef ECL_DEBUG
+#define ECFP_ASSERT(x)
+#else
+#define ECFP_ASSERT(x) assert(x)
+#endif
+
+/* ECFP_Ti = 2^(i*24) Define as preprocessor constants so we can use in
+ * multiple static constants */
+#define ECFP_T0 1.0
+#define ECFP_T1 16777216.0
+#define ECFP_T2 281474976710656.0
+#define ECFP_T3 4722366482869645213696.0
+#define ECFP_T4 79228162514264337593543950336.0
+#define ECFP_T5 1329227995784915872903807060280344576.0
+#define ECFP_T6 22300745198530623141535718272648361505980416.0
+#define ECFP_T7 374144419156711147060143317175368453031918731001856.0
+#define ECFP_T8 6277101735386680763835789423207666416102355444464034512896.0
+#define ECFP_T9 105312291668557186697918027683670432318895095400549111254310977536.0
+#define ECFP_T10  1766847064778384329583297500742918515827483896875618958121606201292619776.0
+#define ECFP_T11 29642774844752946028434172162224104410437116074403984394101141506025761187823616.0
+#define ECFP_T12 497323236409786642155382248146820840100456150797347717440463976893159497012533375533056.0
+#define ECFP_T13  8343699359066055009355553539724812947666814540455674882605631280555545803830627148527195652096.0
+#define ECFP_T14 139984046386112763159840142535527767382602843577165595931249318810236991948760059086304843329475444736.0
+#define ECFP_T15 2348542582773833227889480596789337027375682548908319870707290971532209025114608443463698998384768703031934976.0
+#define ECFP_T16 39402006196394479212279040100143613805079739270465446667948293404245\
+721771497210611414266254884915640806627990306816.0
+#define ECFP_T17 66105596879024859895191530803277103982840468296428121928464879527440\
+5791236311345825189210439715284847591212025023358304256.0
+#define ECFP_T18 11090678776483259438313656736572334813745748301503266300681918322458\
+485231222502492159897624416558312389564843845614287315896631296.0
+#define ECFP_T19 18607071341967536398062689481932916079453218833595342343206149099024\
+36577570298683715049089827234727835552055312041415509848580169253519\
+36.0
+
+#define ECFP_TWO160 1461501637330902918203684832716283019655932542976.0
+#define ECFP_TWO192 6277101735386680763835789423207666416102355444464034512896.0
+#define ECFP_TWO224 26959946667150639794667015087019630673637144422540572481103610249216.0
+
+/* Multiplicative constants */
+static const double ecfp_two32 = 4294967296.0;
+static const double ecfp_two64 = 18446744073709551616.0;
+static const double ecfp_twom16 = .0000152587890625;
+static const double ecfp_twom128 =
+	.00000000000000000000000000000000000000293873587705571876992184134305561419454666389193021880377187926569604314863681793212890625;
+static const double ecfp_twom129 =
+	.000000000000000000000000000000000000001469367938527859384960920671527807097273331945965109401885939632848021574318408966064453125;
+static const double ecfp_twom160 =
+	.0000000000000000000000000000000000000000000000006842277657836020854119773355907793609766904013068924666782559979930620520927053718196475529111921787261962890625;
+static const double ecfp_twom192 =
+	.000000000000000000000000000000000000000000000000000000000159309191113245227702888039776771180559110455519261878607388585338616290151305816094308987472018268594098344692611135542392730712890625;
+static const double ecfp_twom224 =
+	.00000000000000000000000000000000000000000000000000000000000000000003709206150687421385731735261547639513367564778757791002453039058917581340095629358997312082723208437536338919136001159027049567384892725385725498199462890625;
+
+/* ecfp_exp[i] = 2^(i*ECFP_DSIZE) */
+static const double ecfp_exp[2 * ECFP_MAXDOUBLES] = {
+	ECFP_T0, ECFP_T1, ECFP_T2, ECFP_T3, ECFP_T4, ECFP_T5,
+	ECFP_T6, ECFP_T7, ECFP_T8, ECFP_T9, ECFP_T10, ECFP_T11,
+	ECFP_T12, ECFP_T13, ECFP_T14, ECFP_T15, ECFP_T16, ECFP_T17, ECFP_T18,
+	ECFP_T19
+};
+
+/* 1.1 * 2^52 Uses 2^52 to truncate, the .1 is an extra 2^51 to protect
+ * the 2^52 bit, so that adding alphas to a negative number won't borrow
+ * and empty the important 2^52 bit */
+#define ECFP_ALPHABASE_53 6755399441055744.0
+/* Special case: On some platforms, notably x86 Linux, there is an
+ * extended-precision floating point representation with 64-bits of
+ * precision in the mantissa.  These extra bits of precision require a
+ * larger value of alpha to truncate, i.e. 1.1 * 2^63. */
+#define ECFP_ALPHABASE_64 13835058055282163712.0
+
+/* 
+ * ecfp_alpha[i] = 1.5 * 2^(52 + i*ECFP_DSIZE) we add and subtract alpha
+ * to truncate floating point numbers to a certain number of bits for
+ * tidying */
+static const double ecfp_alpha_53[2 * ECFP_MAXDOUBLES] = {
+	ECFP_ALPHABASE_53 * ECFP_T0,
+	ECFP_ALPHABASE_53 * ECFP_T1,
+	ECFP_ALPHABASE_53 * ECFP_T2,
+	ECFP_ALPHABASE_53 * ECFP_T3,
+	ECFP_ALPHABASE_53 * ECFP_T4,
+	ECFP_ALPHABASE_53 * ECFP_T5,
+	ECFP_ALPHABASE_53 * ECFP_T6,
+	ECFP_ALPHABASE_53 * ECFP_T7,
+	ECFP_ALPHABASE_53 * ECFP_T8,
+	ECFP_ALPHABASE_53 * ECFP_T9,
+	ECFP_ALPHABASE_53 * ECFP_T10,
+	ECFP_ALPHABASE_53 * ECFP_T11,
+	ECFP_ALPHABASE_53 * ECFP_T12,
+	ECFP_ALPHABASE_53 * ECFP_T13,
+	ECFP_ALPHABASE_53 * ECFP_T14,
+	ECFP_ALPHABASE_53 * ECFP_T15,
+	ECFP_ALPHABASE_53 * ECFP_T16,
+	ECFP_ALPHABASE_53 * ECFP_T17,
+	ECFP_ALPHABASE_53 * ECFP_T18,
+	ECFP_ALPHABASE_53 * ECFP_T19
+};
+
+/* 
+ * ecfp_alpha[i] = 1.5 * 2^(63 + i*ECFP_DSIZE) we add and subtract alpha
+ * to truncate floating point numbers to a certain number of bits for
+ * tidying */
+static const double ecfp_alpha_64[2 * ECFP_MAXDOUBLES] = {
+	ECFP_ALPHABASE_64 * ECFP_T0,
+	ECFP_ALPHABASE_64 * ECFP_T1,
+	ECFP_ALPHABASE_64 * ECFP_T2,
+	ECFP_ALPHABASE_64 * ECFP_T3,
+	ECFP_ALPHABASE_64 * ECFP_T4,
+	ECFP_ALPHABASE_64 * ECFP_T5,
+	ECFP_ALPHABASE_64 * ECFP_T6,
+	ECFP_ALPHABASE_64 * ECFP_T7,
+	ECFP_ALPHABASE_64 * ECFP_T8,
+	ECFP_ALPHABASE_64 * ECFP_T9,
+	ECFP_ALPHABASE_64 * ECFP_T10,
+	ECFP_ALPHABASE_64 * ECFP_T11,
+	ECFP_ALPHABASE_64 * ECFP_T12,
+	ECFP_ALPHABASE_64 * ECFP_T13,
+	ECFP_ALPHABASE_64 * ECFP_T14,
+	ECFP_ALPHABASE_64 * ECFP_T15,
+	ECFP_ALPHABASE_64 * ECFP_T16,
+	ECFP_ALPHABASE_64 * ECFP_T17,
+	ECFP_ALPHABASE_64 * ECFP_T18,
+	ECFP_ALPHABASE_64 * ECFP_T19
+};
+
+/* 0.011111111111111111111111 (binary) = 0.5 - 2^25 (24 ones) */
+#define ECFP_BETABASE 0.4999999701976776123046875
+
+/* 
+ * We subtract beta prior to using alpha to simulate rounding down. We
+ * make this close to 0.5 to round almost everything down, but exactly 0.5 
+ * would cause some incorrect rounding. */
+static const double ecfp_beta[2 * ECFP_MAXDOUBLES] = {
+	ECFP_BETABASE * ECFP_T0,
+	ECFP_BETABASE * ECFP_T1,
+	ECFP_BETABASE * ECFP_T2,
+	ECFP_BETABASE * ECFP_T3,
+	ECFP_BETABASE * ECFP_T4,
+	ECFP_BETABASE * ECFP_T5,
+	ECFP_BETABASE * ECFP_T6,
+	ECFP_BETABASE * ECFP_T7,
+	ECFP_BETABASE * ECFP_T8,
+	ECFP_BETABASE * ECFP_T9,
+	ECFP_BETABASE * ECFP_T10,
+	ECFP_BETABASE * ECFP_T11,
+	ECFP_BETABASE * ECFP_T12,
+	ECFP_BETABASE * ECFP_T13,
+	ECFP_BETABASE * ECFP_T14,
+	ECFP_BETABASE * ECFP_T15,
+	ECFP_BETABASE * ECFP_T16,
+	ECFP_BETABASE * ECFP_T17,
+	ECFP_BETABASE * ECFP_T18,
+	ECFP_BETABASE * ECFP_T19
+};
+
+static const double ecfp_beta_160 = ECFP_BETABASE * ECFP_TWO160;
+static const double ecfp_beta_192 = ECFP_BETABASE * ECFP_TWO192;
+static const double ecfp_beta_224 = ECFP_BETABASE * ECFP_TWO224;
+
+/* Affine EC Point. This is the basic representation (x, y) of an elliptic 
+ * curve point. */
+typedef struct {
+	double x[ECFP_MAXDOUBLES];
+	double y[ECFP_MAXDOUBLES];
+} ecfp_aff_pt;
+
+/* Jacobian EC Point. This coordinate system uses X = x/z^2, Y = y/z^3,
+ * which enables calculations with fewer inversions than affine
+ * coordinates. */
+typedef struct {
+	double x[ECFP_MAXDOUBLES];
+	double y[ECFP_MAXDOUBLES];
+	double z[ECFP_MAXDOUBLES];
+} ecfp_jac_pt;
+
+/* Chudnovsky Jacobian EC Point. This coordinate system is the same as
+ * Jacobian, except it keeps z^2, z^3 for faster additions. */
+typedef struct {
+	double x[ECFP_MAXDOUBLES];
+	double y[ECFP_MAXDOUBLES];
+	double z[ECFP_MAXDOUBLES];
+	double z2[ECFP_MAXDOUBLES];
+	double z3[ECFP_MAXDOUBLES];
+} ecfp_chud_pt;
+
+/* Modified Jacobian EC Point. This coordinate system is the same as
+ * Jacobian, except it keeps a*z^4 for faster doublings. */
+typedef struct {
+	double x[ECFP_MAXDOUBLES];
+	double y[ECFP_MAXDOUBLES];
+	double z[ECFP_MAXDOUBLES];
+	double az4[ECFP_MAXDOUBLES];
+} ecfp_jm_pt;
+
+struct EC_group_fp_str;
+
+typedef struct EC_group_fp_str EC_group_fp;
+struct EC_group_fp_str {
+	int fpPrecision;			/* Set to number of bits in mantissa, 53
+								 * or 64 */
+	int numDoubles;
+	int primeBitSize;
+	int orderBitSize;
+	int doubleBitSize;
+	int numInts;
+	int aIsM3;					/* True if curvea == -3 (mod p), then we
+								 * can optimize doubling */
+	double curvea[ECFP_MAXDOUBLES];
+	/* Used to truncate a double to the number of bits in the curve */
+	double bitSize_alpha;
+	/* Pointer to either ecfp_alpha_53 or ecfp_alpha_64 */
+	const double *alpha;
+
+	void (*ecfp_singleReduce) (double *r, const EC_group_fp * group);
+	void (*ecfp_reduce) (double *r, double *x, const EC_group_fp * group);
+	/* Performs a "tidy" operation, which performs carrying, moving excess 
+	 * bits from one double to the next double, so that the precision of
+	 * the doubles is reduced to the regular precision ECFP_DSIZE. This
+	 * might result in some float digits being negative. */
+	void (*ecfp_tidy) (double *t, const double *alpha,
+					   const EC_group_fp * group);
+	/* Perform a point addition using coordinate system Jacobian + Affine
+	 * -> Jacobian. Input and output should be multi-precision floating
+	 * point integers. */
+	void (*pt_add_jac_aff) (const ecfp_jac_pt * p, const ecfp_aff_pt * q,
+							ecfp_jac_pt * r, const EC_group_fp * group);
+	/* Perform a point doubling in Jacobian coordinates. Input and output
+	 * should be multi-precision floating point integers. */
+	void (*pt_dbl_jac) (const ecfp_jac_pt * dp, ecfp_jac_pt * dr,
+						const EC_group_fp * group);
+	/* Perform a point addition using Jacobian coordinate system. Input
+	 * and output should be multi-precision floating point integers. */
+	void (*pt_add_jac) (const ecfp_jac_pt * p, const ecfp_jac_pt * q,
+						ecfp_jac_pt * r, const EC_group_fp * group);
+	/* Perform a point doubling in Modified Jacobian coordinates. Input
+	 * and output should be multi-precision floating point integers. */
+	void (*pt_dbl_jm) (const ecfp_jm_pt * p, ecfp_jm_pt * r,
+					   const EC_group_fp * group);
+	/* Perform a point doubling using coordinates Affine -> Chudnovsky
+	 * Jacobian. Input and output should be multi-precision floating point 
+	 * integers. */
+	void (*pt_dbl_aff2chud) (const ecfp_aff_pt * p, ecfp_chud_pt * r,
+							 const EC_group_fp * group);
+	/* Perform a point addition using coordinates: Modified Jacobian +
+	 * Chudnovsky Jacobian -> Modified Jacobian. Input and output should
+	 * be multi-precision floating point integers. */
+	void (*pt_add_jm_chud) (ecfp_jm_pt * p, ecfp_chud_pt * q,
+							ecfp_jm_pt * r, const EC_group_fp * group);
+	/* Perform a point addition using Chudnovsky Jacobian coordinates.
+	 * Input and output should be multi-precision floating point integers. 
+	 */
+	void (*pt_add_chud) (const ecfp_chud_pt * p, const ecfp_chud_pt * q,
+						 ecfp_chud_pt * r, const EC_group_fp * group);
+	/* Expects out to be an array of size 16 of Chudnovsky Jacobian
+	 * points. Fills in Chudnovsky Jacobian form (x, y, z, z^2, z^3), for
+	 * -15P, -13P, -11P, -9P, -7P, -5P, -3P, -P, P, 3P, 5P, 7P, 9P, 11P,
+	 * 13P, 15P */
+	void (*precompute_chud) (ecfp_chud_pt * out, const ecfp_aff_pt * p,
+							 const EC_group_fp * group);
+	/* Expects out to be an array of size 16 of Jacobian points. Fills in
+	 * Chudnovsky Jacobian form (x, y, z), for O, P, 2P, ... 15P */
+	void (*precompute_jac) (ecfp_jac_pt * out, const ecfp_aff_pt * p,
+							const EC_group_fp * group);
+
+};
+
+/* Computes r = x*y.
+ * r must be different (point to different memory) than x and y.
+ * Does not tidy or reduce. */
+void ecfp_multiply(double *r, const double *x, const double *y);
+
+/* Performs a "tidy" operation, which performs carrying, moving excess
+ * bits from one double to the next double, so that the precision of the
+ * doubles is reduced to the regular precision group->doubleBitSize. This
+ * might result in some float digits being negative. */
+void ecfp_tidy(double *t, const double *alpha, const EC_group_fp * group);
+
+/* Performs tidying on only the upper float digits of a multi-precision
+ * floating point integer, i.e. the digits beyond the regular length which 
+ * are removed in the reduction step. */
+void ecfp_tidyUpper(double *t, const EC_group_fp * group);
+
+/* Performs tidying on a short multi-precision floating point integer (the 
+ * lower group->numDoubles floats). */
+void ecfp_tidyShort(double *t, const EC_group_fp * group);
+
+/* Performs a more mathematically precise "tidying" so that each term is
+ * positive.  This is slower than the regular tidying, and is used for
+ * conversion from floating point to integer. */
+void ecfp_positiveTidy(double *t, const EC_group_fp * group);
+
+/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
+ * a, b and p are the elliptic curve coefficients and the prime that
+ * determines the field GFp.  Elliptic curve points P and R can be
+ * identical.  Uses mixed Jacobian-affine coordinates. Uses 4-bit window
+ * method. */
+mp_err
+ ec_GFp_point_mul_jac_4w_fp(const mp_int *n, const mp_int *px,
+							const mp_int *py, mp_int *rx, mp_int *ry,
+							const ECGroup *ecgroup);
+
+/* Computes R = nP where R is (rx, ry) and P is the base point. The
+ * parameters a, b and p are the elliptic curve coefficients and the prime 
+ * that determines the field GFp.  Elliptic curve points P and R can be
+ * identical.  Uses mixed Jacobian-affine coordinates (Jacobian
+ * coordinates for doubles and affine coordinates for additions; based on
+ * recommendation from Brown et al.). Uses window NAF method (algorithm
+ * 11) for scalar-point multiplication from Brown, Hankerson, Lopez,
+ * Menezes. Software Implementation of the NIST Elliptic Curves Over Prime
+ * Fields. */
+mp_err ec_GFp_point_mul_wNAF_fp(const mp_int *n, const mp_int *px,
+								const mp_int *py, mp_int *rx, mp_int *ry,
+								const ECGroup *ecgroup);
+
+/* Uses mixed Jacobian-affine coordinates to perform a point
+ * multiplication: R = n * P, n scalar. Uses mixed Jacobian-affine
+ * coordinates (Jacobian coordinates for doubles and affine coordinates
+ * for additions; based on recommendation from Brown et al.). Not very
+ * time efficient but quite space efficient, no precomputation needed.
+ * group contains the elliptic curve coefficients and the prime that
+ * determines the field GFp.  Elliptic curve points P and R can be
+ * identical. Performs calculations in floating point number format, since 
+ * this is faster than the integer operations on the ULTRASPARC III.
+ * Uses left-to-right binary method (double & add) (algorithm 9) for
+ * scalar-point multiplication from Brown, Hankerson, Lopez, Menezes.
+ * Software Implementation of the NIST Elliptic Curves Over Prime Fields. */
+mp_err
+ ec_GFp_pt_mul_jac_fp(const mp_int *n, const mp_int *px, const mp_int *py,
+					  mp_int *rx, mp_int *ry, const ECGroup *ecgroup);
+
+/* Cleans up extra memory allocated in ECGroup for this implementation. */
+void ec_GFp_extra_free_fp(ECGroup *group);
+
+/* Converts from a floating point representation into an mp_int. Expects
+ * that d is already reduced. */
+void
+ ecfp_fp2i(mp_int *mpout, double *d, const ECGroup *ecgroup);
+
+/* Converts from an mpint into a floating point representation. */
+void
+ ecfp_i2fp(double *out, const mp_int *x, const ECGroup *ecgroup);
+
+/* Tests what precision floating point arithmetic is set to. This should
+ * be either a 53-bit mantissa (IEEE standard) or a 64-bit mantissa
+ * (extended precision on x86) and sets it into the EC_group_fp. Returns
+ * either 53 or 64 accordingly. */
+int ec_set_fp_precision(EC_group_fp * group);
+
+#endif
diff --git a/security/nss/lib/freebl/ecl/ecp_fp160.c b/security/nss/lib/freebl/ecl/ecp_fp160.c
new file mode 100644
index 000000000..8721579f2
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ecp_fp160.c
@@ -0,0 +1,179 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library for prime field curves using floating point operations.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Stephen Fung <fungstep@hotmail.com>, Sun Microsystems Laboratories
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "ecp_fp.h"
+#include <stdlib.h>
+
+#define ECFP_BSIZE 160
+#define ECFP_NUMDOUBLES 7
+
+#include "ecp_fpinc.c"
+
+/* Performs a single step of reduction, just on the uppermost float
+ * (assumes already tidied), and then retidies. Note, this does not
+ * guarantee that the result will be less than p, but truncates the number 
+ * of bits. */
+void
+ecfp160_singleReduce(double *d, const EC_group_fp * group)
+{
+	double q;
+
+	ECFP_ASSERT(group->doubleBitSize == 24);
+	ECFP_ASSERT(group->primeBitSize == 160);
+	ECFP_ASSERT(ECFP_NUMDOUBLES == 7);
+
+	q = d[ECFP_NUMDOUBLES - 1] - ecfp_beta_160;
+	q += group->bitSize_alpha;
+	q -= group->bitSize_alpha;
+
+	d[ECFP_NUMDOUBLES - 1] -= q;
+	d[0] += q * ecfp_twom160;
+	d[1] += q * ecfp_twom129;
+	ecfp_positiveTidy(d, group);
+
+	/* Assertions for the highest order term */
+	ECFP_ASSERT(d[ECFP_NUMDOUBLES - 1] / ecfp_exp[ECFP_NUMDOUBLES - 1] ==
+				(unsigned long long) (d[ECFP_NUMDOUBLES - 1] /
+									  ecfp_exp[ECFP_NUMDOUBLES - 1]));
+	ECFP_ASSERT(d[ECFP_NUMDOUBLES - 1] >= 0);
+}
+
+/* Performs imperfect reduction.  This might leave some negative terms,
+ * and one more reduction might be required for the result to be between 0 
+ * and p-1. x should not already be reduced, i.e. should have
+ * 2*ECFP_NUMDOUBLES significant terms. x and r can be the same, but then
+ * the upper parts of r are not zeroed */
+void
+ecfp160_reduce(double *r, double *x, const EC_group_fp * group)
+{
+
+	double x7, x8, q;
+
+	ECFP_ASSERT(group->doubleBitSize == 24);
+	ECFP_ASSERT(group->primeBitSize == 160);
+	ECFP_ASSERT(ECFP_NUMDOUBLES == 7);
+
+	/* Tidy just the upper bits, the lower bits can wait. */
+	ecfp_tidyUpper(x, group);
+
+	/* Assume that this is already tidied so that we have enough extra
+	 * bits */
+	x7 = x[7] + x[13] * ecfp_twom129;	/* adds bits 15-39 */
+
+	/* Tidy x7, or we won't have enough bits later to add it in */
+	q = x7 + group->alpha[8];
+	q -= group->alpha[8];
+	x7 -= q;					/* holds bits 0-24 */
+	x8 = x[8] + q;				/* holds bits 0-25 */
+
+	r[6] = x[6] + x[13] * ecfp_twom160 + x[12] * ecfp_twom129;	/* adds
+																 * bits
+																 * 8-39 */
+	r[5] = x[5] + x[12] * ecfp_twom160 + x[11] * ecfp_twom129;
+	r[4] = x[4] + x[11] * ecfp_twom160 + x[10] * ecfp_twom129;
+	r[3] = x[3] + x[10] * ecfp_twom160 + x[9] * ecfp_twom129;
+	r[2] = x[2] + x[9] * ecfp_twom160 + x8 * ecfp_twom129;	/* adds bits
+															 * 8-40 */
+	r[1] = x[1] + x8 * ecfp_twom160 + x7 * ecfp_twom129;	/* adds bits
+															 * 8-39 */
+	r[0] = x[0] + x7 * ecfp_twom160;
+
+	/* Tidy up just r[ECFP_NUMDOUBLES-2] so that the number of reductions
+	 * is accurate plus or minus one.  (Rather than tidy all to make it
+	 * totally accurate, which is more costly.) */
+	q = r[ECFP_NUMDOUBLES - 2] + group->alpha[ECFP_NUMDOUBLES - 1];
+	q -= group->alpha[ECFP_NUMDOUBLES - 1];
+	r[ECFP_NUMDOUBLES - 2] -= q;
+	r[ECFP_NUMDOUBLES - 1] += q;
+
+	/* Tidy up the excess bits on r[ECFP_NUMDOUBLES-1] using reduction */
+	/* Use ecfp_beta so we get a positive result */
+	q = r[ECFP_NUMDOUBLES - 1] - ecfp_beta_160;
+	q += group->bitSize_alpha;
+	q -= group->bitSize_alpha;
+
+	r[ECFP_NUMDOUBLES - 1] -= q;
+	r[0] += q * ecfp_twom160;
+	r[1] += q * ecfp_twom129;
+
+	/* Tidy the result */
+	ecfp_tidyShort(r, group);
+}
+
+/* Sets group to use optimized calculations in this file */
+mp_err
+ec_group_set_secp160r1_fp(ECGroup *group)
+{
+
+	EC_group_fp *fpg = NULL;
+
+	/* Allocate memory for floating point group data */
+	fpg = (EC_group_fp *) malloc(sizeof(EC_group_fp));
+	if (fpg == NULL) {
+		return MP_MEM;
+	}
+
+	fpg->numDoubles = ECFP_NUMDOUBLES;
+	fpg->primeBitSize = ECFP_BSIZE;
+	fpg->orderBitSize = 161;
+	fpg->doubleBitSize = 24;
+	fpg->numInts = (ECFP_BSIZE + ECL_BITS - 1) / ECL_BITS;
+	fpg->aIsM3 = 1;
+	fpg->ecfp_singleReduce = &ecfp160_singleReduce;
+	fpg->ecfp_reduce = &ecfp160_reduce;
+	fpg->ecfp_tidy = &ecfp_tidy;
+
+	fpg->pt_add_jac_aff = &ecfp160_pt_add_jac_aff;
+	fpg->pt_add_jac = &ecfp160_pt_add_jac;
+	fpg->pt_add_jm_chud = &ecfp160_pt_add_jm_chud;
+	fpg->pt_add_chud = &ecfp160_pt_add_chud;
+	fpg->pt_dbl_jac = &ecfp160_pt_dbl_jac;
+	fpg->pt_dbl_jm = &ecfp160_pt_dbl_jm;
+	fpg->pt_dbl_aff2chud = &ecfp160_pt_dbl_aff2chud;
+	fpg->precompute_chud = &ecfp160_precompute_chud;
+	fpg->precompute_jac = &ecfp160_precompute_jac;
+
+	group->point_mul = &ec_GFp_point_mul_wNAF_fp;
+	group->points_mul = &ec_pts_mul_basic;
+	group->extra1 = fpg;
+	group->extra_free = &ec_GFp_extra_free_fp;
+
+	ec_set_fp_precision(fpg);
+	fpg->bitSize_alpha = ECFP_TWO160 * fpg->alpha[0];
+	return MP_OKAY;
+}
diff --git a/security/nss/lib/freebl/ecl/ecp_fp192.c b/security/nss/lib/freebl/ecl/ecp_fp192.c
new file mode 100644
index 000000000..b5ee533e0
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ecp_fp192.c
@@ -0,0 +1,177 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library for prime field curves using floating point operations.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Stephen Fung <fungstep@hotmail.com>, Sun Microsystems Laboratories
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "ecp_fp.h"
+#include <stdlib.h>
+
+#define ECFP_BSIZE 192
+#define ECFP_NUMDOUBLES 8
+
+#include "ecp_fpinc.c"
+
+/* Performs a single step of reduction, just on the uppermost float
+ * (assumes already tidied), and then retidies. Note, this does not
+ * guarantee that the result will be less than p. */
+void
+ecfp192_singleReduce(double *d, const EC_group_fp * group)
+{
+	double q;
+
+	ECFP_ASSERT(group->doubleBitSize == 24);
+	ECFP_ASSERT(group->primeBitSize == 192);
+	ECFP_ASSERT(group->numDoubles == 8);
+
+	q = d[ECFP_NUMDOUBLES - 1] - ecfp_beta_192;
+	q += group->bitSize_alpha;
+	q -= group->bitSize_alpha;
+
+	d[ECFP_NUMDOUBLES - 1] -= q;
+	d[0] += q * ecfp_twom192;
+	d[2] += q * ecfp_twom128;
+	ecfp_positiveTidy(d, group);
+}
+
+/* 
+ * Performs imperfect reduction.  This might leave some negative terms,
+ * and one more reduction might be required for the result to be between 0 
+ * and p-1. x should be be an array of at least 16, and r at least 8 x and 
+ * r can be the same, but then the upper parts of r are not zeroed */
+void
+ecfp_reduce_192(double *r, double *x, const EC_group_fp * group)
+{
+	double x8, x9, x10, q;
+
+	ECFP_ASSERT(group->doubleBitSize == 24);
+	ECFP_ASSERT(group->primeBitSize == 192);
+	ECFP_ASSERT(group->numDoubles == 8);
+
+	/* Tidy just the upper portion, the lower part can wait */
+	ecfp_tidyUpper(x, group);
+
+	x8 = x[8] + x[14] * ecfp_twom128;	/* adds bits 16-40 */
+	x9 = x[9] + x[15] * ecfp_twom128;	/* adds bits 16-40 */
+
+	/* Tidy up, or we won't have enough bits later to add it in */
+
+	q = x8 + group->alpha[9];
+	q -= group->alpha[9];
+	x8 -= q;
+	x9 += q;
+
+	q = x9 + group->alpha[10];
+	q -= group->alpha[10];
+	x9 -= q;
+	x10 = x[10] + q;
+
+	r[7] = x[7] + x[15] * ecfp_twom192 + x[13] * ecfp_twom128;	/* adds
+																 * bits
+																 * 0-40 */
+	r[6] = x[6] + x[14] * ecfp_twom192 + x[12] * ecfp_twom128;
+	r[5] = x[5] + x[13] * ecfp_twom192 + x[11] * ecfp_twom128;
+	r[4] = x[4] + x[12] * ecfp_twom192 + x10 * ecfp_twom128;
+	r[3] = x[3] + x[11] * ecfp_twom192 + x9 * ecfp_twom128;	/* adds bits
+															 * 0-40 */
+	r[2] = x[2] + x10 * ecfp_twom192 + x8 * ecfp_twom128;
+	r[1] = x[1] + x9 * ecfp_twom192;	/* adds bits 16-40 */
+	r[0] = x[0] + x8 * ecfp_twom192;
+
+	/* 
+	 * Tidy up just r[group->numDoubles-2] so that the number of
+	 * reductions is accurate plus or minus one.  (Rather than tidy all to 
+	 * make it totally accurate) */
+	q = r[ECFP_NUMDOUBLES - 2] + group->alpha[ECFP_NUMDOUBLES - 1];
+	q -= group->alpha[ECFP_NUMDOUBLES - 1];
+	r[ECFP_NUMDOUBLES - 2] -= q;
+	r[ECFP_NUMDOUBLES - 1] += q;
+
+	/* Tidy up the excess bits on r[group->numDoubles-1] using reduction */
+	/* Use ecfp_beta so we get a positive res */
+	q = r[ECFP_NUMDOUBLES - 1] - ecfp_beta_192;
+	q += group->bitSize_alpha;
+	q -= group->bitSize_alpha;
+
+	r[ECFP_NUMDOUBLES - 1] -= q;
+	r[0] += q * ecfp_twom192;
+	r[2] += q * ecfp_twom128;
+
+	/* Tidy the result */
+	ecfp_tidyShort(r, group);
+}
+
+/* Sets group to use optimized calculations in this file */
+mp_err
+ec_group_set_nistp192_fp(ECGroup *group)
+{
+	EC_group_fp *fpg;
+
+	/* Allocate memory for floating point group data */
+	fpg = (EC_group_fp *) malloc(sizeof(EC_group_fp));
+	if (fpg == NULL) {
+		return MP_MEM;
+	}
+
+	fpg->numDoubles = ECFP_NUMDOUBLES;
+	fpg->primeBitSize = ECFP_BSIZE;
+	fpg->orderBitSize = 192;
+	fpg->doubleBitSize = 24;
+	fpg->numInts = (ECFP_BSIZE + ECL_BITS - 1) / ECL_BITS;
+	fpg->aIsM3 = 1;
+	fpg->ecfp_singleReduce = &ecfp192_singleReduce;
+	fpg->ecfp_reduce = &ecfp_reduce_192;
+	fpg->ecfp_tidy = &ecfp_tidy;
+
+	fpg->pt_add_jac_aff = &ecfp192_pt_add_jac_aff;
+	fpg->pt_add_jac = &ecfp192_pt_add_jac;
+	fpg->pt_add_jm_chud = &ecfp192_pt_add_jm_chud;
+	fpg->pt_add_chud = &ecfp192_pt_add_chud;
+	fpg->pt_dbl_jac = &ecfp192_pt_dbl_jac;
+	fpg->pt_dbl_jm = &ecfp192_pt_dbl_jm;
+	fpg->pt_dbl_aff2chud = &ecfp192_pt_dbl_aff2chud;
+	fpg->precompute_chud = &ecfp192_precompute_chud;
+	fpg->precompute_jac = &ecfp192_precompute_jac;
+
+	group->point_mul = &ec_GFp_point_mul_wNAF_fp;
+	group->points_mul = &ec_pts_mul_basic;
+	group->extra1 = fpg;
+	group->extra_free = &ec_GFp_extra_free_fp;
+
+	ec_set_fp_precision(fpg);
+	fpg->bitSize_alpha = ECFP_TWO192 * fpg->alpha[0];
+
+	return MP_OKAY;
+}
diff --git a/security/nss/lib/freebl/ecl/ecp_fp224.c b/security/nss/lib/freebl/ecl/ecp_fp224.c
new file mode 100644
index 000000000..e1ee536cc
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ecp_fp224.c
@@ -0,0 +1,190 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library for prime field curves using floating point operations.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Stephen Fung <fungstep@hotmail.com>, Sun Microsystems Laboratories
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "ecp_fp.h"
+#include <stdlib.h>
+
+#define ECFP_BSIZE 224
+#define ECFP_NUMDOUBLES 10
+
+#include "ecp_fpinc.c"
+
+/* Performs a single step of reduction, just on the uppermost float
+ * (assumes already tidied), and then retidies. Note, this does not
+ * guarantee that the result will be less than p. */
+void
+ecfp224_singleReduce(double *r, const EC_group_fp * group)
+{
+	double q;
+
+	ECFP_ASSERT(group->doubleBitSize == 24);
+	ECFP_ASSERT(group->primeBitSize == 224);
+	ECFP_ASSERT(group->numDoubles == 10);
+
+	q = r[ECFP_NUMDOUBLES - 1] - ecfp_beta_224;
+	q += group->bitSize_alpha;
+	q -= group->bitSize_alpha;
+
+	r[ECFP_NUMDOUBLES - 1] -= q;
+	r[0] -= q * ecfp_twom224;
+	r[4] += q * ecfp_twom128;
+
+	ecfp_positiveTidy(r, group);
+}
+
+/* 
+ * Performs imperfect reduction.  This might leave some negative terms,
+ * and one more reduction might be required for the result to be between 0 
+ * and p-1. x should be be an array of at least 20, and r at least 10 x
+ * and r can be the same, but then the upper parts of r are not zeroed */
+void
+ecfp224_reduce(double *r, double *x, const EC_group_fp * group)
+{
+
+	double x10, x11, x12, x13, x14, q;
+
+	ECFP_ASSERT(group->doubleBitSize == 24);
+	ECFP_ASSERT(group->primeBitSize == 224);
+	ECFP_ASSERT(group->numDoubles == 10);
+
+	/* Tidy just the upper bits of x.  Don't need to tidy the lower ones
+	 * yet. */
+	ecfp_tidyUpper(x, group);
+
+	x10 = x[10] + x[16] * ecfp_twom128;
+	x11 = x[11] + x[17] * ecfp_twom128;
+	x12 = x[12] + x[18] * ecfp_twom128;
+	x13 = x[13] + x[19] * ecfp_twom128;
+
+	/* Tidy up, or we won't have enough bits later to add it in */
+	q = x10 + group->alpha[11];
+	q -= group->alpha[11];
+	x10 -= q;
+	x11 = x11 + q;
+
+	q = x11 + group->alpha[12];
+	q -= group->alpha[12];
+	x11 -= q;
+	x12 = x12 + q;
+
+	q = x12 + group->alpha[13];
+	q -= group->alpha[13];
+	x12 -= q;
+	x13 = x13 + q;
+
+	q = x13 + group->alpha[14];
+	q -= group->alpha[14];
+	x13 -= q;
+	x14 = x[14] + q;
+
+	r[9] = x[9] + x[15] * ecfp_twom128 - x[19] * ecfp_twom224;
+	r[8] = x[8] + x14 * ecfp_twom128 - x[18] * ecfp_twom224;
+	r[7] = x[7] + x13 * ecfp_twom128 - x[17] * ecfp_twom224;
+	r[6] = x[6] + x12 * ecfp_twom128 - x[16] * ecfp_twom224;
+	r[5] = x[5] + x11 * ecfp_twom128 - x[15] * ecfp_twom224;
+	r[4] = x[4] + x10 * ecfp_twom128 - x14 * ecfp_twom224;
+	r[3] = x[3] - x13 * ecfp_twom224;
+	r[2] = x[2] - x12 * ecfp_twom224;
+	r[1] = x[1] - x11 * ecfp_twom224;
+	r[0] = x[0] - x10 * ecfp_twom224;
+
+	/* 
+	 * Tidy up just r[ECFP_NUMDOUBLES-2] so that the number of reductions
+	 * is accurate plus or minus one.  (Rather than tidy all to make it
+	 * totally accurate) */
+	q = r[ECFP_NUMDOUBLES - 2] + group->alpha[ECFP_NUMDOUBLES - 1];
+	q -= group->alpha[ECFP_NUMDOUBLES - 1];
+	r[ECFP_NUMDOUBLES - 2] -= q;
+	r[ECFP_NUMDOUBLES - 1] += q;
+
+	/* Tidy up the excess bits on r[ECFP_NUMDOUBLES-1] using reduction */
+	/* Use ecfp_beta so we get a positive res */
+	q = r[ECFP_NUMDOUBLES - 1] - ecfp_beta_224;
+	q += group->bitSize_alpha;
+	q -= group->bitSize_alpha;
+
+	r[ECFP_NUMDOUBLES - 1] -= q;
+	r[0] -= q * ecfp_twom224;
+	r[4] += q * ecfp_twom128;
+
+	ecfp_tidyShort(r, group);
+}
+
+/* Sets group to use optimized calculations in this file */
+mp_err
+ec_group_set_nistp224_fp(ECGroup *group)
+{
+
+	EC_group_fp *fpg;
+
+	/* Allocate memory for floating point group data */
+	fpg = (EC_group_fp *) malloc(sizeof(EC_group_fp));
+	if (fpg == NULL) {
+		return MP_MEM;
+	}
+
+	fpg->numDoubles = ECFP_NUMDOUBLES;
+	fpg->primeBitSize = ECFP_BSIZE;
+	fpg->orderBitSize = 224;
+	fpg->doubleBitSize = 24;
+	fpg->numInts = (ECFP_BSIZE + ECL_BITS - 1) / ECL_BITS;
+	fpg->aIsM3 = 1;
+	fpg->ecfp_singleReduce = &ecfp224_singleReduce;
+	fpg->ecfp_reduce = &ecfp224_reduce;
+	fpg->ecfp_tidy = &ecfp_tidy;
+
+	fpg->pt_add_jac_aff = &ecfp224_pt_add_jac_aff;
+	fpg->pt_add_jac = &ecfp224_pt_add_jac;
+	fpg->pt_add_jm_chud = &ecfp224_pt_add_jm_chud;
+	fpg->pt_add_chud = &ecfp224_pt_add_chud;
+	fpg->pt_dbl_jac = &ecfp224_pt_dbl_jac;
+	fpg->pt_dbl_jm = &ecfp224_pt_dbl_jm;
+	fpg->pt_dbl_aff2chud = &ecfp224_pt_dbl_aff2chud;
+	fpg->precompute_chud = &ecfp224_precompute_chud;
+	fpg->precompute_jac = &ecfp224_precompute_jac;
+
+	group->point_mul = &ec_GFp_point_mul_wNAF_fp;
+	group->points_mul = &ec_pts_mul_basic;
+	group->extra1 = fpg;
+	group->extra_free = &ec_GFp_extra_free_fp;
+
+	ec_set_fp_precision(fpg);
+	fpg->bitSize_alpha = ECFP_TWO224 * fpg->alpha[0];
+
+	return MP_OKAY;
+}
diff --git a/security/nss/lib/freebl/ecl/ecp_fpinc.c b/security/nss/lib/freebl/ecl/ecp_fpinc.c
new file mode 100644
index 000000000..61b16ff28
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ecp_fpinc.c
@@ -0,0 +1,855 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library for prime field curves using floating point operations.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Stephen Fung <fungstep@hotmail.com>, Sun Microsystems Laboratories
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+/* This source file is meant to be included by other source files
+ * (ecp_fp###.c, where ### is one of 160, 192, 224) and should not
+ * constitute an independent compilation unit. It requires the following
+ * preprocessor definitions be made: ECFP_BSIZE - the number of bits in
+ * the field's prime 
+ * ECFP_NUMDOUBLES - the number of doubles to store one
+ * multi-precision integer in floating point 
+
+/* Adds a prefix to a given token to give a unique token name. Prefixes
+ * with "ecfp" + ECFP_BSIZE + "_". e.g. if ECFP_BSIZE = 160, then
+ * PREFIX(hello) = ecfp160_hello This optimization allows static function
+ * linking and compiler loop unrolling without code duplication. */
+#ifndef PREFIX
+#define PREFIX(b) PREFIX1(ECFP_BSIZE, b)
+#define PREFIX1(bsize, b) PREFIX2(bsize, b)
+#define PREFIX2(bsize, b) ecfp ## bsize ## _ ## b
+#endif
+
+/* Returns true iff every double in d is 0. (If d == 0 and it is tidied,
+ * this will be true.) */
+mp_err PREFIX(isZero) (const double *d) {
+	int i;
+
+	for (i = 0; i < ECFP_NUMDOUBLES; i++) {
+		if (d[i] != 0)
+			return MP_NO;
+	}
+	return MP_YES;
+}
+
+/* Sets the multi-precision floating point number at t = 0 */
+void PREFIX(zero) (double *t) {
+	int i;
+
+	for (i = 0; i < ECFP_NUMDOUBLES; i++) {
+		t[i] = 0;
+	}
+}
+
+/* Sets the multi-precision floating point number at t = 1 */
+void PREFIX(one) (double *t) {
+	int i;
+
+	t[0] = 1;
+	for (i = 1; i < ECFP_NUMDOUBLES; i++) {
+		t[i] = 0;
+	}
+}
+
+/* Checks if point P(x, y, z) is at infinity. Uses Jacobian coordinates. */
+mp_err PREFIX(pt_is_inf_jac) (const ecfp_jac_pt * p) {
+	return PREFIX(isZero) (p->z);
+}
+
+/* Sets the Jacobian point P to be at infinity. */
+void PREFIX(set_pt_inf_jac) (ecfp_jac_pt * p) {
+	PREFIX(zero) (p->z);
+}
+
+/* Checks if point P(x, y) is at infinity. Uses Affine coordinates. */
+mp_err PREFIX(pt_is_inf_aff) (const ecfp_aff_pt * p) {
+	if (PREFIX(isZero) (p->x) == MP_YES && PREFIX(isZero) (p->y) == MP_YES)
+		return MP_YES;
+	return MP_NO;
+}
+
+/* Sets the affine point P to be at infinity. */
+void PREFIX(set_pt_inf_aff) (ecfp_aff_pt * p) {
+	PREFIX(zero) (p->x);
+	PREFIX(zero) (p->y);
+}
+
+/* Checks if point P(x, y, z, a*z^4) is at infinity. Uses Modified
+ * Jacobian coordinates. */
+mp_err PREFIX(pt_is_inf_jm) (const ecfp_jm_pt * p) {
+	return PREFIX(isZero) (p->z);
+}
+
+/* Sets the Modified Jacobian point P to be at infinity. */
+void PREFIX(set_pt_inf_jm) (ecfp_jm_pt * p) {
+	PREFIX(zero) (p->z);
+}
+
+/* Checks if point P(x, y, z, z^2, z^3) is at infinity. Uses Chudnovsky
+ * Jacobian coordinates */
+mp_err PREFIX(pt_is_inf_chud) (const ecfp_chud_pt * p) {
+	return PREFIX(isZero) (p->z);
+}
+
+/* Sets the Chudnovsky Jacobian point P to be at infinity. */
+void PREFIX(set_pt_inf_chud) (ecfp_chud_pt * p) {
+	PREFIX(zero) (p->z);
+}
+
+/* Copies a multi-precision floating point number, Setting dest = src */
+void PREFIX(copy) (double *dest, const double *src) {
+	int i;
+
+	for (i = 0; i < ECFP_NUMDOUBLES; i++) {
+		dest[i] = src[i];
+	}
+}
+
+/* Sets dest = -src */
+void PREFIX(negLong) (double *dest, const double *src) {
+	int i;
+
+	for (i = 0; i < 2 * ECFP_NUMDOUBLES; i++) {
+		dest[i] = -src[i];
+	}
+}
+
+/* Sets r = -p p = (x, y, z, z2, z3) r = (x, -y, z, z2, z3) Uses
+ * Chudnovsky Jacobian coordinates. */
+/* TODO reverse order */
+void PREFIX(pt_neg_chud) (const ecfp_chud_pt * p, ecfp_chud_pt * r) {
+	int i;
+
+	PREFIX(copy) (r->x, p->x);
+	PREFIX(copy) (r->z, p->z);
+	PREFIX(copy) (r->z2, p->z2);
+	PREFIX(copy) (r->z3, p->z3);
+	for (i = 0; i < ECFP_NUMDOUBLES; i++) {
+		r->y[i] = -p->y[i];
+	}
+}
+
+/* Computes r = x + y. Does not tidy or reduce. Any combinations of r, x,
+ * y can point to the same data. Componentwise adds first ECFP_NUMDOUBLES
+ * doubles of x and y and stores the result in r. */
+void PREFIX(addShort) (double *r, const double *x, const double *y) {
+	int i;
+
+	for (i = 0; i < ECFP_NUMDOUBLES; i++) {
+		*r++ = *x++ + *y++;
+	}
+}
+
+/* Computes r = x + y. Does not tidy or reduce. Any combinations of r, x,
+ * y can point to the same data. Componentwise adds first
+ * 2*ECFP_NUMDOUBLES doubles of x and y and stores the result in r. */
+void PREFIX(addLong) (double *r, const double *x, const double *y) {
+	int i;
+
+	for (i = 0; i < 2 * ECFP_NUMDOUBLES; i++) {
+		*r++ = *x++ + *y++;
+	}
+}
+
+/* Computes r = x - y. Does not tidy or reduce. Any combinations of r, x,
+ * y can point to the same data. Componentwise subtracts first
+ * ECFP_NUMDOUBLES doubles of x and y and stores the result in r. */
+void PREFIX(subtractShort) (double *r, const double *x, const double *y) {
+	int i;
+
+	for (i = 0; i < ECFP_NUMDOUBLES; i++) {
+		*r++ = *x++ - *y++;
+	}
+}
+
+/* Computes r = x - y. Does not tidy or reduce. Any combinations of r, x,
+ * y can point to the same data. Componentwise subtracts first
+ * 2*ECFP_NUMDOUBLES doubles of x and y and stores the result in r. */
+void PREFIX(subtractLong) (double *r, const double *x, const double *y) {
+	int i;
+
+	for (i = 0; i < 2 * ECFP_NUMDOUBLES; i++) {
+		*r++ = *x++ - *y++;
+	}
+}
+
+/* Computes r = x*y.  Both x and y should be tidied and reduced,
+ * r must be different (point to different memory) than x and y.
+ * Does not tidy or reduce. */
+void PREFIX(multiply)(double *r, const double *x, const double *y) {
+	int i, j;
+
+	for(j=0;j<ECFP_NUMDOUBLES-1;j++) {
+		r[j] = x[0] * y[j];
+		r[j+(ECFP_NUMDOUBLES-1)] = x[ECFP_NUMDOUBLES-1] * y[j];
+	}
+	r[ECFP_NUMDOUBLES-1] = x[0] * y[ECFP_NUMDOUBLES-1];
+	r[ECFP_NUMDOUBLES-1] += x[ECFP_NUMDOUBLES-1] * y[0];
+	r[2*ECFP_NUMDOUBLES-2] = x[ECFP_NUMDOUBLES-1] * y[ECFP_NUMDOUBLES-1];
+	r[2*ECFP_NUMDOUBLES-1] = 0;
+	
+	for(i=1;i<ECFP_NUMDOUBLES-1;i++) {
+		for(j=0;j<ECFP_NUMDOUBLES;j++) {
+			r[i+j] += (x[i] * y[j]);
+		}
+	}
+}
+
+/* Computes the square of x and stores the result in r.  x should be
+ * tidied & reduced, r will be neither tidied nor reduced. 
+ * r should point to different memory than x */
+void PREFIX(square) (double *r, const double *x) {
+	PREFIX(multiply) (r, x, x);
+}
+
+/* Perform a point doubling in Jacobian coordinates. Input and output
+ * should be multi-precision floating point integers. */
+void PREFIX(pt_dbl_jac) (const ecfp_jac_pt * dp, ecfp_jac_pt * dr,
+						 const EC_group_fp * group) {
+	double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES],
+		M[2 * ECFP_NUMDOUBLES], S[2 * ECFP_NUMDOUBLES];
+
+	/* Check for point at infinity */
+	if (PREFIX(pt_is_inf_jac) (dp) == MP_YES) {
+		/* Set r = pt at infinity */
+		PREFIX(set_pt_inf_jac) (dr);
+		goto CLEANUP;
+	}
+
+	/* Perform typical point doubling operations */
+
+	/* TODO? is it worthwhile to do optimizations for when pz = 1? */
+
+	if (group->aIsM3) {
+		/* When a = -3, M = 3(px - pz^2)(px + pz^2) */
+		PREFIX(square) (t1, dp->z);
+		group->ecfp_reduce(t1, t1, group);	/* 2^23 since the negative
+											 * rounding buys another bit */
+		PREFIX(addShort) (t0, dp->x, t1);	/* 2*2^23 */
+		PREFIX(subtractShort) (t1, dp->x, t1);	/* 2 * 2^23 */
+		PREFIX(multiply) (M, t0, t1);	/* 40 * 2^46 */
+		PREFIX(addLong) (t0, M, M);	/* 80 * 2^46 */
+		PREFIX(addLong) (M, t0, M);	/* 120 * 2^46 < 2^53 */
+		group->ecfp_reduce(M, M, group);
+	} else {
+		/* Generic case */
+		/* M = 3 (px^2) + a*(pz^4) */
+		PREFIX(square) (t0, dp->x);
+		PREFIX(addLong) (M, t0, t0);
+		PREFIX(addLong) (t0, t0, M);	/* t0 = 3(px^2) */
+		PREFIX(square) (M, dp->z);
+		group->ecfp_reduce(M, M, group);
+		PREFIX(square) (t1, M);
+		group->ecfp_reduce(t1, t1, group);
+		PREFIX(multiply) (M, t1, group->curvea);	/* M = a(pz^4) */
+		PREFIX(addLong) (M, M, t0);
+		group->ecfp_reduce(M, M, group);
+	}
+
+	/* rz = 2 * py * pz */
+	PREFIX(multiply) (t1, dp->y, dp->z);
+	PREFIX(addLong) (t1, t1, t1);
+	group->ecfp_reduce(dr->z, t1, group);
+
+	/* t0 = 2y^2 */
+	PREFIX(square) (t0, dp->y);
+	group->ecfp_reduce(t0, t0, group);
+	PREFIX(addShort) (t0, t0, t0);
+
+	/* S = 4 * px * py^2 = 2 * px * t0 */
+	PREFIX(multiply) (S, dp->x, t0);
+	PREFIX(addLong) (S, S, S);
+	group->ecfp_reduce(S, S, group);
+
+	/* rx = M^2 - 2 * S */
+	PREFIX(square) (t1, M);
+	PREFIX(subtractShort) (t1, t1, S);
+	PREFIX(subtractShort) (t1, t1, S);
+	group->ecfp_reduce(dr->x, t1, group);
+
+	/* ry = M * (S - rx) - 8 * py^4 */
+	PREFIX(square) (t1, t0);	/* t1 = 4y^4 */
+	PREFIX(subtractShort) (S, S, dr->x);
+	PREFIX(multiply) (t0, M, S);
+	PREFIX(subtractLong) (t0, t0, t1);
+	PREFIX(subtractLong) (t0, t0, t1);
+	group->ecfp_reduce(dr->y, t0, group);
+
+  CLEANUP:
+	return;
+}
+
+/* Perform a point addition using coordinate system Jacobian + Affine ->
+ * Jacobian. Input and output should be multi-precision floating point
+ * integers. */
+void PREFIX(pt_add_jac_aff) (const ecfp_jac_pt * p, const ecfp_aff_pt * q,
+							 ecfp_jac_pt * r, const EC_group_fp * group) {
+	/* Temporary storage */
+	double A[2 * ECFP_NUMDOUBLES], B[2 * ECFP_NUMDOUBLES],
+		C[2 * ECFP_NUMDOUBLES], C2[2 * ECFP_NUMDOUBLES],
+		D[2 * ECFP_NUMDOUBLES], C3[2 * ECFP_NUMDOUBLES];
+
+	/* Check for point at infinity for p or q */
+	if (PREFIX(pt_is_inf_aff) (q) == MP_YES) {
+		PREFIX(copy) (r->x, p->x);
+		PREFIX(copy) (r->y, p->y);
+		PREFIX(copy) (r->z, p->z);
+		goto CLEANUP;
+	} else if (PREFIX(pt_is_inf_jac) (p) == MP_YES) {
+		PREFIX(copy) (r->x, q->x);
+		PREFIX(copy) (r->y, q->y);
+		/* Since the affine point is not infinity, we can set r->z = 1 */
+		PREFIX(one) (r->z);
+		goto CLEANUP;
+	}
+
+	/* Calculates c = qx * pz^2 - px d = (qy * b - py) rx = d^2 - c^3 + 2
+	 * (px * c^2) ry = d * (c-rx) - py*c^3 rz = c * pz */
+
+	/* A = pz^2, B = pz^3 */
+	PREFIX(square) (A, p->z);
+	group->ecfp_reduce(A, A, group);
+	PREFIX(multiply) (B, A, p->z);
+	group->ecfp_reduce(B, B, group);
+
+	/* C = qx * A - px */
+	PREFIX(multiply) (C, q->x, A);
+	PREFIX(subtractShort) (C, C, p->x);
+	group->ecfp_reduce(C, C, group);
+
+	/* D = qy * B - py */
+	PREFIX(multiply) (D, q->y, B);
+	PREFIX(subtractShort) (D, D, p->y);
+	group->ecfp_reduce(D, D, group);
+
+	/* C2 = C^2, C3 = C^3 */
+	PREFIX(square) (C2, C);
+	group->ecfp_reduce(C2, C2, group);
+	PREFIX(multiply) (C3, C2, C);
+	group->ecfp_reduce(C3, C3, group);
+
+	/* rz = A = pz * C */
+	PREFIX(multiply) (A, p->z, C);
+	group->ecfp_reduce(r->z, A, group);
+
+	/* C = px * C^2, untidied, unreduced */
+	PREFIX(multiply) (C, p->x, C2);
+
+	/* A = D^2, untidied, unreduced */
+	PREFIX(square) (A, D);
+
+	/* rx = B = A - C3 - C - C = D^2 - (C^3 + 2 * (px * C^2) */
+	PREFIX(subtractShort) (A, A, C3);
+	PREFIX(subtractLong) (A, A, C);
+	PREFIX(subtractLong) (A, A, C);
+	group->ecfp_reduce(r->x, A, group);
+
+	/* B = py * C3, untidied, unreduced */
+	PREFIX(multiply) (B, p->y, C3);
+
+	/* C = px * C^2 - rx */
+	PREFIX(subtractShort) (C, C, r->x);
+	group->ecfp_reduce(C, C, group);
+
+	/* ry = A = D * C - py * C^3 */
+	PREFIX(multiply) (A, D, C);
+	PREFIX(subtractLong) (A, A, B);
+	group->ecfp_reduce(r->y, A, group);
+
+  CLEANUP:
+	return;
+}
+
+/* Perform a point addition using Jacobian coordinate system. Input and
+ * output should be multi-precision floating point integers. */
+void PREFIX(pt_add_jac) (const ecfp_jac_pt * p, const ecfp_jac_pt * q,
+						 ecfp_jac_pt * r, const EC_group_fp * group) {
+
+	/* Temporary Storage */
+	double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES],
+		U[2 * ECFP_NUMDOUBLES], R[2 * ECFP_NUMDOUBLES],
+		S[2 * ECFP_NUMDOUBLES], H[2 * ECFP_NUMDOUBLES],
+		H3[2 * ECFP_NUMDOUBLES];
+
+	/* Check for point at infinity for p, if so set r = q */
+	if (PREFIX(pt_is_inf_jac) (p) == MP_YES) {
+		PREFIX(copy) (r->x, q->x);
+		PREFIX(copy) (r->y, q->y);
+		PREFIX(copy) (r->z, q->z);
+		goto CLEANUP;
+	}
+
+	/* Check for point at infinity for p, if so set r = q */
+	if (PREFIX(pt_is_inf_jac) (q) == MP_YES) {
+		PREFIX(copy) (r->x, p->x);
+		PREFIX(copy) (r->y, p->y);
+		PREFIX(copy) (r->z, p->z);
+		goto CLEANUP;
+	}
+
+	/* U = px * qz^2 , S = py * qz^3 */
+	PREFIX(square) (t0, q->z);
+	group->ecfp_reduce(t0, t0, group);
+	PREFIX(multiply) (U, p->x, t0);
+	group->ecfp_reduce(U, U, group);
+	PREFIX(multiply) (t1, t0, q->z);
+	group->ecfp_reduce(t1, t1, group);
+	PREFIX(multiply) (t0, p->y, t1);
+	group->ecfp_reduce(S, t0, group);
+
+	/* H = qx*(pz)^2 - U , R = (qy * pz^3 - S) */
+	PREFIX(square) (t0, p->z);
+	group->ecfp_reduce(t0, t0, group);
+	PREFIX(multiply) (H, q->x, t0);
+	PREFIX(subtractShort) (H, H, U);
+	group->ecfp_reduce(H, H, group);
+	PREFIX(multiply) (t1, t0, p->z);	/* t1 = pz^3 */
+	group->ecfp_reduce(t1, t1, group);
+	PREFIX(multiply) (t0, t1, q->y);	/* t0 = qy * pz^3 */
+	PREFIX(subtractShort) (t0, t0, S);
+	group->ecfp_reduce(R, t0, group);
+
+	/* U = U*H^2, H3 = H^3 */
+	PREFIX(square) (t0, H);
+	group->ecfp_reduce(t0, t0, group);
+	PREFIX(multiply) (t1, U, t0);
+	group->ecfp_reduce(U, t1, group);
+	PREFIX(multiply) (H3, t0, H);
+	group->ecfp_reduce(H3, H3, group);
+
+	/* rz = pz * qz * H */
+	PREFIX(multiply) (t0, q->z, H);
+	group->ecfp_reduce(t0, t0, group);
+	PREFIX(multiply) (t1, t0, p->z);
+	group->ecfp_reduce(r->z, t1, group);
+
+	/* rx = R^2 - H^3 - 2 * U */
+	PREFIX(square) (t0, R);
+	PREFIX(subtractShort) (t0, t0, H3);
+	PREFIX(subtractShort) (t0, t0, U);
+	PREFIX(subtractShort) (t0, t0, U);
+	group->ecfp_reduce(r->x, t0, group);
+
+	/* ry = R(U - rx) - S*H3 */
+	PREFIX(subtractShort) (t1, U, r->x);
+	PREFIX(multiply) (t0, t1, R);
+	PREFIX(multiply) (t1, S, H3);
+	PREFIX(subtractLong) (t1, t0, t1);
+	group->ecfp_reduce(r->y, t1, group);
+
+  CLEANUP:
+	return;
+}
+
+/* Perform a point doubling in Modified Jacobian coordinates. Input and
+ * output should be multi-precision floating point integers. */
+void PREFIX(pt_dbl_jm) (const ecfp_jm_pt * p, ecfp_jm_pt * r,
+						const EC_group_fp * group) {
+
+	/* Temporary storage */
+	double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES],
+		M[2 * ECFP_NUMDOUBLES], S[2 * ECFP_NUMDOUBLES],
+		U[2 * ECFP_NUMDOUBLES], T[2 * ECFP_NUMDOUBLES];
+
+	/* Check for point at infinity */
+	if (PREFIX(pt_is_inf_jm) (p) == MP_YES) {
+		/* Set r = pt at infinity by setting rz = 0 */
+		PREFIX(set_pt_inf_jm) (r);
+		goto CLEANUP;
+	}
+
+	/* M = 3 (px^2) + a*(pz^4) */
+	PREFIX(square) (t0, p->x);
+	PREFIX(addLong) (M, t0, t0);
+	PREFIX(addLong) (t0, t0, M);	/* t0 = 3(px^2) */
+	PREFIX(addShort) (t0, t0, p->az4);
+	group->ecfp_reduce(M, t0, group);
+
+	/* rz = 2 * py * pz */
+	PREFIX(multiply) (t1, p->y, p->z);
+	PREFIX(addLong) (t1, t1, t1);
+	group->ecfp_reduce(r->z, t1, group);
+
+	/* t0 = 2y^2, U = 8y^4 */
+	PREFIX(square) (t0, p->y);
+	group->ecfp_reduce(t0, t0, group);
+	PREFIX(addShort) (t0, t0, t0);
+	PREFIX(square) (U, t0);
+	group->ecfp_reduce(U, U, group);
+	PREFIX(addShort) (U, U, U);
+
+	/* S = 4 * px * py^2 = 2 * px * t0 */
+	PREFIX(multiply) (S, p->x, t0);
+	group->ecfp_reduce(S, S, group);
+	PREFIX(addShort) (S, S, S);
+
+	/* rx = M^2 - 2S */
+	PREFIX(square) (T, M);
+	PREFIX(subtractShort) (T, T, S);
+	PREFIX(subtractShort) (T, T, S);
+	group->ecfp_reduce(r->x, T, group);
+
+	/* ry = M * (S - rx) - U */
+	PREFIX(subtractShort) (S, S, r->x);
+	PREFIX(multiply) (t0, M, S);
+	PREFIX(subtractShort) (t0, t0, U);
+	group->ecfp_reduce(r->y, t0, group);
+
+	/* ra*z^4 = 2*U*(apz4) */
+	PREFIX(multiply) (t1, U, p->az4);
+	PREFIX(addLong) (t1, t1, t1);
+	group->ecfp_reduce(r->az4, t1, group);
+
+  CLEANUP:
+	return;
+}
+
+/* Perform a point doubling using coordinates Affine -> Chudnovsky
+ * Jacobian. Input and output should be multi-precision floating point
+ * integers. */
+void PREFIX(pt_dbl_aff2chud) (const ecfp_aff_pt * p, ecfp_chud_pt * r,
+							  const EC_group_fp * group) {
+	double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES],
+		M[2 * ECFP_NUMDOUBLES], twoY2[2 * ECFP_NUMDOUBLES],
+		S[2 * ECFP_NUMDOUBLES];
+
+	/* Check for point at infinity for p, if so set r = O */
+	if (PREFIX(pt_is_inf_aff) (p) == MP_YES) {
+		PREFIX(set_pt_inf_chud) (r);
+		goto CLEANUP;
+	}
+
+	/* M = 3(px)^2 + a */
+	PREFIX(square) (t0, p->x);
+	PREFIX(addLong) (t1, t0, t0);
+	PREFIX(addLong) (t1, t1, t0);
+	PREFIX(addShort) (t1, t1, group->curvea);
+	group->ecfp_reduce(M, t1, group);
+
+	/* twoY2 = 2*(py)^2, S = 4(px)(py)^2 */
+	PREFIX(square) (twoY2, p->y);
+	PREFIX(addLong) (twoY2, twoY2, twoY2);
+	group->ecfp_reduce(twoY2, twoY2, group);
+	PREFIX(multiply) (S, p->x, twoY2);
+	PREFIX(addLong) (S, S, S);
+	group->ecfp_reduce(S, S, group);
+
+	/* rx = M^2 - 2S */
+	PREFIX(square) (t0, M);
+	PREFIX(subtractShort) (t0, t0, S);
+	PREFIX(subtractShort) (t0, t0, S);
+	group->ecfp_reduce(r->x, t0, group);
+
+	/* ry = M(S-rx) - 8y^4 */
+	PREFIX(subtractShort) (t0, S, r->x);
+	PREFIX(multiply) (t1, t0, M);
+	PREFIX(square) (t0, twoY2);
+	PREFIX(subtractLong) (t1, t1, t0);
+	PREFIX(subtractLong) (t1, t1, t0);
+	group->ecfp_reduce(r->y, t1, group);
+
+	/* rz = 2py */
+	PREFIX(addShort) (r->z, p->y, p->y);
+
+	/* rz2 = rz^2 */
+	PREFIX(square) (t0, r->z);
+	group->ecfp_reduce(r->z2, t0, group);
+
+	/* rz3 = rz^3 */
+	PREFIX(multiply) (t0, r->z, r->z2);
+	group->ecfp_reduce(r->z3, t0, group);
+
+  CLEANUP:
+	return;
+}
+
+/* Perform a point addition using coordinates: Modified Jacobian +
+ * Chudnovsky Jacobian -> Modified Jacobian. Input and output should be
+ * multi-precision floating point integers. */
+void PREFIX(pt_add_jm_chud) (ecfp_jm_pt * p, ecfp_chud_pt * q,
+							 ecfp_jm_pt * r, const EC_group_fp * group) {
+
+	double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES],
+		U[2 * ECFP_NUMDOUBLES], R[2 * ECFP_NUMDOUBLES],
+		S[2 * ECFP_NUMDOUBLES], H[2 * ECFP_NUMDOUBLES],
+		H3[2 * ECFP_NUMDOUBLES], pz2[2 * ECFP_NUMDOUBLES];
+
+	/* Check for point at infinity for p, if so set r = q need to convert
+	 * from Chudnovsky form to Modified Jacobian form */
+	if (PREFIX(pt_is_inf_jm) (p) == MP_YES) {
+		PREFIX(copy) (r->x, q->x);
+		PREFIX(copy) (r->y, q->y);
+		PREFIX(copy) (r->z, q->z);
+		PREFIX(square) (t0, q->z2);
+		group->ecfp_reduce(t0, t0, group);
+		PREFIX(multiply) (t1, t0, group->curvea);
+		group->ecfp_reduce(r->az4, t1, group);
+		goto CLEANUP;
+	}
+	/* Check for point at infinity for q, if so set r = p */
+	if (PREFIX(pt_is_inf_chud) (q) == MP_YES) {
+		PREFIX(copy) (r->x, p->x);
+		PREFIX(copy) (r->y, p->y);
+		PREFIX(copy) (r->z, p->z);
+		PREFIX(copy) (r->az4, p->az4);
+		goto CLEANUP;
+	}
+
+	/* U = px * qz^2 */
+	PREFIX(multiply) (U, p->x, q->z2);
+	group->ecfp_reduce(U, U, group);
+
+	/* H = qx*(pz)^2 - U */
+	PREFIX(square) (t0, p->z);
+	group->ecfp_reduce(pz2, t0, group);
+	PREFIX(multiply) (H, pz2, q->x);
+	group->ecfp_reduce(H, H, group);
+	PREFIX(subtractShort) (H, H, U);
+
+	/* U = U*H^2, H3 = H^3 */
+	PREFIX(square) (t0, H);
+	group->ecfp_reduce(t0, t0, group);
+	PREFIX(multiply) (t1, U, t0);
+	group->ecfp_reduce(U, t1, group);
+	PREFIX(multiply) (H3, t0, H);
+	group->ecfp_reduce(H3, H3, group);
+
+	/* S = py * qz^3 */
+	PREFIX(multiply) (S, p->y, q->z3);
+	group->ecfp_reduce(S, S, group);
+
+	/* R = (qy * z1^3 - s) */
+	PREFIX(multiply) (t0, pz2, p->z);
+	group->ecfp_reduce(t0, t0, group);
+	PREFIX(multiply) (R, t0, q->y);
+	PREFIX(subtractShort) (R, R, S);
+	group->ecfp_reduce(R, R, group);
+
+	/* rz = pz * qz * H */
+	PREFIX(multiply) (t1, q->z, H);
+	group->ecfp_reduce(t1, t1, group);
+	PREFIX(multiply) (t0, p->z, t1);
+	group->ecfp_reduce(r->z, t0, group);
+
+	/* rx = R^2 - H^3 - 2 * U */
+	PREFIX(square) (t0, R);
+	PREFIX(subtractShort) (t0, t0, H3);
+	PREFIX(subtractShort) (t0, t0, U);
+	PREFIX(subtractShort) (t0, t0, U);
+	group->ecfp_reduce(r->x, t0, group);
+
+	/* ry = R(U - rx) - S*H3 */
+	PREFIX(subtractShort) (t1, U, r->x);
+	PREFIX(multiply) (t0, t1, R);
+	PREFIX(multiply) (t1, S, H3);
+	PREFIX(subtractLong) (t1, t0, t1);
+	group->ecfp_reduce(r->y, t1, group);
+
+	if (group->aIsM3) {			/* a == -3 */
+		/* a(rz^4) = -3 * ((rz^2)^2) */
+		PREFIX(square) (t0, r->z);
+		group->ecfp_reduce(t0, t0, group);
+		PREFIX(square) (t1, t0);
+		PREFIX(addLong) (t0, t1, t1);
+		PREFIX(addLong) (t0, t0, t1);
+		PREFIX(negLong) (t0, t0);
+		group->ecfp_reduce(r->az4, t0, group);
+	} else {					/* Generic case */
+		/* a(rz^4) = a * ((rz^2)^2) */
+		PREFIX(square) (t0, r->z);
+		group->ecfp_reduce(t0, t0, group);
+		PREFIX(square) (t1, t0);
+		group->ecfp_reduce(t1, t1, group);
+		PREFIX(multiply) (t0, group->curvea, t1);
+		group->ecfp_reduce(r->az4, t0, group);
+	}
+  CLEANUP:
+	return;
+}
+
+/* Perform a point addition using Chudnovsky Jacobian coordinates. Input
+ * and output should be multi-precision floating point integers. */
+void PREFIX(pt_add_chud) (const ecfp_chud_pt * p, const ecfp_chud_pt * q,
+						  ecfp_chud_pt * r, const EC_group_fp * group) {
+
+	/* Temporary Storage */
+	double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES],
+		U[2 * ECFP_NUMDOUBLES], R[2 * ECFP_NUMDOUBLES],
+		S[2 * ECFP_NUMDOUBLES], H[2 * ECFP_NUMDOUBLES],
+		H3[2 * ECFP_NUMDOUBLES];
+
+	/* Check for point at infinity for p, if so set r = q */
+	if (PREFIX(pt_is_inf_chud) (p) == MP_YES) {
+		PREFIX(copy) (r->x, q->x);
+		PREFIX(copy) (r->y, q->y);
+		PREFIX(copy) (r->z, q->z);
+		PREFIX(copy) (r->z2, q->z2);
+		PREFIX(copy) (r->z3, q->z3);
+		goto CLEANUP;
+	}
+
+	/* Check for point at infinity for p, if so set r = q */
+	if (PREFIX(pt_is_inf_chud) (q) == MP_YES) {
+		PREFIX(copy) (r->x, p->x);
+		PREFIX(copy) (r->y, p->y);
+		PREFIX(copy) (r->z, p->z);
+		PREFIX(copy) (r->z2, p->z2);
+		PREFIX(copy) (r->z3, p->z3);
+		goto CLEANUP;
+	}
+
+	/* U = px * qz^2 */
+	PREFIX(multiply) (U, p->x, q->z2);
+	group->ecfp_reduce(U, U, group);
+
+	/* H = qx*(pz)^2 - U */
+	PREFIX(multiply) (H, q->x, p->z2);
+	PREFIX(subtractShort) (H, H, U);
+	group->ecfp_reduce(H, H, group);
+
+	/* U = U*H^2, H3 = H^3 */
+	PREFIX(square) (t0, H);
+	group->ecfp_reduce(t0, t0, group);
+	PREFIX(multiply) (t1, U, t0);
+	group->ecfp_reduce(U, t1, group);
+	PREFIX(multiply) (H3, t0, H);
+	group->ecfp_reduce(H3, H3, group);
+
+	/* S = py * qz^3 */
+	PREFIX(multiply) (S, p->y, q->z3);
+	group->ecfp_reduce(S, S, group);
+
+	/* rz = pz * qz * H */
+	PREFIX(multiply) (t0, q->z, H);
+	group->ecfp_reduce(t0, t0, group);
+	PREFIX(multiply) (t1, t0, p->z);
+	group->ecfp_reduce(r->z, t1, group);
+
+	/* R = (qy * z1^3 - s) */
+	PREFIX(multiply) (t0, q->y, p->z3);
+	PREFIX(subtractShort) (t0, t0, S);
+	group->ecfp_reduce(R, t0, group);
+
+	/* rx = R^2 - H^3 - 2 * U */
+	PREFIX(square) (t0, R);
+	PREFIX(subtractShort) (t0, t0, H3);
+	PREFIX(subtractShort) (t0, t0, U);
+	PREFIX(subtractShort) (t0, t0, U);
+	group->ecfp_reduce(r->x, t0, group);
+
+	/* ry = R(U - rx) - S*H3 */
+	PREFIX(subtractShort) (t1, U, r->x);
+	PREFIX(multiply) (t0, t1, R);
+	PREFIX(multiply) (t1, S, H3);
+	PREFIX(subtractLong) (t1, t0, t1);
+	group->ecfp_reduce(r->y, t1, group);
+
+	/* rz2 = rz^2 */
+	PREFIX(square) (t0, r->z);
+	group->ecfp_reduce(r->z2, t0, group);
+
+	/* rz3 = rz^3 */
+	PREFIX(multiply) (t0, r->z, r->z2);
+	group->ecfp_reduce(r->z3, t0, group);
+
+  CLEANUP:
+	return;
+}
+
+/* Expects out to be an array of size 16 of Chudnovsky Jacobian points.
+ * Fills in Chudnovsky Jacobian form (x, y, z, z^2, z^3), for -15P, -13P,
+ * -11P, -9P, -7P, -5P, -3P, -P, P, 3P, 5P, 7P, 9P, 11P, 13P, 15P */
+void PREFIX(precompute_chud) (ecfp_chud_pt * out, const ecfp_aff_pt * p,
+							  const EC_group_fp * group) {
+
+	ecfp_chud_pt p2;
+
+	/* Set out[8] = P */
+	PREFIX(copy) (out[8].x, p->x);
+	PREFIX(copy) (out[8].y, p->y);
+	PREFIX(one) (out[8].z);
+	PREFIX(one) (out[8].z2);
+	PREFIX(one) (out[8].z3);
+
+	/* Set p2 = 2P */
+	PREFIX(pt_dbl_aff2chud) (p, &p2, group);
+
+	/* Set 3P, 5P, ..., 15P */
+	PREFIX(pt_add_chud) (&out[8], &p2, &out[9], group);
+	PREFIX(pt_add_chud) (&out[9], &p2, &out[10], group);
+	PREFIX(pt_add_chud) (&out[10], &p2, &out[11], group);
+	PREFIX(pt_add_chud) (&out[11], &p2, &out[12], group);
+	PREFIX(pt_add_chud) (&out[12], &p2, &out[13], group);
+	PREFIX(pt_add_chud) (&out[13], &p2, &out[14], group);
+	PREFIX(pt_add_chud) (&out[14], &p2, &out[15], group);
+
+	/* Set -15P, -13P, ..., -P */
+	PREFIX(pt_neg_chud) (&out[8], &out[7]);
+	PREFIX(pt_neg_chud) (&out[9], &out[6]);
+	PREFIX(pt_neg_chud) (&out[10], &out[5]);
+	PREFIX(pt_neg_chud) (&out[11], &out[4]);
+	PREFIX(pt_neg_chud) (&out[12], &out[3]);
+	PREFIX(pt_neg_chud) (&out[13], &out[2]);
+	PREFIX(pt_neg_chud) (&out[14], &out[1]);
+	PREFIX(pt_neg_chud) (&out[15], &out[0]);
+}
+
+/* Expects out to be an array of size 16 of Jacobian points. Fills in
+ * Jacobian form (x, y, z), for O, P, 2P, ... 15P */
+void PREFIX(precompute_jac) (ecfp_jac_pt * precomp, const ecfp_aff_pt * p,
+							 const EC_group_fp * group) {
+	int i;
+
+	/* fill precomputation table */
+	/* set precomp[0] */
+	PREFIX(set_pt_inf_jac) (&precomp[0]);
+	/* set precomp[1] */
+	PREFIX(copy) (precomp[1].x, p->x);
+	PREFIX(copy) (precomp[1].y, p->y);
+	if (PREFIX(pt_is_inf_aff) (p) == MP_YES) {
+		PREFIX(zero) (precomp[1].z);
+	} else {
+		PREFIX(one) (precomp[1].z);
+	}
+	/* set precomp[2] */
+	group->pt_dbl_jac(&precomp[1], &precomp[2], group);
+
+	/* set rest of precomp */
+	for (i = 3; i < 16; i++) {
+		group->pt_add_jac_aff(&precomp[i - 1], p, &precomp[i], group);
+	}
+}
diff --git a/security/nss/lib/freebl/ecl/ecp_jac.c b/security/nss/lib/freebl/ecl/ecp_jac.c
new file mode 100644
index 000000000..2659dbb82
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ecp_jac.c
@@ -0,0 +1,553 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library for prime field curves.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Sheueling Chang-Shantz <sheueling.chang@sun.com>,
+ *   Stephen Fung <fungstep@hotmail.com>, and
+ *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories.
+ *   Bodo Moeller <moeller@cdc.informatik.tu-darmstadt.de>,
+ *   Nils Larsch <nla@trustcenter.de>, and
+ *   Lenka Fibikova <fibikova@exp-math.uni-essen.de>, the OpenSSL Project
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "ecp.h"
+#include "mplogic.h"
+#include <stdlib.h>
+#ifdef ECL_DEBUG
+#include <assert.h>
+#endif
+
+/* Converts a point P(px, py) from affine coordinates to Jacobian
+ * projective coordinates R(rx, ry, rz). Assumes input is already
+ * field-encoded using field_enc, and returns output that is still
+ * field-encoded. */
+mp_err
+ec_GFp_pt_aff2jac(const mp_int *px, const mp_int *py, mp_int *rx,
+				  mp_int *ry, mp_int *rz, const ECGroup *group)
+{
+	mp_err res = MP_OKAY;
+
+	if (ec_GFp_pt_is_inf_aff(px, py) == MP_YES) {
+		MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, rz));
+	} else {
+		MP_CHECKOK(mp_copy(px, rx));
+		MP_CHECKOK(mp_copy(py, ry));
+		MP_CHECKOK(mp_set_int(rz, 1));
+		if (group->meth->field_enc) {
+			MP_CHECKOK(group->meth->field_enc(rz, rz, group->meth));
+		}
+	}
+  CLEANUP:
+	return res;
+}
+
+/* Converts a point P(px, py, pz) from Jacobian projective coordinates to
+ * affine coordinates R(rx, ry).  P and R can share x and y coordinates.
+ * Assumes input is already field-encoded using field_enc, and returns
+ * output that is still field-encoded. */
+mp_err
+ec_GFp_pt_jac2aff(const mp_int *px, const mp_int *py, const mp_int *pz,
+				  mp_int *rx, mp_int *ry, const ECGroup *group)
+{
+	mp_err res = MP_OKAY;
+	mp_int z1, z2, z3;
+
+	MP_DIGITS(&z1) = 0;
+	MP_DIGITS(&z2) = 0;
+	MP_DIGITS(&z3) = 0;
+	MP_CHECKOK(mp_init(&z1));
+	MP_CHECKOK(mp_init(&z2));
+	MP_CHECKOK(mp_init(&z3));
+
+	/* if point at infinity, then set point at infinity and exit */
+	if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES) {
+		MP_CHECKOK(ec_GFp_pt_set_inf_aff(rx, ry));
+		goto CLEANUP;
+	}
+
+	/* transform (px, py, pz) into (px / pz^2, py / pz^3) */
+	if (mp_cmp_d(pz, 1) == 0) {
+		MP_CHECKOK(mp_copy(px, rx));
+		MP_CHECKOK(mp_copy(py, ry));
+	} else {
+		MP_CHECKOK(group->meth->field_div(NULL, pz, &z1, group->meth));
+		MP_CHECKOK(group->meth->field_sqr(&z1, &z2, group->meth));
+		MP_CHECKOK(group->meth->field_mul(&z1, &z2, &z3, group->meth));
+		MP_CHECKOK(group->meth->field_mul(px, &z2, rx, group->meth));
+		MP_CHECKOK(group->meth->field_mul(py, &z3, ry, group->meth));
+	}
+
+  CLEANUP:
+	mp_clear(&z1);
+	mp_clear(&z2);
+	mp_clear(&z3);
+	return res;
+}
+
+/* Checks if point P(px, py, pz) is at infinity. Uses Jacobian
+ * coordinates. */
+mp_err
+ec_GFp_pt_is_inf_jac(const mp_int *px, const mp_int *py, const mp_int *pz)
+{
+	return mp_cmp_z(pz);
+}
+
+/* Sets P(px, py, pz) to be the point at infinity.  Uses Jacobian
+ * coordinates. */
+mp_err
+ec_GFp_pt_set_inf_jac(mp_int *px, mp_int *py, mp_int *pz)
+{
+	mp_zero(pz);
+	return MP_OKAY;
+}
+
+/* Computes R = P + Q where R is (rx, ry, rz), P is (px, py, pz) and Q is
+ * (qx, qy, 1).  Elliptic curve points P, Q, and R can all be identical.
+ * Uses mixed Jacobian-affine coordinates. Assumes input is already
+ * field-encoded using field_enc, and returns output that is still
+ * field-encoded. Uses equation (2) from Brown, Hankerson, Lopez, and
+ * Menezes. Software Implementation of the NIST Elliptic Curves Over Prime
+ * Fields. */
+mp_err
+ec_GFp_pt_add_jac_aff(const mp_int *px, const mp_int *py, const mp_int *pz,
+					  const mp_int *qx, const mp_int *qy, mp_int *rx,
+					  mp_int *ry, mp_int *rz, const ECGroup *group)
+{
+	mp_err res = MP_OKAY;
+	mp_int A, B, C, D, C2, C3;
+
+	MP_DIGITS(&A) = 0;
+	MP_DIGITS(&B) = 0;
+	MP_DIGITS(&C) = 0;
+	MP_DIGITS(&D) = 0;
+	MP_DIGITS(&C2) = 0;
+	MP_DIGITS(&C3) = 0;
+	MP_CHECKOK(mp_init(&A));
+	MP_CHECKOK(mp_init(&B));
+	MP_CHECKOK(mp_init(&C));
+	MP_CHECKOK(mp_init(&D));
+	MP_CHECKOK(mp_init(&C2));
+	MP_CHECKOK(mp_init(&C3));
+
+	/* If either P or Q is the point at infinity, then return the other
+	 * point */
+	if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES) {
+		MP_CHECKOK(ec_GFp_pt_aff2jac(qx, qy, rx, ry, rz, group));
+		goto CLEANUP;
+	}
+	if (ec_GFp_pt_is_inf_aff(qx, qy) == MP_YES) {
+		MP_CHECKOK(mp_copy(px, rx));
+		MP_CHECKOK(mp_copy(py, ry));
+		MP_CHECKOK(mp_copy(pz, rz));
+		goto CLEANUP;
+	}
+
+	/* A = qx * pz^2, B = qy * pz^3 */
+	MP_CHECKOK(group->meth->field_sqr(pz, &A, group->meth));
+	MP_CHECKOK(group->meth->field_mul(&A, pz, &B, group->meth));
+	MP_CHECKOK(group->meth->field_mul(&A, qx, &A, group->meth));
+	MP_CHECKOK(group->meth->field_mul(&B, qy, &B, group->meth));
+
+	/* C = A - px, D = B - py */
+	MP_CHECKOK(group->meth->field_sub(&A, px, &C, group->meth));
+	MP_CHECKOK(group->meth->field_sub(&B, py, &D, group->meth));
+
+	/* C2 = C^2, C3 = C^3 */
+	MP_CHECKOK(group->meth->field_sqr(&C, &C2, group->meth));
+	MP_CHECKOK(group->meth->field_mul(&C, &C2, &C3, group->meth));
+
+	/* rz = pz * C */
+	MP_CHECKOK(group->meth->field_mul(pz, &C, rz, group->meth));
+
+	/* C = px * C^2 */
+	MP_CHECKOK(group->meth->field_mul(px, &C2, &C, group->meth));
+	/* A = D^2 */
+	MP_CHECKOK(group->meth->field_sqr(&D, &A, group->meth));
+
+	/* rx = D^2 - (C^3 + 2 * (px * C^2)) */
+	MP_CHECKOK(group->meth->field_add(&C, &C, rx, group->meth));
+	MP_CHECKOK(group->meth->field_add(&C3, rx, rx, group->meth));
+	MP_CHECKOK(group->meth->field_sub(&A, rx, rx, group->meth));
+
+	/* C3 = py * C^3 */
+	MP_CHECKOK(group->meth->field_mul(py, &C3, &C3, group->meth));
+
+	/* ry = D * (px * C^2 - rx) - py * C^3 */
+	MP_CHECKOK(group->meth->field_sub(&C, rx, ry, group->meth));
+	MP_CHECKOK(group->meth->field_mul(&D, ry, ry, group->meth));
+	MP_CHECKOK(group->meth->field_sub(ry, &C3, ry, group->meth));
+
+  CLEANUP:
+	mp_clear(&A);
+	mp_clear(&B);
+	mp_clear(&C);
+	mp_clear(&D);
+	mp_clear(&C2);
+	mp_clear(&C3);
+	return res;
+}
+
+/* Computes R = 2P.  Elliptic curve points P and R can be identical.  Uses 
+ * Jacobian coordinates.
+ *
+ * Assumes input is already field-encoded using field_enc, and returns 
+ * output that is still field-encoded.
+ *
+ * This routine implements Point Doubling in the Jacobian Projective 
+ * space as described in the paper "Efficient elliptic curve exponentiation 
+ * using mixed coordinates", by H. Cohen, A Miyaji, T. Ono.
+ */
+mp_err
+ec_GFp_pt_dbl_jac(const mp_int *px, const mp_int *py, const mp_int *pz,
+				  mp_int *rx, mp_int *ry, mp_int *rz, const ECGroup *group)
+{
+	mp_err res = MP_OKAY;
+	mp_int t0, t1, M, S;
+
+	MP_DIGITS(&t0) = 0;
+	MP_DIGITS(&t1) = 0;
+	MP_DIGITS(&M) = 0;
+	MP_DIGITS(&S) = 0;
+	MP_CHECKOK(mp_init(&t0));
+	MP_CHECKOK(mp_init(&t1));
+	MP_CHECKOK(mp_init(&M));
+	MP_CHECKOK(mp_init(&S));
+
+	if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES) {
+		MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, rz));
+		goto CLEANUP;
+	}
+
+	if (mp_cmp_d(pz, 1) == 0) {
+		/* M = 3 * px^2 + a */
+		MP_CHECKOK(group->meth->field_sqr(px, &t0, group->meth));
+		MP_CHECKOK(group->meth->field_add(&t0, &t0, &M, group->meth));
+		MP_CHECKOK(group->meth->field_add(&t0, &M, &t0, group->meth));
+		MP_CHECKOK(group->meth->
+				   field_add(&t0, &group->curvea, &M, group->meth));
+	} else if (mp_cmp_int(&group->curvea, -3) == 0) {
+		/* M = 3 * (px + pz^2) * (px - pz^2) */
+		MP_CHECKOK(group->meth->field_sqr(pz, &M, group->meth));
+		MP_CHECKOK(group->meth->field_add(px, &M, &t0, group->meth));
+		MP_CHECKOK(group->meth->field_sub(px, &M, &t1, group->meth));
+		MP_CHECKOK(group->meth->field_mul(&t0, &t1, &M, group->meth));
+		MP_CHECKOK(group->meth->field_add(&M, &M, &t0, group->meth));
+		MP_CHECKOK(group->meth->field_add(&t0, &M, &M, group->meth));
+	} else {
+		/* M = 3 * (px^2) + a * (pz^4) */
+		MP_CHECKOK(group->meth->field_sqr(px, &t0, group->meth));
+		MP_CHECKOK(group->meth->field_add(&t0, &t0, &M, group->meth));
+		MP_CHECKOK(group->meth->field_add(&t0, &M, &t0, group->meth));
+		MP_CHECKOK(group->meth->field_sqr(pz, &M, group->meth));
+		MP_CHECKOK(group->meth->field_sqr(&M, &M, group->meth));
+		MP_CHECKOK(group->meth->
+				   field_mul(&M, &group->curvea, &M, group->meth));
+		MP_CHECKOK(group->meth->field_add(&M, &t0, &M, group->meth));
+	}
+
+	/* rz = 2 * py * pz */
+	/* t0 = 4 * py^2 */
+	if (mp_cmp_d(pz, 1) == 0) {
+		MP_CHECKOK(group->meth->field_add(py, py, rz, group->meth));
+		MP_CHECKOK(group->meth->field_sqr(rz, &t0, group->meth));
+	} else {
+		MP_CHECKOK(group->meth->field_add(py, py, &t0, group->meth));
+		MP_CHECKOK(group->meth->field_mul(&t0, pz, rz, group->meth));
+		MP_CHECKOK(group->meth->field_sqr(&t0, &t0, group->meth));
+	}
+
+	/* S = 4 * px * py^2 = px * (2 * py)^2 */
+	MP_CHECKOK(group->meth->field_mul(px, &t0, &S, group->meth));
+
+	/* rx = M^2 - 2 * S */
+	MP_CHECKOK(group->meth->field_add(&S, &S, &t1, group->meth));
+	MP_CHECKOK(group->meth->field_sqr(&M, rx, group->meth));
+	MP_CHECKOK(group->meth->field_sub(rx, &t1, rx, group->meth));
+
+	/* ry = M * (S - rx) - 8 * py^4 */
+	MP_CHECKOK(group->meth->field_sqr(&t0, &t1, group->meth));
+	if (mp_isodd(&t1)) {
+		MP_CHECKOK(mp_add(&t1, &group->meth->irr, &t1));
+	}
+	MP_CHECKOK(mp_div_2(&t1, &t1));
+	MP_CHECKOK(group->meth->field_sub(&S, rx, &S, group->meth));
+	MP_CHECKOK(group->meth->field_mul(&M, &S, &M, group->meth));
+	MP_CHECKOK(group->meth->field_sub(&M, &t1, ry, group->meth));
+
+  CLEANUP:
+	mp_clear(&t0);
+	mp_clear(&t1);
+	mp_clear(&M);
+	mp_clear(&S);
+	return res;
+}
+
+/* by default, this routine is unused and thus doesn't need to be compiled */
+#ifdef ECL_ENABLE_GFP_PT_MUL_JAC
+/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
+ * a, b and p are the elliptic curve coefficients and the prime that
+ * determines the field GFp.  Elliptic curve points P and R can be
+ * identical.  Uses mixed Jacobian-affine coordinates. Assumes input is
+ * already field-encoded using field_enc, and returns output that is still 
+ * field-encoded. Uses 4-bit window method. */
+mp_err
+ec_GFp_pt_mul_jac(const mp_int *n, const mp_int *px, const mp_int *py,
+				  mp_int *rx, mp_int *ry, const ECGroup *group)
+{
+	mp_err res = MP_OKAY;
+	mp_int precomp[16][2], rz;
+	int i, ni, d;
+
+	MP_DIGITS(&rz) = 0;
+	for (i = 0; i < 16; i++) {
+		MP_DIGITS(&precomp[i][0]) = 0;
+		MP_DIGITS(&precomp[i][1]) = 0;
+	}
+
+	ARGCHK(group != NULL, MP_BADARG);
+	ARGCHK((n != NULL) && (px != NULL) && (py != NULL), MP_BADARG);
+
+	/* initialize precomputation table */
+	for (i = 0; i < 16; i++) {
+		MP_CHECKOK(mp_init(&precomp[i][0]));
+		MP_CHECKOK(mp_init(&precomp[i][1]));
+	}
+
+	/* fill precomputation table */
+	mp_zero(&precomp[0][0]);
+	mp_zero(&precomp[0][1]);
+	MP_CHECKOK(mp_copy(px, &precomp[1][0]));
+	MP_CHECKOK(mp_copy(py, &precomp[1][1]));
+	for (i = 2; i < 16; i++) {
+		MP_CHECKOK(group->
+				   point_add(&precomp[1][0], &precomp[1][1],
+							 &precomp[i - 1][0], &precomp[i - 1][1],
+							 &precomp[i][0], &precomp[i][1], group));
+	}
+
+	d = (mpl_significant_bits(n) + 3) / 4;
+
+	/* R = inf */
+	MP_CHECKOK(mp_init(&rz));
+	MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, &rz));
+
+	for (i = d - 1; i >= 0; i--) {
+		/* compute window ni */
+		ni = MP_GET_BIT(n, 4 * i + 3);
+		ni <<= 1;
+		ni |= MP_GET_BIT(n, 4 * i + 2);
+		ni <<= 1;
+		ni |= MP_GET_BIT(n, 4 * i + 1);
+		ni <<= 1;
+		ni |= MP_GET_BIT(n, 4 * i);
+		/* R = 2^4 * R */
+		MP_CHECKOK(ec_GFp_pt_dbl_jac(rx, ry, &rz, rx, ry, &rz, group));
+		MP_CHECKOK(ec_GFp_pt_dbl_jac(rx, ry, &rz, rx, ry, &rz, group));
+		MP_CHECKOK(ec_GFp_pt_dbl_jac(rx, ry, &rz, rx, ry, &rz, group));
+		MP_CHECKOK(ec_GFp_pt_dbl_jac(rx, ry, &rz, rx, ry, &rz, group));
+		/* R = R + (ni * P) */
+		MP_CHECKOK(ec_GFp_pt_add_jac_aff
+				   (rx, ry, &rz, &precomp[ni][0], &precomp[ni][1], rx, ry,
+					&rz, group));
+	}
+
+	/* convert result S to affine coordinates */
+	MP_CHECKOK(ec_GFp_pt_jac2aff(rx, ry, &rz, rx, ry, group));
+
+  CLEANUP:
+	mp_clear(&rz);
+	for (i = 0; i < 16; i++) {
+		mp_clear(&precomp[i][0]);
+		mp_clear(&precomp[i][1]);
+	}
+	return res;
+}
+#endif
+
+/* Elliptic curve scalar-point multiplication. Computes R(x, y) = k1 * G + 
+ * k2 * P(x, y), where G is the generator (base point) of the group of
+ * points on the elliptic curve. Allows k1 = NULL or { k2, P } = NULL.
+ * Uses mixed Jacobian-affine coordinates. Input and output values are
+ * assumed to be NOT field-encoded. Uses algorithm 15 (simultaneous
+ * multiple point multiplication) from Brown, Hankerson, Lopez, Menezes.
+ * Software Implementation of the NIST Elliptic Curves over Prime Fields. */
+mp_err
+ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px,
+				   const mp_int *py, mp_int *rx, mp_int *ry,
+				   const ECGroup *group)
+{
+	mp_err res = MP_OKAY;
+	mp_int precomp[4][4][2];
+	mp_int rz;
+	const mp_int *a, *b;
+	int i, j;
+	int ai, bi, d;
+
+	for (i = 0; i < 4; i++) {
+		for (j = 0; j < 4; j++) {
+			MP_DIGITS(&precomp[i][j][0]) = 0;
+			MP_DIGITS(&precomp[i][j][1]) = 0;
+		}
+	}
+	MP_DIGITS(&rz) = 0;
+
+	ARGCHK(group != NULL, MP_BADARG);
+	ARGCHK(!((k1 == NULL)
+			 && ((k2 == NULL) || (px == NULL)
+				 || (py == NULL))), MP_BADARG);
+
+	/* if some arguments are not defined used ECPoint_mul */
+	if (k1 == NULL) {
+		return ECPoint_mul(group, k2, px, py, rx, ry);
+	} else if ((k2 == NULL) || (px == NULL) || (py == NULL)) {
+		return ECPoint_mul(group, k1, NULL, NULL, rx, ry);
+	}
+
+	/* initialize precomputation table */
+	for (i = 0; i < 4; i++) {
+		for (j = 0; j < 4; j++) {
+			MP_CHECKOK(mp_init(&precomp[i][j][0]));
+			MP_CHECKOK(mp_init(&precomp[i][j][1]));
+		}
+	}
+
+	/* fill precomputation table */
+	/* assign {k1, k2} = {a, b} such that len(a) >= len(b) */
+	if (mpl_significant_bits(k1) < mpl_significant_bits(k2)) {
+		a = k2;
+		b = k1;
+		if (group->meth->field_enc) {
+			MP_CHECKOK(group->meth->
+					   field_enc(px, &precomp[1][0][0], group->meth));
+			MP_CHECKOK(group->meth->
+					   field_enc(py, &precomp[1][0][1], group->meth));
+		} else {
+			MP_CHECKOK(mp_copy(px, &precomp[1][0][0]));
+			MP_CHECKOK(mp_copy(py, &precomp[1][0][1]));
+		}
+		MP_CHECKOK(mp_copy(&group->genx, &precomp[0][1][0]));
+		MP_CHECKOK(mp_copy(&group->geny, &precomp[0][1][1]));
+	} else {
+		a = k1;
+		b = k2;
+		MP_CHECKOK(mp_copy(&group->genx, &precomp[1][0][0]));
+		MP_CHECKOK(mp_copy(&group->geny, &precomp[1][0][1]));
+		if (group->meth->field_enc) {
+			MP_CHECKOK(group->meth->
+					   field_enc(px, &precomp[0][1][0], group->meth));
+			MP_CHECKOK(group->meth->
+					   field_enc(py, &precomp[0][1][1], group->meth));
+		} else {
+			MP_CHECKOK(mp_copy(px, &precomp[0][1][0]));
+			MP_CHECKOK(mp_copy(py, &precomp[0][1][1]));
+		}
+	}
+	/* precompute [*][0][*] */
+	mp_zero(&precomp[0][0][0]);
+	mp_zero(&precomp[0][0][1]);
+	MP_CHECKOK(group->
+			   point_dbl(&precomp[1][0][0], &precomp[1][0][1],
+						 &precomp[2][0][0], &precomp[2][0][1], group));
+	MP_CHECKOK(group->
+			   point_add(&precomp[1][0][0], &precomp[1][0][1],
+						 &precomp[2][0][0], &precomp[2][0][1],
+						 &precomp[3][0][0], &precomp[3][0][1], group));
+	/* precompute [*][1][*] */
+	for (i = 1; i < 4; i++) {
+		MP_CHECKOK(group->
+				   point_add(&precomp[0][1][0], &precomp[0][1][1],
+							 &precomp[i][0][0], &precomp[i][0][1],
+							 &precomp[i][1][0], &precomp[i][1][1], group));
+	}
+	/* precompute [*][2][*] */
+	MP_CHECKOK(group->
+			   point_dbl(&precomp[0][1][0], &precomp[0][1][1],
+						 &precomp[0][2][0], &precomp[0][2][1], group));
+	for (i = 1; i < 4; i++) {
+		MP_CHECKOK(group->
+				   point_add(&precomp[0][2][0], &precomp[0][2][1],
+							 &precomp[i][0][0], &precomp[i][0][1],
+							 &precomp[i][2][0], &precomp[i][2][1], group));
+	}
+	/* precompute [*][3][*] */
+	MP_CHECKOK(group->
+			   point_add(&precomp[0][1][0], &precomp[0][1][1],
+						 &precomp[0][2][0], &precomp[0][2][1],
+						 &precomp[0][3][0], &precomp[0][3][1], group));
+	for (i = 1; i < 4; i++) {
+		MP_CHECKOK(group->
+				   point_add(&precomp[0][3][0], &precomp[0][3][1],
+							 &precomp[i][0][0], &precomp[i][0][1],
+							 &precomp[i][3][0], &precomp[i][3][1], group));
+	}
+
+	d = (mpl_significant_bits(a) + 1) / 2;
+
+	/* R = inf */
+	MP_CHECKOK(mp_init(&rz));
+	MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, &rz));
+
+	for (i = d - 1; i >= 0; i--) {
+		ai = MP_GET_BIT(a, 2 * i + 1);
+		ai <<= 1;
+		ai |= MP_GET_BIT(a, 2 * i);
+		bi = MP_GET_BIT(b, 2 * i + 1);
+		bi <<= 1;
+		bi |= MP_GET_BIT(b, 2 * i);
+		/* R = 2^2 * R */
+		MP_CHECKOK(ec_GFp_pt_dbl_jac(rx, ry, &rz, rx, ry, &rz, group));
+		MP_CHECKOK(ec_GFp_pt_dbl_jac(rx, ry, &rz, rx, ry, &rz, group));
+		/* R = R + (ai * A + bi * B) */
+		MP_CHECKOK(ec_GFp_pt_add_jac_aff
+				   (rx, ry, &rz, &precomp[ai][bi][0], &precomp[ai][bi][1],
+					rx, ry, &rz, group));
+	}
+
+	MP_CHECKOK(ec_GFp_pt_jac2aff(rx, ry, &rz, rx, ry, group));
+
+	if (group->meth->field_dec) {
+		MP_CHECKOK(group->meth->field_dec(rx, rx, group->meth));
+		MP_CHECKOK(group->meth->field_dec(ry, ry, group->meth));
+	}
+
+  CLEANUP:
+	mp_clear(&rz);
+	for (i = 0; i < 4; i++) {
+		for (j = 0; j < 4; j++) {
+			mp_clear(&precomp[i][j][0]);
+			mp_clear(&precomp[i][j][1]);
+		}
+	}
+	return res;
+}
diff --git a/security/nss/lib/freebl/ecl/ecp_jm.c b/security/nss/lib/freebl/ecl/ecp_jm.c
new file mode 100644
index 000000000..f015a6158
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ecp_jm.c
@@ -0,0 +1,323 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library for prime field curves.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Stephen Fung <fungstep@hotmail.com>, Sun Microsystems Laboratories
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "ecp.h"
+#include "ecl-priv.h"
+#include "mplogic.h"
+#include <stdlib.h>
+
+#define MAX_SCRATCH 6
+
+/* Computes R = 2P.  Elliptic curve points P and R can be identical.  Uses 
+ * Modified Jacobian coordinates.
+ *
+ * Assumes input is already field-encoded using field_enc, and returns 
+ * output that is still field-encoded.
+ *
+ */
+mp_err
+ec_GFp_pt_dbl_jm(const mp_int *px, const mp_int *py, const mp_int *pz,
+				 const mp_int *paz4, mp_int *rx, mp_int *ry, mp_int *rz,
+				 mp_int *raz4, mp_int scratch[], const ECGroup *group)
+{
+	mp_err res = MP_OKAY;
+	mp_int *t0, *t1, *M, *S;
+
+	t0 = &scratch[0];
+	t1 = &scratch[1];
+	M = &scratch[2];
+	S = &scratch[3];
+
+#if MAX_SCRATCH < 4
+#error "Scratch array defined too small "
+#endif
+
+	/* Check for point at infinity */
+	if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES) {
+		/* Set r = pt at infinity by setting rz = 0 */
+
+		MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, rz));
+		goto CLEANUP;
+	}
+
+	/* M = 3 (px^2) + a*(pz^4) */
+	MP_CHECKOK(group->meth->field_sqr(px, t0, group->meth));
+	MP_CHECKOK(group->meth->field_add(t0, t0, M, group->meth));
+	MP_CHECKOK(group->meth->field_add(t0, M, t0, group->meth));
+	MP_CHECKOK(group->meth->field_add(t0, paz4, M, group->meth));
+
+	/* rz = 2 * py * pz */
+	MP_CHECKOK(group->meth->field_mul(py, pz, S, group->meth));
+	MP_CHECKOK(group->meth->field_add(S, S, rz, group->meth));
+
+	/* t0 = 2y^2 , t1 = 8y^4 */
+	MP_CHECKOK(group->meth->field_sqr(py, t0, group->meth));
+	MP_CHECKOK(group->meth->field_add(t0, t0, t0, group->meth));
+	MP_CHECKOK(group->meth->field_sqr(t0, t1, group->meth));
+	MP_CHECKOK(group->meth->field_add(t1, t1, t1, group->meth));
+
+	/* S = 4 * px * py^2 = 2 * px * t0 */
+	MP_CHECKOK(group->meth->field_mul(px, t0, S, group->meth));
+	MP_CHECKOK(group->meth->field_add(S, S, S, group->meth));
+
+
+	/* rx = M^2 - 2S */
+	MP_CHECKOK(group->meth->field_sqr(M, rx, group->meth));
+	MP_CHECKOK(group->meth->field_sub(rx, S, rx, group->meth));
+	MP_CHECKOK(group->meth->field_sub(rx, S, rx, group->meth));
+
+	/* ry = M * (S - rx) - t1 */
+	MP_CHECKOK(group->meth->field_sub(S, rx, S, group->meth));
+	MP_CHECKOK(group->meth->field_mul(S, M, ry, group->meth));
+	MP_CHECKOK(group->meth->field_sub(ry, t1, ry, group->meth));
+
+	/* ra*z^4 = 2*t1*(apz4) */
+	MP_CHECKOK(group->meth->field_mul(paz4, t1, raz4, group->meth));
+	MP_CHECKOK(group->meth->field_add(raz4, raz4, raz4, group->meth));
+
+
+  CLEANUP:
+	return res;
+}
+
+/* Computes R = P + Q where R is (rx, ry, rz), P is (px, py, pz) and Q is
+ * (qx, qy, 1).  Elliptic curve points P, Q, and R can all be identical.
+ * Uses mixed Modified_Jacobian-affine coordinates. Assumes input is
+ * already field-encoded using field_enc, and returns output that is still
+ * field-encoded. */
+mp_err
+ec_GFp_pt_add_jm_aff(const mp_int *px, const mp_int *py, const mp_int *pz,
+					 const mp_int *paz4, const mp_int *qx,
+					 const mp_int *qy, mp_int *rx, mp_int *ry, mp_int *rz,
+					 mp_int *raz4, mp_int scratch[], const ECGroup *group)
+{
+	mp_err res = MP_OKAY;
+	mp_int *A, *B, *C, *D, *C2, *C3;
+
+	A = &scratch[0];
+	B = &scratch[1];
+	C = &scratch[2];
+	D = &scratch[3];
+	C2 = &scratch[4];
+	C3 = &scratch[5];
+
+#if MAX_SCRATCH < 6
+#error "Scratch array defined too small "
+#endif
+
+	/* If either P or Q is the point at infinity, then return the other
+	 * point */
+	if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES) {
+		MP_CHECKOK(ec_GFp_pt_aff2jac(qx, qy, rx, ry, rz, group));
+		MP_CHECKOK(group->meth->field_sqr(rz, raz4, group->meth));
+		MP_CHECKOK(group->meth->field_sqr(raz4, raz4, group->meth));
+		MP_CHECKOK(group->meth->
+				   field_mul(raz4, &group->curvea, raz4, group->meth));
+		goto CLEANUP;
+	}
+	if (ec_GFp_pt_is_inf_aff(qx, qy) == MP_YES) {
+		MP_CHECKOK(mp_copy(px, rx));
+		MP_CHECKOK(mp_copy(py, ry));
+		MP_CHECKOK(mp_copy(pz, rz));
+		MP_CHECKOK(mp_copy(paz4, raz4));
+		goto CLEANUP;
+	}
+
+	/* A = qx * pz^2, B = qy * pz^3 */
+	MP_CHECKOK(group->meth->field_sqr(pz, A, group->meth));
+	MP_CHECKOK(group->meth->field_mul(A, pz, B, group->meth));
+	MP_CHECKOK(group->meth->field_mul(A, qx, A, group->meth));
+	MP_CHECKOK(group->meth->field_mul(B, qy, B, group->meth));
+
+	/* C = A - px, D = B - py */
+	MP_CHECKOK(group->meth->field_sub(A, px, C, group->meth));
+	MP_CHECKOK(group->meth->field_sub(B, py, D, group->meth));
+
+	/* C2 = C^2, C3 = C^3 */
+	MP_CHECKOK(group->meth->field_sqr(C, C2, group->meth));
+	MP_CHECKOK(group->meth->field_mul(C, C2, C3, group->meth));
+
+	/* rz = pz * C */
+	MP_CHECKOK(group->meth->field_mul(pz, C, rz, group->meth));
+
+	/* C = px * C^2 */
+	MP_CHECKOK(group->meth->field_mul(px, C2, C, group->meth));
+	/* A = D^2 */
+	MP_CHECKOK(group->meth->field_sqr(D, A, group->meth));
+
+	/* rx = D^2 - (C^3 + 2 * (px * C^2)) */
+	MP_CHECKOK(group->meth->field_add(C, C, rx, group->meth));
+	MP_CHECKOK(group->meth->field_add(C3, rx, rx, group->meth));
+	MP_CHECKOK(group->meth->field_sub(A, rx, rx, group->meth));
+
+	/* C3 = py * C^3 */
+	MP_CHECKOK(group->meth->field_mul(py, C3, C3, group->meth));
+
+	/* ry = D * (px * C^2 - rx) - py * C^3 */
+	MP_CHECKOK(group->meth->field_sub(C, rx, ry, group->meth));
+	MP_CHECKOK(group->meth->field_mul(D, ry, ry, group->meth));
+	MP_CHECKOK(group->meth->field_sub(ry, C3, ry, group->meth));
+
+	/* raz4 = a * rz^4 */
+	MP_CHECKOK(group->meth->field_sqr(rz, raz4, group->meth));
+	MP_CHECKOK(group->meth->field_sqr(raz4, raz4, group->meth));
+	MP_CHECKOK(group->meth->
+			   field_mul(raz4, &group->curvea, raz4, group->meth));
+CLEANUP:
+	return res;
+}
+
+/* Computes R = nP where R is (rx, ry) and P is the base point. Elliptic
+ * curve points P and R can be identical. Uses mixed Modified-Jacobian
+ * co-ordinates for doubling and Chudnovsky Jacobian coordinates for
+ * additions. Assumes input is already field-encoded using field_enc, and
+ * returns output that is still field-encoded. Uses 5-bit window NAF
+ * method (algorithm 11) for scalar-point multiplication from Brown,
+ * Hankerson, Lopez, Menezes. Software Implementation of the NIST Elliptic 
+ * Curves Over Prime Fields. */
+mp_err
+ec_GFp_pt_mul_jm_wNAF(const mp_int *n, const mp_int *px, const mp_int *py,
+					  mp_int *rx, mp_int *ry, const ECGroup *group)
+{
+	mp_err res = MP_OKAY;
+	mp_int precomp[16][2], rz, tpx, tpy;
+	mp_int raz4;
+	mp_int scratch[MAX_SCRATCH];
+	signed char *naf = NULL;
+	int i, orderBitSize;
+
+	MP_DIGITS(&rz) = 0;
+	MP_DIGITS(&raz4) = 0;
+	MP_DIGITS(&tpx) = 0;
+	MP_DIGITS(&tpy) = 0;
+	for (i = 0; i < 16; i++) {
+		MP_DIGITS(&precomp[i][0]) = 0;
+		MP_DIGITS(&precomp[i][1]) = 0;
+	}
+	for (i = 0; i < MAX_SCRATCH; i++) {
+		MP_DIGITS(&scratch[i]) = 0;
+	}
+
+	ARGCHK(group != NULL, MP_BADARG);
+	ARGCHK((n != NULL) && (px != NULL) && (py != NULL), MP_BADARG);
+
+	/* initialize precomputation table */
+	MP_CHECKOK(mp_init(&tpx));
+	MP_CHECKOK(mp_init(&tpy));;
+	MP_CHECKOK(mp_init(&rz));
+	MP_CHECKOK(mp_init(&raz4));
+
+	for (i = 0; i < 16; i++) {
+		MP_CHECKOK(mp_init(&precomp[i][0]));
+		MP_CHECKOK(mp_init(&precomp[i][1]));
+	}
+	for (i = 0; i < MAX_SCRATCH; i++) {
+		MP_CHECKOK(mp_init(&scratch[i]));
+	}
+
+	/* Set out[8] = P */
+	MP_CHECKOK(mp_copy(px, &precomp[8][0]));
+	MP_CHECKOK(mp_copy(py, &precomp[8][1]));
+
+	/* Set (tpx, tpy) = 2P */
+	MP_CHECKOK(group->
+			   point_dbl(&precomp[8][0], &precomp[8][1], &tpx, &tpy,
+						 group));
+
+	/* Set 3P, 5P, ..., 15P */
+	for (i = 8; i < 15; i++) {
+		MP_CHECKOK(group->
+				   point_add(&precomp[i][0], &precomp[i][1], &tpx, &tpy,
+							 &precomp[i + 1][0], &precomp[i + 1][1],
+							 group));
+	}
+
+	/* Set -15P, -13P, ..., -P */
+	for (i = 0; i < 8; i++) {
+		MP_CHECKOK(mp_copy(&precomp[15 - i][0], &precomp[i][0]));
+		MP_CHECKOK(group->meth->
+				   field_neg(&precomp[15 - i][1], &precomp[i][1],
+							 group->meth));
+	}
+
+	/* R = inf */
+	MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, &rz));
+
+	orderBitSize = mpl_significant_bits(&group->order);
+
+	/* Allocate memory for NAF */
+	naf = (signed char *) malloc(sizeof(signed char) * (orderBitSize + 1));
+	if (naf == NULL) {
+		res = MP_MEM;
+		goto CLEANUP;
+	}
+
+	/* Compute 5NAF */
+	ec_compute_wNAF(naf, orderBitSize, n, 5);
+
+	/* wNAF method */
+	for (i = orderBitSize; i >= 0; i--) {
+		/* R = 2R */
+		ec_GFp_pt_dbl_jm(rx, ry, &rz, &raz4, rx, ry, &rz, 
+					     &raz4, scratch, group);
+		if (naf[i] != 0) {
+			ec_GFp_pt_add_jm_aff(rx, ry, &rz, &raz4,
+								 &precomp[(naf[i] + 15) / 2][0],
+								 &precomp[(naf[i] + 15) / 2][1], rx, ry,
+								 &rz, &raz4, scratch, group);
+		}
+	}
+
+	/* convert result S to affine coordinates */
+	MP_CHECKOK(ec_GFp_pt_jac2aff(rx, ry, &rz, rx, ry, group));
+
+  CLEANUP:
+	for (i = 0; i < MAX_SCRATCH; i++) {
+		mp_clear(&scratch[i]);
+	}
+	for (i = 0; i < 16; i++) {
+		mp_clear(&precomp[i][0]);
+		mp_clear(&precomp[i][1]);
+	}
+	mp_clear(&tpx);
+	mp_clear(&tpy);
+	mp_clear(&rz);
+	mp_clear(&raz4);
+	free(naf);
+	return res;
+}
diff --git a/security/nss/lib/freebl/ecl/ecp_mont.c b/security/nss/lib/freebl/ecl/ecp_mont.c
new file mode 100644
index 000000000..c8829b6d1
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/ecp_mont.c
@@ -0,0 +1,192 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+/* Uses Montgomery reduction for field arithmetic.  See mpi/mpmontg.c for
+ * code implementation. */
+
+#include "mpi.h"
+#include "mplogic.h"
+#include "mpi-priv.h"
+#include "ecl-priv.h"
+#include "ecp.h"
+#include <stdlib.h>
+#include <stdio.h>
+
+/* Construct a generic GFMethod for arithmetic over prime fields with
+ * irreducible irr. */
+GFMethod *
+GFMethod_consGFp_mont(const mp_int *irr)
+{
+	mp_err res = MP_OKAY;
+	int i;
+	GFMethod *meth = NULL;
+	mp_mont_modulus *mmm;
+
+	meth = GFMethod_consGFp(irr);
+	if (meth == NULL)
+		return NULL;
+
+	mmm = (mp_mont_modulus *) malloc(sizeof(mp_mont_modulus));
+	if (mmm == NULL) {
+		res = MP_MEM;
+		goto CLEANUP;
+	}
+
+	meth->field_mul = &ec_GFp_mul_mont;
+	meth->field_sqr = &ec_GFp_sqr_mont;
+	meth->field_div = &ec_GFp_div_mont;
+	meth->field_enc = &ec_GFp_enc_mont;
+	meth->field_dec = &ec_GFp_dec_mont;
+	meth->extra1 = mmm;
+	meth->extra2 = NULL;
+	meth->extra_free = &ec_GFp_extra_free_mont;
+
+	mmm->N = meth->irr;
+	i = mpl_significant_bits(&meth->irr);
+	i += MP_DIGIT_BIT - 1;
+	mmm->b = i - i % MP_DIGIT_BIT;
+	mmm->n0prime = 0 - s_mp_invmod_radix(MP_DIGIT(&meth->irr, 0));
+
+  CLEANUP:
+	if (res != MP_OKAY) {
+		GFMethod_free(meth);
+		return NULL;
+	}
+	return meth;
+}
+
+/* Wrapper functions for generic prime field arithmetic. */
+
+/* Field multiplication using Montgomery reduction. */
+mp_err
+ec_GFp_mul_mont(const mp_int *a, const mp_int *b, mp_int *r,
+				const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+
+#ifdef MP_MONT_USE_MP_MUL
+	/* if MP_MONT_USE_MP_MUL is defined, then the function s_mp_mul_mont
+	 * is not implemented and we have to use mp_mul and s_mp_redc directly 
+	 */
+	MP_CHECKOK(mp_mul(a, b, r));
+	MP_CHECKOK(s_mp_redc(r, (mp_mont_modulus *) meth->extra1));
+#else
+	mp_int s;
+
+	MP_DIGITS(&s) = 0;
+	/* s_mp_mul_mont doesn't allow source and destination to be the same */
+	if ((a == r) || (b == r)) {
+		MP_CHECKOK(mp_init(&s));
+		MP_CHECKOK(s_mp_mul_mont
+				   (a, b, &s, (mp_mont_modulus *) meth->extra1));
+		MP_CHECKOK(mp_copy(&s, r));
+		mp_clear(&s);
+	} else {
+		return s_mp_mul_mont(a, b, r, (mp_mont_modulus *) meth->extra1);
+	}
+#endif
+  CLEANUP:
+	return res;
+}
+
+/* Field squaring using Montgomery reduction. */
+mp_err
+ec_GFp_sqr_mont(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+	return ec_GFp_mul_mont(a, a, r, meth);
+}
+
+/* Field division using Montgomery reduction. */
+mp_err
+ec_GFp_div_mont(const mp_int *a, const mp_int *b, mp_int *r,
+				const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+
+	/* if A=aZ represents a encoded in montgomery coordinates with Z and # 
+	 * and \ respectively represent multiplication and division in
+	 * montgomery coordinates, then A\B = (a/b)Z = (A/B)Z and Binv =
+	 * (1/b)Z = (1/B)(Z^2) where B # Binv = Z */
+	MP_CHECKOK(ec_GFp_div(a, b, r, meth));
+	MP_CHECKOK(ec_GFp_enc_mont(r, r, meth));
+	if (a == NULL) {
+		MP_CHECKOK(ec_GFp_enc_mont(r, r, meth));
+	}
+  CLEANUP:
+	return res;
+}
+
+/* Encode a field element in Montgomery form. See s_mp_to_mont in
+ * mpi/mpmontg.c */
+mp_err
+ec_GFp_enc_mont(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+	mp_mont_modulus *mmm;
+	mp_err res = MP_OKAY;
+
+	mmm = (mp_mont_modulus *) meth->extra1;
+	MP_CHECKOK(mpl_lsh(a, r, mmm->b));
+	MP_CHECKOK(mp_mod(r, &mmm->N, r));
+  CLEANUP:
+	return res;
+}
+
+/* Decode a field element from Montgomery form. */
+mp_err
+ec_GFp_dec_mont(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+
+	if (a != r) {
+		MP_CHECKOK(mp_copy(a, r));
+	}
+	MP_CHECKOK(s_mp_redc(r, (mp_mont_modulus *) meth->extra1));
+  CLEANUP:
+	return res;
+}
+
+/* Free the memory allocated to the extra fields of Montgomery GFMethod
+ * object. */
+void
+ec_GFp_extra_free_mont(GFMethod *meth)
+{
+	if (meth->extra1 != NULL) {
+		free(meth->extra1);
+		meth->extra1 = NULL;
+	}
+}
diff --git a/security/nss/lib/freebl/ecl/tests/ec2_test.c b/security/nss/lib/freebl/ecl/tests/ec2_test.c
new file mode 100644
index 000000000..cf6540221
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/tests/ec2_test.c
@@ -0,0 +1,516 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library for binary polynomial field curves.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "mpi.h"
+#include "mplogic.h"
+#include "mpprime.h"
+#include "mp_gf2m.h"
+#include "ecl.h"
+#include "ecl-curve.h"
+#include "ec2.h"
+#include <stdio.h>
+#include <strings.h>
+#include <assert.h>
+
+#include <time.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+
+/* Time k repetitions of operation op. */
+#define M_TimeOperation(op, k) { \
+	double dStart, dNow, dUserTime; \
+	struct rusage ru; \
+	int i; \
+	getrusage(RUSAGE_SELF, &ru); \
+	dStart = (double)ru.ru_utime.tv_sec+(double)ru.ru_utime.tv_usec*0.000001; \
+	for (i = 0; i < k; i++) { \
+		{ op; } \
+	}; \
+	getrusage(RUSAGE_SELF, &ru); \
+	dNow = (double)ru.ru_utime.tv_sec+(double)ru.ru_utime.tv_usec*0.000001; \
+	dUserTime = dNow-dStart; \
+	if (dUserTime) printf("    %-45s k: %6i, t: %6.2f sec\n", #op, k, dUserTime); \
+}
+
+/* Test curve using generic field arithmetic. */
+#define ECTEST_GENERIC_GF2M(name_c, name) \
+	printf("Testing %s using generic implementation...\n", name_c); \
+	params = EC_GetNamedCurveParams(name); \
+	if (params == NULL) { \
+			printf("  Error: could not construct params.\n"); \
+			res = MP_NO; \
+			goto CLEANUP; \
+	} \
+	ECGroup_free(group); \
+	group = ECGroup_fromHex(params); \
+	if (group == NULL) { \
+		printf("  Error: could not construct group.\n"); \
+		res = MP_NO; \
+		goto CLEANUP; \
+	} \
+	MP_CHECKOK( ectest_curve_GF2m(group, ectestPrint, ectestTime, 1) ); \
+	printf("... okay.\n");
+
+/* Test curve using specific field arithmetic. */
+#define ECTEST_NAMED_GF2M(name_c, name) \
+	printf("Testing %s using specific implementation...\n", name_c); \
+	ECGroup_free(group); \
+	group = ECGroup_fromName(name); \
+	if (group == NULL) { \
+		printf("  Warning: could not construct group.\n"); \
+		printf("... failed; continuing with remaining tests.\n"); \
+	} else { \
+		MP_CHECKOK( ectest_curve_GF2m(group, ectestPrint, ectestTime, 0) ); \
+		printf("... okay.\n"); \
+	}
+
+/* Performs basic tests of elliptic curve cryptography over binary
+ * polynomial fields. If tests fail, then it prints an error message,
+ * aborts, and returns an error code. Otherwise, returns 0. */
+int
+ectest_curve_GF2m(ECGroup *group, int ectestPrint, int ectestTime,
+				  int generic)
+{
+
+	mp_int one, order_1, gx, gy, rx, ry, n;
+	int size;
+	mp_err res;
+	char s[1000];
+
+	/* initialize values */
+	MP_CHECKOK(mp_init(&one));
+	MP_CHECKOK(mp_init(&order_1));
+	MP_CHECKOK(mp_init(&gx));
+	MP_CHECKOK(mp_init(&gy));
+	MP_CHECKOK(mp_init(&rx));
+	MP_CHECKOK(mp_init(&ry));
+	MP_CHECKOK(mp_init(&n));
+
+	MP_CHECKOK(mp_set_int(&one, 1));
+	MP_CHECKOK(mp_sub(&group->order, &one, &order_1));
+
+	/* encode base point */
+	if (group->meth->field_dec) {
+		MP_CHECKOK(group->meth->field_dec(&group->genx, &gx, group->meth));
+		MP_CHECKOK(group->meth->field_dec(&group->geny, &gy, group->meth));
+	} else {
+		MP_CHECKOK(mp_copy(&group->genx, &gx));
+		MP_CHECKOK(mp_copy(&group->geny, &gy));
+	}
+
+	if (ectestPrint) {
+		/* output base point */
+		printf("  base point P:\n");
+		MP_CHECKOK(mp_toradix(&gx, s, 16));
+		printf("    %s\n", s);
+		MP_CHECKOK(mp_toradix(&gy, s, 16));
+		printf("    %s\n", s);
+		if (group->meth->field_enc) {
+			printf("  base point P (encoded):\n");
+			MP_CHECKOK(mp_toradix(&group->genx, s, 16));
+			printf("    %s\n", s);
+			MP_CHECKOK(mp_toradix(&group->geny, s, 16));
+			printf("    %s\n", s);
+		}
+	}
+
+#ifdef ECL_ENABLE_GF2M_PT_MUL_AFF
+	/* multiply base point by order - 1 and check for negative of base
+	 * point */
+	MP_CHECKOK(ec_GF2m_pt_mul_aff
+			   (&order_1, &group->genx, &group->geny, &rx, &ry, group));
+	if (ectestPrint) {
+		printf("  (order-1)*P (affine):\n");
+		MP_CHECKOK(mp_toradix(&rx, s, 16));
+		printf("    %s\n", s);
+		MP_CHECKOK(mp_toradix(&ry, s, 16));
+		printf("    %s\n", s);
+	}
+	MP_CHECKOK(group->meth->field_add(&ry, &rx, &ry, group->meth));
+	if ((mp_cmp(&rx, &group->genx) != 0)
+		|| (mp_cmp(&ry, &group->geny) != 0)) {
+		printf("  Error: invalid result (expected (- base point)).\n");
+		res = MP_NO;
+		goto CLEANUP;
+	}
+#endif
+
+	/* multiply base point by order - 1 and check for negative of base
+	 * point */
+	MP_CHECKOK(ec_GF2m_pt_mul_mont
+			   (&order_1, &group->genx, &group->geny, &rx, &ry, group));
+	if (ectestPrint) {
+		printf("  (order-1)*P (montgomery):\n");
+		MP_CHECKOK(mp_toradix(&rx, s, 16));
+		printf("    %s\n", s);
+		MP_CHECKOK(mp_toradix(&ry, s, 16));
+		printf("    %s\n", s);
+	}
+	MP_CHECKOK(group->meth->field_add(&ry, &rx, &ry, group->meth));
+	if ((mp_cmp(&rx, &group->genx) != 0)
+		|| (mp_cmp(&ry, &group->geny) != 0)) {
+		printf("  Error: invalid result (expected (- base point)).\n");
+		res = MP_NO;
+		goto CLEANUP;
+	}
+
+#ifdef ECL_ENABLE_GF2M_PROJ
+	/* multiply base point by order - 1 and check for negative of base
+	 * point */
+	MP_CHECKOK(ec_GF2m_pt_mul_proj
+			   (&order_1, &group->genx, &group->geny, &rx, &ry, group));
+	if (ectestPrint) {
+		printf("  (order-1)*P (projective):\n");
+		MP_CHECKOK(mp_toradix(&rx, s, 16));
+		printf("    %s\n", s);
+		MP_CHECKOK(mp_toradix(&ry, s, 16));
+		printf("    %s\n", s);
+	}
+	MP_CHECKOK(group->meth->field_add(&ry, &rx, &ry, group->meth));
+	if ((mp_cmp(&rx, &group->genx) != 0)
+		|| (mp_cmp(&ry, &group->geny) != 0)) {
+		printf("  Error: invalid result (expected (- base point)).\n");
+		res = MP_NO;
+		goto CLEANUP;
+	}
+#endif
+
+	/* multiply base point by order - 1 and check for negative of base
+	 * point */
+	MP_CHECKOK(ECPoint_mul(group, &order_1, NULL, NULL, &rx, &ry));
+	if (ectestPrint) {
+		printf("  (order-1)*P (ECPoint_mul):\n");
+		MP_CHECKOK(mp_toradix(&rx, s, 16));
+		printf("    %s\n", s);
+		MP_CHECKOK(mp_toradix(&ry, s, 16));
+		printf("    %s\n", s);
+	}
+	MP_CHECKOK(ec_GF2m_add(&ry, &rx, &ry, group->meth));
+	if ((mp_cmp(&rx, &gx) != 0) || (mp_cmp(&ry, &gy) != 0)) {
+		printf("  Error: invalid result (expected (- base point)).\n");
+		res = MP_NO;
+		goto CLEANUP;
+	}
+
+	/* multiply base point by order - 1 and check for negative of base
+	 * point */
+	MP_CHECKOK(ECPoint_mul(group, &order_1, &gx, &gy, &rx, &ry));
+	if (ectestPrint) {
+		printf("  (order-1)*P (ECPoint_mul):\n");
+		MP_CHECKOK(mp_toradix(&rx, s, 16));
+		printf("    %s\n", s);
+		MP_CHECKOK(mp_toradix(&ry, s, 16));
+		printf("    %s\n", s);
+	}
+	MP_CHECKOK(ec_GF2m_add(&ry, &rx, &ry, group->meth));
+	if ((mp_cmp(&rx, &gx) != 0) || (mp_cmp(&ry, &gy) != 0)) {
+		printf("  Error: invalid result (expected (- base point)).\n");
+		res = MP_NO;
+		goto CLEANUP;
+	}
+
+#ifdef ECL_ENABLE_GF2M_PT_MUL_AFF
+	/* multiply base point by order and check for point at infinity */
+	MP_CHECKOK(ec_GF2m_pt_mul_aff
+			   (&group->order, &group->genx, &group->geny, &rx, &ry,
+				group));
+	if (ectestPrint) {
+		printf("  (order)*P (affine):\n");
+		MP_CHECKOK(mp_toradix(&rx, s, 16));
+		printf("    %s\n", s);
+		MP_CHECKOK(mp_toradix(&ry, s, 16));
+		printf("    %s\n", s);
+	}
+	if (ec_GF2m_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+		printf("  Error: invalid result (expected point at infinity).\n");
+		res = MP_NO;
+		goto CLEANUP;
+	}
+#endif
+
+	/* multiply base point by order and check for point at infinity */
+	MP_CHECKOK(ec_GF2m_pt_mul_mont
+			   (&group->order, &group->genx, &group->geny, &rx, &ry,
+				group));
+	if (ectestPrint) {
+		printf("  (order)*P (montgomery):\n");
+		MP_CHECKOK(mp_toradix(&rx, s, 16));
+		printf("    %s\n", s);
+		MP_CHECKOK(mp_toradix(&ry, s, 16));
+		printf("    %s\n", s);
+	}
+	if (ec_GF2m_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+		printf("  Error: invalid result (expected point at infinity).\n");
+		res = MP_NO;
+		goto CLEANUP;
+	}
+
+#ifdef ECL_ENABLE_GF2M_PROJ
+	/* multiply base point by order and check for point at infinity */
+	MP_CHECKOK(ec_GF2m_pt_mul_proj
+			   (&group->order, &group->genx, &group->geny, &rx, &ry,
+				group));
+	if (ectestPrint) {
+		printf("  (order)*P (projective):\n");
+		MP_CHECKOK(mp_toradix(&rx, s, 16));
+		printf("    %s\n", s);
+		MP_CHECKOK(mp_toradix(&ry, s, 16));
+		printf("    %s\n", s);
+	}
+	if (ec_GF2m_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+		printf("  Error: invalid result (expected point at infinity).\n");
+		res = MP_NO;
+		goto CLEANUP;
+	}
+#endif
+
+	/* multiply base point by order and check for point at infinity */
+	MP_CHECKOK(ECPoint_mul(group, &group->order, NULL, NULL, &rx, &ry));
+	if (ectestPrint) {
+		printf("  (order)*P (ECPoint_mul):\n");
+		MP_CHECKOK(mp_toradix(&rx, s, 16));
+		printf("    %s\n", s);
+		MP_CHECKOK(mp_toradix(&ry, s, 16));
+		printf("    %s\n", s);
+	}
+	if (ec_GF2m_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+		printf("  Error: invalid result (expected point at infinity).\n");
+		res = MP_NO;
+		goto CLEANUP;
+	}
+
+	/* multiply base point by order and check for point at infinity */
+	MP_CHECKOK(ECPoint_mul(group, &group->order, &gx, &gy, &rx, &ry));
+	if (ectestPrint) {
+		printf("  (order)*P (ECPoint_mul):\n");
+		MP_CHECKOK(mp_toradix(&rx, s, 16));
+		printf("    %s\n", s);
+		MP_CHECKOK(mp_toradix(&ry, s, 16));
+		printf("    %s\n", s);
+	}
+	if (ec_GF2m_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+		printf("  Error: invalid result (expected point at infinity).\n");
+		res = MP_NO;
+		goto CLEANUP;
+	}
+
+	/* check that (order-1)P + (order-1)P + P == (order-1)P */
+	MP_CHECKOK(ECPoints_mul
+			   (group, &order_1, &order_1, &gx, &gy, &rx, &ry));
+	MP_CHECKOK(ECPoints_mul(group, &one, &one, &rx, &ry, &rx, &ry));
+	if (ectestPrint) {
+		printf
+			("  (order-1)*P + (order-1)*P + P == (order-1)*P (ECPoints_mul):\n");
+		MP_CHECKOK(mp_toradix(&rx, s, 16));
+		printf("    %s\n", s);
+		MP_CHECKOK(mp_toradix(&ry, s, 16));
+		printf("    %s\n", s);
+	}
+	MP_CHECKOK(ec_GF2m_add(&ry, &rx, &ry, group->meth));
+	if ((mp_cmp(&rx, &gx) != 0) || (mp_cmp(&ry, &gy) != 0)) {
+		printf("  Error: invalid result (expected (- base point)).\n");
+		res = MP_NO;
+		goto CLEANUP;
+	}
+
+	/* test validate_point function */
+	if (ECPoint_validate(group, &gx, &gy) != MP_YES) {
+		printf("  Error: validate point on base point failed.\n");
+		res = MP_NO;
+		goto CLEANUP;
+	}
+	MP_CHECKOK(mp_add_d(&gy, 1, &ry));
+	if (ECPoint_validate(group, &gx, &ry) != MP_NO) {
+		printf("  Error: validate point on invalid point passed.\n");
+		res = MP_NO;
+		goto CLEANUP;
+	}
+
+	if (ectestTime) {
+		/* compute random scalar */
+		size = mpl_significant_bits(&group->meth->irr);
+		if (size < MP_OKAY) {
+			goto CLEANUP;
+		}
+		MP_CHECKOK(mpp_random_size(&n, (size + ECL_BITS - 1) / ECL_BITS));
+		MP_CHECKOK(group->meth->field_mod(&n, &n, group->meth));
+		/* timed test */
+		if (generic) {
+#ifdef ECL_ENABLE_GF2M_PT_MUL_AFF
+			M_TimeOperation(MP_CHECKOK
+							(ec_GF2m_pt_mul_aff
+							 (&n, &group->genx, &group->geny, &rx, &ry,
+							  group)), 100);
+#endif
+			M_TimeOperation(MP_CHECKOK
+							(ECPoint_mul(group, &n, NULL, NULL, &rx, &ry)),
+							100);
+			M_TimeOperation(MP_CHECKOK
+							(ECPoints_mul
+							 (group, &n, &n, &gx, &gy, &rx, &ry)), 100);
+		} else {
+			M_TimeOperation(MP_CHECKOK
+							(ECPoint_mul(group, &n, NULL, NULL, &rx, &ry)),
+							100);
+			M_TimeOperation(MP_CHECKOK
+							(ECPoint_mul(group, &n, &gx, &gy, &rx, &ry)),
+							100);
+			M_TimeOperation(MP_CHECKOK
+							(ECPoints_mul
+							 (group, &n, &n, &gx, &gy, &rx, &ry)), 100);
+		}
+	}
+
+  CLEANUP:
+	mp_clear(&one);
+	mp_clear(&order_1);
+	mp_clear(&gx);
+	mp_clear(&gy);
+	mp_clear(&rx);
+	mp_clear(&ry);
+	mp_clear(&n);
+	if (res != MP_OKAY) {
+		printf("  Error: exiting with error value %i\n", res);
+	}
+	return res;
+}
+
+/* Prints help information. */
+void
+printUsage()
+{
+	printf("Usage: ecp_test [--print] [--time]\n");
+	printf
+		("	--print     Print out results of each point arithmetic test.\n");
+	printf
+		("	--time      Benchmark point operations and print results.\n");
+}
+
+/* Performs tests of elliptic curve cryptography over binary polynomial
+ * fields. If tests fail, then it prints an error message, aborts, and
+ * returns an error code. Otherwise, returns 0. */
+int
+main(int argv, char **argc)
+{
+
+	int ectestTime = 0;
+	int ectestPrint = 0;
+	int i;
+	ECGroup *group = NULL;
+	ECCurveParams *params = NULL;
+	mp_err res;
+
+	/* read command-line arguments */
+	for (i = 1; i < argv; i++) {
+		if ((strcasecmp(argc[i], "time") == 0)
+			|| (strcasecmp(argc[i], "-time") == 0)
+			|| (strcasecmp(argc[i], "--time") == 0)) {
+			ectestTime = 1;
+		} else if ((strcasecmp(argc[i], "print") == 0)
+				   || (strcasecmp(argc[i], "-print") == 0)
+				   || (strcasecmp(argc[i], "--print") == 0)) {
+			ectestPrint = 1;
+		} else {
+			printUsage();
+			return 0;
+		}
+	}
+
+	/* generic arithmetic tests */
+	ECTEST_GENERIC_GF2M("SECT-131R1", ECCurve_SECG_CHAR2_131R1);
+
+	/* specific arithmetic tests */
+	ECTEST_NAMED_GF2M("NIST-K163", ECCurve_NIST_K163);
+	ECTEST_NAMED_GF2M("NIST-B163", ECCurve_NIST_B163);
+	ECTEST_NAMED_GF2M("NIST-K233", ECCurve_NIST_K233);
+	ECTEST_NAMED_GF2M("NIST-B233", ECCurve_NIST_B233);
+	ECTEST_NAMED_GF2M("NIST-K283", ECCurve_NIST_K283);
+	ECTEST_NAMED_GF2M("NIST-B283", ECCurve_NIST_B283);
+	ECTEST_NAMED_GF2M("NIST-K409", ECCurve_NIST_K409);
+	ECTEST_NAMED_GF2M("NIST-B409", ECCurve_NIST_B409);
+	ECTEST_NAMED_GF2M("NIST-K571", ECCurve_NIST_K571);
+	ECTEST_NAMED_GF2M("NIST-B571", ECCurve_NIST_B571);
+	ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB163V1", ECCurve_X9_62_CHAR2_PNB163V1);
+	ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB163V2", ECCurve_X9_62_CHAR2_PNB163V2);
+	ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB163V3", ECCurve_X9_62_CHAR2_PNB163V3);
+	ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB176V1", ECCurve_X9_62_CHAR2_PNB176V1);
+	ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB191V1", ECCurve_X9_62_CHAR2_TNB191V1);
+	ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB191V2", ECCurve_X9_62_CHAR2_TNB191V2);
+	ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB191V3", ECCurve_X9_62_CHAR2_TNB191V3);
+	ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB208W1", ECCurve_X9_62_CHAR2_PNB208W1);
+	ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB239V1", ECCurve_X9_62_CHAR2_TNB239V1);
+	ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB239V2", ECCurve_X9_62_CHAR2_TNB239V2);
+	ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB239V3", ECCurve_X9_62_CHAR2_TNB239V3);
+	ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB272W1", ECCurve_X9_62_CHAR2_PNB272W1);
+	ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB304W1", ECCurve_X9_62_CHAR2_PNB304W1);
+	ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB359V1", ECCurve_X9_62_CHAR2_TNB359V1);
+	ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB368W1", ECCurve_X9_62_CHAR2_PNB368W1);
+	ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB431R1", ECCurve_X9_62_CHAR2_TNB431R1);
+	ECTEST_NAMED_GF2M("SECT-113R1", ECCurve_SECG_CHAR2_113R1);
+	ECTEST_NAMED_GF2M("SECT-113R2", ECCurve_SECG_CHAR2_113R2);
+	ECTEST_NAMED_GF2M("SECT-131R1", ECCurve_SECG_CHAR2_131R1);
+	ECTEST_NAMED_GF2M("SECT-131R2", ECCurve_SECG_CHAR2_131R2);
+	ECTEST_NAMED_GF2M("SECT-163K1", ECCurve_SECG_CHAR2_163K1);
+	ECTEST_NAMED_GF2M("SECT-163R1", ECCurve_SECG_CHAR2_163R1);
+	ECTEST_NAMED_GF2M("SECT-163R2", ECCurve_SECG_CHAR2_163R2);
+	ECTEST_NAMED_GF2M("SECT-193R1", ECCurve_SECG_CHAR2_193R1);
+	ECTEST_NAMED_GF2M("SECT-193R2", ECCurve_SECG_CHAR2_193R2);
+	ECTEST_NAMED_GF2M("SECT-233K1", ECCurve_SECG_CHAR2_233K1);
+	ECTEST_NAMED_GF2M("SECT-233R1", ECCurve_SECG_CHAR2_233R1);
+	ECTEST_NAMED_GF2M("SECT-239K1", ECCurve_SECG_CHAR2_239K1);
+	ECTEST_NAMED_GF2M("SECT-283K1", ECCurve_SECG_CHAR2_283K1);
+	ECTEST_NAMED_GF2M("SECT-283R1", ECCurve_SECG_CHAR2_283R1);
+	ECTEST_NAMED_GF2M("SECT-409K1", ECCurve_SECG_CHAR2_409K1);
+	ECTEST_NAMED_GF2M("SECT-409R1", ECCurve_SECG_CHAR2_409R1);
+	ECTEST_NAMED_GF2M("SECT-571K1", ECCurve_SECG_CHAR2_571K1);
+	ECTEST_NAMED_GF2M("SECT-571R1", ECCurve_SECG_CHAR2_571R1);
+	ECTEST_NAMED_GF2M("WTLS-1 (113)", ECCurve_WTLS_1);
+	ECTEST_NAMED_GF2M("WTLS-3 (163)", ECCurve_WTLS_3);
+	ECTEST_NAMED_GF2M("WTLS-4 (113)", ECCurve_WTLS_4);
+	ECTEST_NAMED_GF2M("WTLS-5 (163)", ECCurve_WTLS_5);
+	ECTEST_NAMED_GF2M("WTLS-10 (233)", ECCurve_WTLS_10);
+	ECTEST_NAMED_GF2M("WTLS-11 (233)", ECCurve_WTLS_11);
+
+  CLEANUP:
+	EC_FreeCurveParams(params);
+	ECGroup_free(group);
+	if (res != MP_OKAY) {
+		printf("Error: exiting with error value %i\n", res);
+	}
+	return res;
+}
diff --git a/security/nss/lib/freebl/ecl/tests/ec_naft.c b/security/nss/lib/freebl/ecl/tests/ec_naft.c
new file mode 100644
index 000000000..490794db7
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/tests/ec_naft.c
@@ -0,0 +1,151 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Stephen Fung <fungstep@hotmail.com>, Sun Microsystems Laboratories
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "mpi.h"
+#include "mplogic.h"
+#include "ecl.h"
+#include "ecp.h"
+#include "ecl-priv.h"
+
+#include <sys/types.h>
+#include <stdio.h>
+#include <time.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+
+/* Returns 2^e as an integer. This is meant to be used for small powers of 
+ * two. */
+int ec_twoTo(int e);
+
+/* Number of bits of scalar to test */
+#define BITSIZE 160
+
+/* Time k repetitions of operation op. */
+#define M_TimeOperation(op, k) { \
+	double dStart, dNow, dUserTime; \
+	struct rusage ru; \
+	int i; \
+	getrusage(RUSAGE_SELF, &ru); \
+	dStart = (double)ru.ru_utime.tv_sec+(double)ru.ru_utime.tv_usec*0.000001; \
+	for (i = 0; i < k; i++) { \
+		{ op; } \
+	}; \
+	getrusage(RUSAGE_SELF, &ru); \
+	dNow = (double)ru.ru_utime.tv_sec+(double)ru.ru_utime.tv_usec*0.000001; \
+	dUserTime = dNow-dStart; \
+	if (dUserTime) printf("    %-45s\n      k: %6i, t: %6.2f sec\n", #op, k, dUserTime); \
+}
+
+/* Tests wNAF computation. Non-adjacent-form is discussed in the paper: D. 
+ * Hankerson, J. Hernandez and A. Menezes, "Software implementation of
+ * elliptic curve cryptography over binary fields", Proc. CHES 2000. */
+
+mp_err
+main(void)
+{
+	signed char naf[BITSIZE + 1];
+	ECGroup *group = NULL;
+	mp_int k;
+	mp_int *scalar;
+	int i, count;
+	int res;
+	int w = 5;
+	char s[1000];
+
+	/* Get a 160 bit scalar to compute wNAF from */
+	group = ECGroup_fromName(ECCurve_SECG_PRIME_160R1);
+	scalar = &group->genx;
+
+	/* Compute wNAF representation of scalar */
+	ec_compute_wNAF(naf, BITSIZE, scalar, w);
+
+	/* Verify correctness of representation */
+	mp_init(&k);				/* init k to 0 */
+
+	for (i = BITSIZE; i >= 0; i--) {
+		mp_add(&k, &k, &k);
+		/* digits in mp_???_d are unsigned */
+		if (naf[i] >= 0) {
+			mp_add_d(&k, naf[i], &k);
+		} else {
+			mp_sub_d(&k, -naf[i], &k);
+		}
+	}
+
+	if (mp_cmp(&k, scalar) != 0) {
+		printf("Error:  incorrect NAF value.\n");
+		MP_CHECKOK(mp_toradix(&k, s, 16));
+		printf("NAF value   %s\n", s);
+		MP_CHECKOK(mp_toradix(scalar, s, 16));
+		printf("original value   %s\n", s);
+		goto CLEANUP;
+	}
+
+	/* Verify digits of representation are valid */
+	for (i = 0; i <= BITSIZE; i++) {
+		if (naf[i] % 2 == 0 && naf[i] != 0) {
+			printf("Error:  Even non-zero digit found.\n");
+			goto CLEANUP;
+		}
+		if (naf[i] < -(ec_twoTo(w - 1)) || naf[i] >= ec_twoTo(w - 1)) {
+			printf("Error:  Magnitude of naf digit too large.\n");
+			goto CLEANUP;
+		}
+	}
+
+	/* Verify sparsity of representation */
+	count = w - 1;
+	for (i = 0; i <= BITSIZE; i++) {
+		if (naf[i] != 0) {
+			if (count < w - 1) {
+				printf("Error:  Sparsity failed.\n");
+				goto CLEANUP;
+			}
+			count = 0;
+		} else
+			count++;
+	}
+
+	/* Check timing */
+	M_TimeOperation(ec_compute_wNAF(naf, BITSIZE, scalar, w), 10000);
+
+	printf("Test passed.\n");
+  CLEANUP:
+	ECGroup_free(group);
+	return MP_OKAY;
+}
diff --git a/security/nss/lib/freebl/ecl/tests/ecp_fpt.c b/security/nss/lib/freebl/ecl/tests/ecp_fpt.c
new file mode 100644
index 000000000..538f4d018
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/tests/ecp_fpt.c
@@ -0,0 +1,1123 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library for prime field curves using floating point operations.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Stephen Fung <fungstep@hotmail.com> and
+ *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "ecp_fp.h"
+#include "mpprime.h"
+
+#include <stdio.h>
+#include <time.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+
+/* Time k repetitions of operation op. */
+#define M_TimeOperation(op, k) { \
+  double dStart, dNow, dUserTime; \
+  struct rusage ru; \
+  int i; \
+  getrusage(RUSAGE_SELF, &ru); \
+  dStart = (double)ru.ru_utime.tv_sec+(double)ru.ru_utime.tv_usec*0.000001; \
+  for (i = 0; i < k; i++) { \
+    { op; } \
+  }; \
+  getrusage(RUSAGE_SELF, &ru); \
+  dNow = (double)ru.ru_utime.tv_sec+(double)ru.ru_utime.tv_usec*0.000001; \
+  dUserTime = dNow-dStart; \
+  if (dUserTime) printf("    %-45s\n      k: %6i, t: %6.2f sec, k/t: %6.2f ops/sec\n", #op, k, dUserTime, k/dUserTime); \
+}
+
+/* Test curve using specific floating point field arithmetic. */
+#define M_TestCurve(name_c, name) { \
+  printf("Testing %s using specific floating point implementation...\n", name_c); \
+  ECGroup_free(ecgroup); \
+  ecgroup = ECGroup_fromName(name); \
+  if (ecgroup == NULL) { \
+    printf("  Warning: could not construct group.\n"); \
+    printf("%s failed.\n", name_c); \
+    res = MP_NO; \
+    goto CLEANUP; \
+  } else { \
+    MP_CHECKOK( testCurve(ecgroup)); \
+    printf("%s passed.\n", name_c); \
+  } \
+}
+
+/* Outputs a floating point double (currently not used) */
+void
+d_output(const double *u, int len, char *name, const EC_group_fp * group)
+{
+	int i;
+
+	printf("%s:  ", name);
+	for (i = 0; i < len; i++) {
+		printf("+ %.2f * 2^%i ", u[i] / ecfp_exp[i],
+			   group->doubleBitSize * i);
+	}
+	printf("\n");
+}
+
+/* Tests a point p in Jacobian coordinates, comparing against the
+ * expected affine result (x, y). */
+mp_err
+testJacPoint(ecfp_jac_pt * p, mp_int *x, mp_int *y, ECGroup *ecgroup)
+{
+	char s[1000];
+	mp_int rx, ry, rz;
+	mp_err res = MP_OKAY;
+
+	MP_DIGITS(&rx) = 0;
+	MP_DIGITS(&ry) = 0;
+	MP_DIGITS(&rz) = 0;
+
+	MP_CHECKOK(mp_init(&rx));
+	MP_CHECKOK(mp_init(&ry));
+	MP_CHECKOK(mp_init(&rz));
+
+	ecfp_fp2i(&rx, p->x, ecgroup);
+	ecfp_fp2i(&ry, p->y, ecgroup);
+	ecfp_fp2i(&rz, p->z, ecgroup);
+
+	/* convert result R to affine coordinates */
+	ec_GFp_pt_jac2aff(&rx, &ry, &rz, &rx, &ry, ecgroup);
+
+	/* Compare to expected result */
+	if ((mp_cmp(&rx, x) != 0) || (mp_cmp(&ry, y) != 0)) {
+		printf("  Error: Jacobian Floating Point Incorrect.\n");
+		MP_CHECKOK(mp_toradix(&rx, s, 16));
+		printf("floating point result\nrx    %s\n", s);
+		MP_CHECKOK(mp_toradix(&ry, s, 16));
+		printf("ry    %s\n", s);
+		MP_CHECKOK(mp_toradix(x, s, 16));
+		printf("integer result\nx   %s\n", s);
+		MP_CHECKOK(mp_toradix(y, s, 16));
+		printf("y   %s\n", s);
+		res = MP_NO;
+		goto CLEANUP;
+	}
+
+  CLEANUP:
+	mp_clear(&rx);
+	mp_clear(&ry);
+	mp_clear(&rz);
+
+	return res;
+}
+
+/* Tests a point p in Chudnovsky Jacobian coordinates, comparing against
+ * the expected affine result (x, y). */
+mp_err
+testChudPoint(ecfp_chud_pt * p, mp_int *x, mp_int *y, ECGroup *ecgroup)
+{
+
+	char s[1000];
+	mp_int rx, ry, rz, rz2, rz3, test;
+	mp_err res = MP_OKAY;
+
+	/* Initialization */
+	MP_DIGITS(&rx) = 0;
+	MP_DIGITS(&ry) = 0;
+	MP_DIGITS(&rz) = 0;
+	MP_DIGITS(&rz2) = 0;
+	MP_DIGITS(&rz3) = 0;
+	MP_DIGITS(&test) = 0;
+
+	MP_CHECKOK(mp_init(&rx));
+	MP_CHECKOK(mp_init(&ry));
+	MP_CHECKOK(mp_init(&rz));
+	MP_CHECKOK(mp_init(&rz2));
+	MP_CHECKOK(mp_init(&rz3));
+	MP_CHECKOK(mp_init(&test));
+
+	/* Convert to integers */
+	ecfp_fp2i(&rx, p->x, ecgroup);
+	ecfp_fp2i(&ry, p->y, ecgroup);
+	ecfp_fp2i(&rz, p->z, ecgroup);
+	ecfp_fp2i(&rz2, p->z2, ecgroup);
+	ecfp_fp2i(&rz3, p->z3, ecgroup);
+
+	/* Verify z2, z3 are valid */
+	mp_sqrmod(&rz, &ecgroup->meth->irr, &test);
+	if (mp_cmp(&test, &rz2) != 0) {
+		printf("  Error: rzp2 not valid\n");
+		res = MP_NO;
+		goto CLEANUP;
+	}
+	mp_mulmod(&test, &rz, &ecgroup->meth->irr, &test);
+	if (mp_cmp(&test, &rz3) != 0) {
+		printf("  Error: rzp2 not valid\n");
+		res = MP_NO;
+		goto CLEANUP;
+	}
+
+	/* convert result R to affine coordinates */
+	ec_GFp_pt_jac2aff(&rx, &ry, &rz, &rx, &ry, ecgroup);
+
+	/* Compare against expected result */
+	if ((mp_cmp(&rx, x) != 0) || (mp_cmp(&ry, y) != 0)) {
+		printf("  Error: Chudnovsky Floating Point Incorrect.\n");
+		MP_CHECKOK(mp_toradix(&rx, s, 16));
+		printf("floating point result\nrx    %s\n", s);
+		MP_CHECKOK(mp_toradix(&ry, s, 16));
+		printf("ry    %s\n", s);
+		MP_CHECKOK(mp_toradix(x, s, 16));
+		printf("integer result\nx   %s\n", s);
+		MP_CHECKOK(mp_toradix(y, s, 16));
+		printf("y   %s\n", s);
+		res = MP_NO;
+		goto CLEANUP;
+	}
+
+  CLEANUP:
+	mp_clear(&rx);
+	mp_clear(&ry);
+	mp_clear(&rz);
+	mp_clear(&rz2);
+	mp_clear(&rz3);
+	mp_clear(&test);
+
+	return res;
+}
+
+/* Tests a point p in Modified Jacobian coordinates, comparing against the 
+ * expected affine result (x, y). */
+mp_err
+testJmPoint(ecfp_jm_pt * r, mp_int *x, mp_int *y, ECGroup *ecgroup)
+{
+
+	char s[1000];
+	mp_int rx, ry, rz, raz4, test;
+	mp_err res = MP_OKAY;
+
+	/* Initialization */
+	MP_DIGITS(&rx) = 0;
+	MP_DIGITS(&ry) = 0;
+	MP_DIGITS(&rz) = 0;
+	MP_DIGITS(&raz4) = 0;
+	MP_DIGITS(&test) = 0;
+
+	MP_CHECKOK(mp_init(&rx));
+	MP_CHECKOK(mp_init(&ry));
+	MP_CHECKOK(mp_init(&rz));
+	MP_CHECKOK(mp_init(&raz4));
+	MP_CHECKOK(mp_init(&test));
+
+	/* Convert to integer */
+	ecfp_fp2i(&rx, r->x, ecgroup);
+	ecfp_fp2i(&ry, r->y, ecgroup);
+	ecfp_fp2i(&rz, r->z, ecgroup);
+	ecfp_fp2i(&raz4, r->az4, ecgroup);
+
+	/* Verify raz4 = rz^4 * a */
+	mp_sqrmod(&rz, &ecgroup->meth->irr, &test);
+	mp_sqrmod(&test, &ecgroup->meth->irr, &test);
+	mp_mulmod(&test, &ecgroup->curvea, &ecgroup->meth->irr, &test);
+	if (mp_cmp(&test, &raz4) != 0) {
+		printf("  Error: a*z^4 not valid\n");
+		MP_CHECKOK(mp_toradix(&ecgroup->curvea, s, 16));
+		printf("a    %s\n", s);
+		MP_CHECKOK(mp_toradix(&rz, s, 16));
+		printf("rz   %s\n", s);
+		MP_CHECKOK(mp_toradix(&raz4, s, 16));
+		printf("raz4    %s\n", s);
+		res = MP_NO;
+		goto CLEANUP;
+	}
+
+	/* convert result R to affine coordinates */
+	ec_GFp_pt_jac2aff(&rx, &ry, &rz, &rx, &ry, ecgroup);
+
+	/* Compare against expected result */
+	if ((mp_cmp(&rx, x) != 0) || (mp_cmp(&ry, y) != 0)) {
+		printf("  Error: Modified Jacobian Floating Point Incorrect.\n");
+		MP_CHECKOK(mp_toradix(&rx, s, 16));
+		printf("floating point result\nrx    %s\n", s);
+		MP_CHECKOK(mp_toradix(&ry, s, 16));
+		printf("ry    %s\n", s);
+		MP_CHECKOK(mp_toradix(x, s, 16));
+		printf("integer result\nx   %s\n", s);
+		MP_CHECKOK(mp_toradix(y, s, 16));
+		printf("y   %s\n", s);
+		res = MP_NO;
+		goto CLEANUP;
+	}
+  CLEANUP:
+	mp_clear(&rx);
+	mp_clear(&ry);
+	mp_clear(&rz);
+	mp_clear(&raz4);
+	mp_clear(&test);
+
+	return res;
+}
+
+/* Tests point addition of Jacobian + Affine -> Jacobian */
+mp_err
+testPointAddJacAff(ECGroup *ecgroup)
+{
+	mp_err res;
+	mp_int pz, rx2, ry2, rz2;
+	ecfp_jac_pt p, r;
+	ecfp_aff_pt q;
+	EC_group_fp *group = (EC_group_fp *) ecgroup->extra1;
+
+	/* Init */
+	MP_DIGITS(&pz) = 0;
+	MP_DIGITS(&rx2) = 0;
+	MP_DIGITS(&ry2) = 0;
+	MP_DIGITS(&rz2) = 0;
+	MP_CHECKOK(mp_init(&pz));
+	MP_CHECKOK(mp_init(&rx2));
+	MP_CHECKOK(mp_init(&ry2));
+	MP_CHECKOK(mp_init(&rz2));
+
+	MP_CHECKOK(mp_set_int(&pz, 5));
+
+	/* Set p */
+	ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
+	ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
+	ecfp_i2fp(p.z, &pz, ecgroup);
+	/* Set q */
+	ecfp_i2fp(q.x, &ecgroup->geny, ecgroup);
+	ecfp_i2fp(q.y, &ecgroup->genx, ecgroup);
+
+	/* Do calculations */
+	group->pt_add_jac_aff(&p, &q, &r, group);
+
+	/* Do calculation in integer to compare against */
+	MP_CHECKOK(ec_GFp_pt_add_jac_aff
+			   (&ecgroup->genx, &ecgroup->geny, &pz, &ecgroup->geny,
+				&ecgroup->genx, &rx2, &ry2, &rz2, ecgroup));
+	/* convert result R to affine coordinates */
+	ec_GFp_pt_jac2aff(&rx2, &ry2, &rz2, &rx2, &ry2, ecgroup);
+
+	MP_CHECKOK(testJacPoint(&r, &rx2, &ry2, ecgroup));
+
+  CLEANUP:
+	if (res == MP_OKAY)
+		printf("  Test Passed - Point Addition - Jacobian & Affine\n");
+	else
+		printf("TEST FAILED - Point Addition - Jacobian & Affine\n");
+
+	mp_clear(&pz);
+	mp_clear(&rx2);
+	mp_clear(&ry2);
+	mp_clear(&rz2);
+
+	return res;
+}
+
+/* Tests point addition in Jacobian coordinates */
+mp_err
+testPointAddJac(ECGroup *ecgroup)
+{
+	mp_err res;
+	mp_int pz, qz, qx, qy, rx2, ry2, rz2;
+	ecfp_jac_pt p, q, r;
+	EC_group_fp *group = (EC_group_fp *) ecgroup->extra1;
+
+	/* Init */
+	MP_DIGITS(&pz) = 0;
+	MP_DIGITS(&qx) = 0;
+	MP_DIGITS(&qy) = 0;
+	MP_DIGITS(&qz) = 0;
+	MP_DIGITS(&rx2) = 0;
+	MP_DIGITS(&ry2) = 0;
+	MP_DIGITS(&rz2) = 0;
+	MP_CHECKOK(mp_init(&pz));
+	MP_CHECKOK(mp_init(&qx));
+	MP_CHECKOK(mp_init(&qy));
+	MP_CHECKOK(mp_init(&qz));
+	MP_CHECKOK(mp_init(&rx2));
+	MP_CHECKOK(mp_init(&ry2));
+	MP_CHECKOK(mp_init(&rz2));
+
+	MP_CHECKOK(mp_set_int(&pz, 5));
+	MP_CHECKOK(mp_set_int(&qz, 105));
+
+	/* Set p */
+	ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
+	ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
+	ecfp_i2fp(p.z, &pz, ecgroup);
+	/* Set q */
+	ecfp_i2fp(q.x, &ecgroup->geny, ecgroup);
+	ecfp_i2fp(q.y, &ecgroup->genx, ecgroup);
+	ecfp_i2fp(q.z, &qz, ecgroup);
+
+	/* Do calculations */
+	group->pt_add_jac(&p, &q, &r, group);
+
+	/* Do calculation in integer to compare against */
+	ec_GFp_pt_jac2aff(&ecgroup->geny, &ecgroup->genx, &qz, &qx, &qy,
+					  ecgroup);
+	MP_CHECKOK(ec_GFp_pt_add_jac_aff
+			   (&ecgroup->genx, &ecgroup->geny, &pz, &qx, &qy, &rx2, &ry2,
+				&rz2, ecgroup));
+	/* convert result R to affine coordinates */
+	ec_GFp_pt_jac2aff(&rx2, &ry2, &rz2, &rx2, &ry2, ecgroup);
+
+	MP_CHECKOK(testJacPoint(&r, &rx2, &ry2, ecgroup));
+
+  CLEANUP:
+	if (res == MP_OKAY)
+		printf("  Test Passed - Point Addition - Jacobian\n");
+	else
+		printf("TEST FAILED - Point Addition - Jacobian\n");
+
+	mp_clear(&pz);
+	mp_clear(&qx);
+	mp_clear(&qy);
+	mp_clear(&qz);
+	mp_clear(&rx2);
+	mp_clear(&ry2);
+	mp_clear(&rz2);
+
+	return res;
+}
+
+/* Tests point addition in Chudnovsky Jacobian Coordinates */
+mp_err
+testPointAddChud(ECGroup *ecgroup)
+{
+	mp_err res;
+	mp_int rx2, ry2, ix, iy, iz, test, pz, qx, qy, qz;
+	ecfp_chud_pt p, q, r;
+	EC_group_fp *group = (EC_group_fp *) ecgroup->extra1;
+
+	MP_DIGITS(&qx) = 0;
+	MP_DIGITS(&qy) = 0;
+	MP_DIGITS(&qz) = 0;
+	MP_DIGITS(&pz) = 0;
+	MP_DIGITS(&rx2) = 0;
+	MP_DIGITS(&ry2) = 0;
+	MP_DIGITS(&ix) = 0;
+	MP_DIGITS(&iy) = 0;
+	MP_DIGITS(&iz) = 0;
+	MP_DIGITS(&test) = 0;
+
+	MP_CHECKOK(mp_init(&qx));
+	MP_CHECKOK(mp_init(&qy));
+	MP_CHECKOK(mp_init(&qz));
+	MP_CHECKOK(mp_init(&pz));
+	MP_CHECKOK(mp_init(&rx2));
+	MP_CHECKOK(mp_init(&ry2));
+	MP_CHECKOK(mp_init(&ix));
+	MP_CHECKOK(mp_init(&iy));
+	MP_CHECKOK(mp_init(&iz));
+	MP_CHECKOK(mp_init(&test));
+
+	/* Test Chudnovsky form addition */
+	/* Set p */
+	MP_CHECKOK(mp_set_int(&pz, 5));
+	ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
+	ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
+	ecfp_i2fp(p.z, &pz, ecgroup);
+	mp_sqrmod(&pz, &ecgroup->meth->irr, &test);
+	ecfp_i2fp(p.z2, &test, ecgroup);
+	mp_mulmod(&test, &pz, &ecgroup->meth->irr, &test);
+	ecfp_i2fp(p.z3, &test, ecgroup);
+
+	/* Set q */
+	MP_CHECKOK(mp_set_int(&qz, 105));
+	ecfp_i2fp(q.x, &ecgroup->geny, ecgroup);
+	ecfp_i2fp(q.y, &ecgroup->genx, ecgroup);
+	ecfp_i2fp(q.z, &qz, ecgroup);
+	mp_sqrmod(&qz, &ecgroup->meth->irr, &test);
+	ecfp_i2fp(q.z2, &test, ecgroup);
+	mp_mulmod(&test, &qz, &ecgroup->meth->irr, &test);
+	ecfp_i2fp(q.z3, &test, ecgroup);
+
+	group->pt_add_chud(&p, &q, &r, group);
+
+	/* Calculate addition to compare against */
+	ec_GFp_pt_jac2aff(&ecgroup->geny, &ecgroup->genx, &qz, &qx, &qy,
+					  ecgroup);
+	ec_GFp_pt_add_jac_aff(&ecgroup->genx, &ecgroup->geny, &pz, &qx, &qy,
+						  &ix, &iy, &iz, ecgroup);
+	ec_GFp_pt_jac2aff(&ix, &iy, &iz, &rx2, &ry2, ecgroup);
+
+	MP_CHECKOK(testChudPoint(&r, &rx2, &ry2, ecgroup));
+
+  CLEANUP:
+	if (res == MP_OKAY)
+		printf("  Test Passed - Point Addition - Chudnovsky Jacobian\n");
+	else
+		printf("TEST FAILED - Point Addition - Chudnovsky Jacobian\n");
+
+	mp_clear(&qx);
+	mp_clear(&qy);
+	mp_clear(&qz);
+	mp_clear(&pz);
+	mp_clear(&rx2);
+	mp_clear(&ry2);
+	mp_clear(&ix);
+	mp_clear(&iy);
+	mp_clear(&iz);
+	mp_clear(&test);
+
+	return res;
+}
+
+/* Tests point addition in Modified Jacobian + Chudnovsky Jacobian ->
+ * Modified Jacobian coordinates. */
+mp_err
+testPointAddJmChud(ECGroup *ecgroup)
+{
+	mp_err res;
+	mp_int rx2, ry2, ix, iy, iz, test, pz, paz4, qx, qy, qz;
+	ecfp_chud_pt q;
+	ecfp_jm_pt p, r;
+	EC_group_fp *group = (EC_group_fp *) ecgroup->extra1;
+
+	MP_DIGITS(&qx) = 0;
+	MP_DIGITS(&qy) = 0;
+	MP_DIGITS(&qz) = 0;
+	MP_DIGITS(&pz) = 0;
+	MP_DIGITS(&paz4) = 0;
+	MP_DIGITS(&iz) = 0;
+	MP_DIGITS(&rx2) = 0;
+	MP_DIGITS(&ry2) = 0;
+	MP_DIGITS(&ix) = 0;
+	MP_DIGITS(&iy) = 0;
+	MP_DIGITS(&iz) = 0;
+	MP_DIGITS(&test) = 0;
+
+	MP_CHECKOK(mp_init(&qx));
+	MP_CHECKOK(mp_init(&qy));
+	MP_CHECKOK(mp_init(&qz));
+	MP_CHECKOK(mp_init(&pz));
+	MP_CHECKOK(mp_init(&paz4));
+	MP_CHECKOK(mp_init(&rx2));
+	MP_CHECKOK(mp_init(&ry2));
+	MP_CHECKOK(mp_init(&ix));
+	MP_CHECKOK(mp_init(&iy));
+	MP_CHECKOK(mp_init(&iz));
+	MP_CHECKOK(mp_init(&test));
+
+	/* Test Modified Jacobian form addition */
+	/* Set p */
+	ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
+	ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
+	ecfp_i2fp(group->curvea, &ecgroup->curvea, ecgroup);
+	/* paz4 = az^4 */
+	MP_CHECKOK(mp_set_int(&pz, 5));
+	mp_sqrmod(&pz, &ecgroup->meth->irr, &paz4);
+	mp_sqrmod(&paz4, &ecgroup->meth->irr, &paz4);
+	mp_mulmod(&paz4, &ecgroup->curvea, &ecgroup->meth->irr, &paz4);
+	ecfp_i2fp(p.z, &pz, ecgroup);
+	ecfp_i2fp(p.az4, &paz4, ecgroup);
+
+	/* Set q */
+	MP_CHECKOK(mp_set_int(&qz, 105));
+	ecfp_i2fp(q.x, &ecgroup->geny, ecgroup);
+	ecfp_i2fp(q.y, &ecgroup->genx, ecgroup);
+	ecfp_i2fp(q.z, &qz, ecgroup);
+	mp_sqrmod(&qz, &ecgroup->meth->irr, &test);
+	ecfp_i2fp(q.z2, &test, ecgroup);
+	mp_mulmod(&test, &qz, &ecgroup->meth->irr, &test);
+	ecfp_i2fp(q.z3, &test, ecgroup);
+
+	/* Do calculation */
+	group->pt_add_jm_chud(&p, &q, &r, group);
+
+	/* Calculate addition to compare against */
+	ec_GFp_pt_jac2aff(&ecgroup->geny, &ecgroup->genx, &qz, &qx, &qy,
+					  ecgroup);
+	ec_GFp_pt_add_jac_aff(&ecgroup->genx, &ecgroup->geny, &pz, &qx, &qy,
+						  &ix, &iy, &iz, ecgroup);
+	ec_GFp_pt_jac2aff(&ix, &iy, &iz, &rx2, &ry2, ecgroup);
+
+	MP_CHECKOK(testJmPoint(&r, &rx2, &ry2, ecgroup));
+
+  CLEANUP:
+	if (res == MP_OKAY)
+		printf
+			("  Test Passed - Point Addition - Modified & Chudnovsky Jacobian\n");
+	else
+		printf
+			("TEST FAILED - Point Addition - Modified & Chudnovsky Jacobian\n");
+
+	mp_clear(&qx);
+	mp_clear(&qy);
+	mp_clear(&qz);
+	mp_clear(&pz);
+	mp_clear(&paz4);
+	mp_clear(&rx2);
+	mp_clear(&ry2);
+	mp_clear(&ix);
+	mp_clear(&iy);
+	mp_clear(&iz);
+	mp_clear(&test);
+
+	return res;
+}
+
+/* Tests point doubling in Modified Jacobian coordinates */
+mp_err
+testPointDoubleJm(ECGroup *ecgroup)
+{
+	mp_err res;
+	mp_int pz, paz4, rx2, ry2, rz2, raz4;
+	ecfp_jm_pt p, r;
+	EC_group_fp *group = (EC_group_fp *) ecgroup->extra1;
+
+	MP_DIGITS(&pz) = 0;
+	MP_DIGITS(&paz4) = 0;
+	MP_DIGITS(&rx2) = 0;
+	MP_DIGITS(&ry2) = 0;
+	MP_DIGITS(&rz2) = 0;
+	MP_DIGITS(&raz4) = 0;
+
+	MP_CHECKOK(mp_init(&pz));
+	MP_CHECKOK(mp_init(&paz4));
+	MP_CHECKOK(mp_init(&rx2));
+	MP_CHECKOK(mp_init(&ry2));
+	MP_CHECKOK(mp_init(&rz2));
+	MP_CHECKOK(mp_init(&raz4));
+
+	/* Set p */
+	ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
+	ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
+	ecfp_i2fp(group->curvea, &ecgroup->curvea, ecgroup);
+
+	/* paz4 = az^4 */
+	MP_CHECKOK(mp_set_int(&pz, 5));
+	mp_sqrmod(&pz, &ecgroup->meth->irr, &paz4);
+	mp_sqrmod(&paz4, &ecgroup->meth->irr, &paz4);
+	mp_mulmod(&paz4, &ecgroup->curvea, &ecgroup->meth->irr, &paz4);
+
+	ecfp_i2fp(p.z, &pz, ecgroup);
+	ecfp_i2fp(p.az4, &paz4, ecgroup);
+
+	group->pt_dbl_jm(&p, &r, group);
+
+	M_TimeOperation(group->pt_dbl_jm(&p, &r, group), 100000);
+
+	/* Calculate doubling to compare against */
+	ec_GFp_pt_dbl_jac(&ecgroup->genx, &ecgroup->geny, &pz, &rx2, &ry2,
+					  &rz2, ecgroup);
+	ec_GFp_pt_jac2aff(&rx2, &ry2, &rz2, &rx2, &ry2, ecgroup);
+
+	/* Do comparison and check az^4 */
+	MP_CHECKOK(testJmPoint(&r, &rx2, &ry2, ecgroup));
+
+  CLEANUP:
+	if (res == MP_OKAY)
+		printf("  Test Passed - Point Doubling - Modified Jacobian\n");
+	else
+		printf("TEST FAILED - Point Doubling - Modified Jacobian\n");
+	mp_clear(&pz);
+	mp_clear(&paz4);
+	mp_clear(&rx2);
+	mp_clear(&ry2);
+	mp_clear(&rz2);
+	mp_clear(&raz4);
+
+	return res;
+
+}
+
+/* Tests point doubling in Chudnovsky Jacobian coordinates */
+mp_err
+testPointDoubleChud(ECGroup *ecgroup)
+{
+	mp_err res;
+	mp_int px, py, pz, rx2, ry2, rz2;
+	ecfp_aff_pt p;
+	ecfp_chud_pt p2;
+	EC_group_fp *group = (EC_group_fp *) ecgroup->extra1;
+
+	MP_DIGITS(&rx2) = 0;
+	MP_DIGITS(&ry2) = 0;
+	MP_DIGITS(&rz2) = 0;
+	MP_DIGITS(&px) = 0;
+	MP_DIGITS(&py) = 0;
+	MP_DIGITS(&pz) = 0;
+
+	MP_CHECKOK(mp_init(&rx2));
+	MP_CHECKOK(mp_init(&ry2));
+	MP_CHECKOK(mp_init(&rz2));
+	MP_CHECKOK(mp_init(&px));
+	MP_CHECKOK(mp_init(&py));
+	MP_CHECKOK(mp_init(&pz));
+
+	/* Set p2 = 2P */
+	ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
+	ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
+	ecfp_i2fp(group->curvea, &ecgroup->curvea, ecgroup);
+
+	group->pt_dbl_aff2chud(&p, &p2, group);
+
+	/* Calculate doubling to compare against */
+	MP_CHECKOK(mp_set_int(&pz, 1));
+	ec_GFp_pt_dbl_jac(&ecgroup->genx, &ecgroup->geny, &pz, &rx2, &ry2,
+					  &rz2, ecgroup);
+	ec_GFp_pt_jac2aff(&rx2, &ry2, &rz2, &rx2, &ry2, ecgroup);
+
+	/* Do comparison and check az^4 */
+	MP_CHECKOK(testChudPoint(&p2, &rx2, &ry2, ecgroup));
+
+  CLEANUP:
+	if (res == MP_OKAY)
+		printf("  Test Passed - Point Doubling - Chudnovsky Jacobian\n");
+	else
+		printf("TEST FAILED - Point Doubling - Chudnovsky Jacobian\n");
+
+	mp_clear(&rx2);
+	mp_clear(&ry2);
+	mp_clear(&rz2);
+	mp_clear(&px);
+	mp_clear(&py);
+	mp_clear(&pz);
+
+	return res;
+}
+
+/* Test point doubling in Jacobian coordinates */
+mp_err
+testPointDoubleJac(ECGroup *ecgroup)
+{
+	mp_err res;
+	mp_int pz, rx, ry, rz, rx2, ry2, rz2;
+	ecfp_jac_pt p, p2;
+	EC_group_fp *group = (EC_group_fp *) ecgroup->extra1;
+
+	MP_DIGITS(&pz) = 0;
+	MP_DIGITS(&rx) = 0;
+	MP_DIGITS(&ry) = 0;
+	MP_DIGITS(&rz) = 0;
+	MP_DIGITS(&rx2) = 0;
+	MP_DIGITS(&ry2) = 0;
+	MP_DIGITS(&rz2) = 0;
+
+	MP_CHECKOK(mp_init(&pz));
+	MP_CHECKOK(mp_init(&rx));
+	MP_CHECKOK(mp_init(&ry));
+	MP_CHECKOK(mp_init(&rz));
+	MP_CHECKOK(mp_init(&rx2));
+	MP_CHECKOK(mp_init(&ry2));
+	MP_CHECKOK(mp_init(&rz2));
+
+	MP_CHECKOK(mp_set_int(&pz, 5));
+
+	/* Set p2 = 2P */
+	ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
+	ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
+	ecfp_i2fp(p.z, &pz, ecgroup);
+	ecfp_i2fp(group->curvea, &ecgroup->curvea, ecgroup);
+
+	group->pt_dbl_jac(&p, &p2, group);
+	M_TimeOperation(group->pt_dbl_jac(&p, &p2, group), 100000);
+
+	/* Calculate doubling to compare against */
+	ec_GFp_pt_dbl_jac(&ecgroup->genx, &ecgroup->geny, &pz, &rx2, &ry2,
+					  &rz2, ecgroup);
+	ec_GFp_pt_jac2aff(&rx2, &ry2, &rz2, &rx2, &ry2, ecgroup);
+
+	/* Do comparison */
+	MP_CHECKOK(testJacPoint(&p2, &rx2, &ry2, ecgroup));
+
+  CLEANUP:
+	if (res == MP_OKAY)
+		printf("  Test Passed - Point Doubling - Jacobian\n");
+	else
+		printf("TEST FAILED - Point Doubling - Jacobian\n");
+
+	mp_clear(&pz);
+	mp_clear(&rx);
+	mp_clear(&ry);
+	mp_clear(&rz);
+	mp_clear(&rx2);
+	mp_clear(&ry2);
+	mp_clear(&rz2);
+
+	return res;
+}
+
+/* Tests a point multiplication (various algorithms) */
+mp_err
+testPointMul(ECGroup *ecgroup)
+{
+	mp_err res;
+	char s[1000];
+	mp_int rx, ry, order_1;
+
+	/* Init */
+	MP_DIGITS(&rx) = 0;
+	MP_DIGITS(&ry) = 0;
+	MP_DIGITS(&order_1) = 0;
+
+	MP_CHECKOK(mp_init(&rx));
+	MP_CHECKOK(mp_init(&ry));
+	MP_CHECKOK(mp_init(&order_1));
+
+	MP_CHECKOK(mp_set_int(&order_1, 1));
+	MP_CHECKOK(mp_sub(&ecgroup->order, &order_1, &order_1));
+
+	/* Test Algorithm 1: Jacobian-Affine Double & Add */
+	ec_GFp_pt_mul_jac_fp(&order_1, &ecgroup->genx, &ecgroup->geny, &rx,
+						 &ry, ecgroup);
+	MP_CHECKOK(ecgroup->meth->field_neg(&ry, &ry, ecgroup->meth));
+	if ((mp_cmp(&rx, &ecgroup->genx) != 0)
+		|| (mp_cmp(&ry, &ecgroup->geny) != 0)) {
+		printf
+			("  Error: ec_GFp_pt_mul_jac_fp invalid result (expected (- base point)).\n");
+		MP_CHECKOK(mp_toradix(&rx, s, 16));
+		printf("rx   %s\n", s);
+		MP_CHECKOK(mp_toradix(&ry, s, 16));
+		printf("ry   %s\n", s);
+		res = MP_NO;
+		goto CLEANUP;
+	}
+
+	ec_GFp_pt_mul_jac_fp(&ecgroup->order, &ecgroup->genx, &ecgroup->geny,
+						 &rx, &ry, ecgroup);
+	if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+		printf
+			("  Error: ec_GFp_pt_mul_jac_fp invalid result (expected point at infinity.\n");
+		MP_CHECKOK(mp_toradix(&rx, s, 16));
+		printf("rx   %s\n", s);
+		MP_CHECKOK(mp_toradix(&ry, s, 16));
+		printf("ry   %s\n", s);
+		res = MP_NO;
+		goto CLEANUP;
+	}
+
+	/* Test Algorithm 2: 4-bit Window in Jacobian */
+	ec_GFp_point_mul_jac_4w_fp(&order_1, &ecgroup->genx, &ecgroup->geny,
+							   &rx, &ry, ecgroup);
+	MP_CHECKOK(ecgroup->meth->field_neg(&ry, &ry, ecgroup->meth));
+	if ((mp_cmp(&rx, &ecgroup->genx) != 0)
+		|| (mp_cmp(&ry, &ecgroup->geny) != 0)) {
+		printf
+			("  Error: ec_GFp_point_mul_jac_4w_fp invalid result (expected (- base point)).\n");
+		MP_CHECKOK(mp_toradix(&rx, s, 16));
+		printf("rx   %s\n", s);
+		MP_CHECKOK(mp_toradix(&ry, s, 16));
+		printf("ry   %s\n", s);
+		res = MP_NO;
+		goto CLEANUP;
+	}
+
+	ec_GFp_point_mul_jac_4w_fp(&ecgroup->order, &ecgroup->genx,
+							   &ecgroup->geny, &rx, &ry, ecgroup);
+	if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+		printf
+			("  Error: ec_GFp_point_mul_jac_4w_fp invalid result (expected point at infinity.\n");
+		MP_CHECKOK(mp_toradix(&rx, s, 16));
+		printf("rx   %s\n", s);
+		MP_CHECKOK(mp_toradix(&ry, s, 16));
+		printf("ry   %s\n", s);
+		res = MP_NO;
+		goto CLEANUP;
+	}
+
+	/* Test Algorithm 3: wNAF with modified Jacobian coordinates */
+	ec_GFp_point_mul_wNAF_fp(&order_1, &ecgroup->genx, &ecgroup->geny, &rx,
+							 &ry, ecgroup);
+	MP_CHECKOK(ecgroup->meth->field_neg(&ry, &ry, ecgroup->meth));
+	if ((mp_cmp(&rx, &ecgroup->genx) != 0)
+		|| (mp_cmp(&ry, &ecgroup->geny) != 0)) {
+		printf
+			("  Error: ec_GFp_pt_mul_wNAF_fp invalid result (expected (- base point)).\n");
+		MP_CHECKOK(mp_toradix(&rx, s, 16));
+		printf("rx   %s\n", s);
+		MP_CHECKOK(mp_toradix(&ry, s, 16));
+		printf("ry   %s\n", s);
+		res = MP_NO;
+		goto CLEANUP;
+	}
+
+	ec_GFp_point_mul_wNAF_fp(&ecgroup->order, &ecgroup->genx,
+							 &ecgroup->geny, &rx, &ry, ecgroup);
+	if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+		printf
+			("  Error: ec_GFp_pt_mul_wNAF_fp invalid result (expected point at infinity.\n");
+		MP_CHECKOK(mp_toradix(&rx, s, 16));
+		printf("rx   %s\n", s);
+		MP_CHECKOK(mp_toradix(&ry, s, 16));
+		printf("ry   %s\n", s);
+		res = MP_NO;
+		goto CLEANUP;
+	}
+
+  CLEANUP:
+	if (res == MP_OKAY)
+		printf("  Test Passed - Point Multiplication\n");
+	else
+		printf("TEST FAILED - Point Multiplication\n");
+	mp_clear(&rx);
+	mp_clear(&ry);
+	mp_clear(&order_1);
+
+	return res;
+}
+
+/* Tests point multiplication with a random scalar repeatedly, comparing
+ * for consistency within different algorithms. */
+mp_err
+testPointMulRandom(ECGroup *ecgroup)
+{
+	mp_err res;
+	mp_int rx, ry, rx2, ry2, n;
+	int i, size;
+	EC_group_fp *group = (EC_group_fp *) ecgroup->extra1;
+
+	MP_DIGITS(&rx) = 0;
+	MP_DIGITS(&ry) = 0;
+	MP_DIGITS(&rx2) = 0;
+	MP_DIGITS(&ry2) = 0;
+	MP_DIGITS(&n) = 0;
+
+	MP_CHECKOK(mp_init(&rx));
+	MP_CHECKOK(mp_init(&ry));
+	MP_CHECKOK(mp_init(&rx2));
+	MP_CHECKOK(mp_init(&ry2));
+	MP_CHECKOK(mp_init(&n));
+
+	for (i = 0; i < 100; i++) {
+		/* compute random scalar */
+		size = mpl_significant_bits(&ecgroup->meth->irr);
+		if (size < MP_OKAY) {
+			res = MP_NO;
+			goto CLEANUP;
+		}
+		MP_CHECKOK(mpp_random_size(&n, group->orderBitSize));
+		MP_CHECKOK(mp_mod(&n, &ecgroup->order, &n));
+
+		ec_GFp_pt_mul_jac(&n, &ecgroup->genx, &ecgroup->geny, &rx, &ry,
+						  ecgroup);
+		ec_GFp_pt_mul_jac_fp(&n, &ecgroup->genx, &ecgroup->geny, &rx2,
+							 &ry2, ecgroup);
+
+		if ((mp_cmp(&rx, &rx2) != 0) || (mp_cmp(&ry, &ry2) != 0)) {
+			printf
+				("  Error: different results for Point Multiplication - Double & Add.\n");
+			res = MP_NO;
+			goto CLEANUP;
+		}
+
+		ec_GFp_point_mul_wNAF_fp(&n, &ecgroup->genx, &ecgroup->geny, &rx,
+								 &ry, ecgroup);
+		if ((mp_cmp(&rx, &rx2) != 0) || (mp_cmp(&ry, &ry2) != 0)) {
+			printf
+				("  Error: different results for Point Multiplication - wNAF.\n");
+			res = MP_NO;
+			goto CLEANUP;
+		}
+
+		ec_GFp_point_mul_jac_4w_fp(&n, &ecgroup->genx, &ecgroup->geny, &rx,
+								   &ry, ecgroup);
+		if ((mp_cmp(&rx, &rx2) != 0) || (mp_cmp(&ry, &ry2) != 0)) {
+			printf
+				("  Error: different results for Point Multiplication - 4 bit window.\n");
+			res = MP_NO;
+			goto CLEANUP;
+		}
+
+	}
+
+  CLEANUP:
+	if (res == MP_OKAY)
+		printf("  Test Passed - Point Random Multiplication\n");
+	else
+		printf("TEST FAILED - Point Random Multiplication\n");
+	mp_clear(&rx);
+	mp_clear(&ry);
+	mp_clear(&rx2);
+	mp_clear(&ry2);
+	mp_clear(&n);
+
+	return res;
+}
+
+/* Tests the time required for a point multiplication */
+mp_err
+testPointMulTime(ECGroup *ecgroup)
+{
+	mp_err res = MP_OKAY;
+	mp_int rx, ry, n;
+	int size;
+
+	MP_DIGITS(&rx) = 0;
+	MP_DIGITS(&ry) = 0;
+	MP_DIGITS(&n) = 0;
+
+	MP_CHECKOK(mp_init(&rx));
+	MP_CHECKOK(mp_init(&ry));
+	MP_CHECKOK(mp_init(&n));
+
+	/* compute random scalar */
+	size = mpl_significant_bits(&ecgroup->meth->irr);
+	if (size < MP_OKAY) {
+		res = MP_NO;
+		goto CLEANUP;
+	}
+
+	MP_CHECKOK(mpp_random_size(&n, (size + ECL_BITS - 1) / ECL_BITS));
+	MP_CHECKOK(ecgroup->meth->field_mod(&n, &n, ecgroup->meth));
+
+	M_TimeOperation(ec_GFp_pt_mul_jac_fp
+					(&n, &ecgroup->genx, &ecgroup->geny, &rx, &ry,
+					 ecgroup), 1000);
+
+	M_TimeOperation(ec_GFp_point_mul_jac_4w_fp
+					(&n, &ecgroup->genx, &ecgroup->geny, &rx, &ry,
+					 ecgroup), 1000);
+
+	M_TimeOperation(ec_GFp_point_mul_wNAF_fp
+					(&n, &ecgroup->genx, &ecgroup->geny, &rx, &ry,
+					 ecgroup), 1000);
+
+	M_TimeOperation(ec_GFp_pt_mul_jac
+					(&n, &ecgroup->genx, &ecgroup->geny, &rx, &ry,
+					 ecgroup), 100);
+
+  CLEANUP:
+	if (res == MP_OKAY)
+		printf("  Test Passed - Point Multiplication Timing\n");
+	else
+		printf("TEST FAILED - Point Multiplication Timing\n");
+	mp_clear(&rx);
+	mp_clear(&ry);
+	mp_clear(&n);
+
+	return res;
+}
+
+/* Tests pre computation of Chudnovsky Jacobian points used in wNAF form */
+mp_err
+testPreCompute(ECGroup *ecgroup)
+{
+	ecfp_chud_pt precomp[16];
+	ecfp_aff_pt p;
+	EC_group_fp *group = (EC_group_fp *) ecgroup->extra1;
+	int i;
+	mp_err res;
+
+	mp_int x, y, ny, x2, y2;
+
+	MP_DIGITS(&x) = 0;
+	MP_DIGITS(&y) = 0;
+	MP_DIGITS(&ny) = 0;
+	MP_DIGITS(&x2) = 0;
+	MP_DIGITS(&y2) = 0;
+
+	MP_CHECKOK(mp_init(&x));
+	MP_CHECKOK(mp_init(&y));
+	MP_CHECKOK(mp_init(&ny));
+	MP_CHECKOK(mp_init(&x2));
+	MP_CHECKOK(mp_init(&y2));
+
+	ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
+	ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
+	ecfp_i2fp(group->curvea, &(ecgroup->curvea), ecgroup);
+
+	/* Perform precomputation */
+	group->precompute_chud(precomp, &p, group);
+
+	M_TimeOperation(group->precompute_chud(precomp, &p, group), 10000);
+
+	/* Calculate addition to compare against */
+	MP_CHECKOK(mp_copy(&ecgroup->genx, &x));
+	MP_CHECKOK(mp_copy(&ecgroup->geny, &y));
+	MP_CHECKOK(ecgroup->meth->field_neg(&y, &ny, ecgroup->meth));
+
+	ec_GFp_pt_dbl_aff(&x, &y, &x2, &y2, ecgroup);
+
+	for (i = 0; i < 8; i++) {
+		MP_CHECKOK(testChudPoint(&precomp[8 + i], &x, &y, ecgroup));
+		MP_CHECKOK(testChudPoint(&precomp[7 - i], &x, &ny, ecgroup));
+		ec_GFp_pt_add_aff(&x, &y, &x2, &y2, &x, &y, ecgroup);
+		MP_CHECKOK(ecgroup->meth->field_neg(&y, &ny, ecgroup->meth));
+	}
+
+  CLEANUP:
+	if (res == MP_OKAY)
+		printf("  Test Passed - Precomputation\n");
+	else
+		printf("TEST FAILED - Precomputation\n");
+
+	mp_clear(&x);
+	mp_clear(&y);
+	mp_clear(&ny);
+	mp_clear(&x2);
+	mp_clear(&y2);
+	return res;
+}
+
+/* Given a curve using floating point arithmetic, test it. This method
+ * specifies which of the above tests to run. */
+mp_err
+testCurve(ECGroup *ecgroup)
+{
+	int res = MP_OKAY;
+
+	MP_CHECKOK(testPointAddJacAff(ecgroup));
+	MP_CHECKOK(testPointAddJac(ecgroup));
+	MP_CHECKOK(testPointAddChud(ecgroup));
+	MP_CHECKOK(testPointAddJmChud(ecgroup));
+	MP_CHECKOK(testPointDoubleJac(ecgroup));
+	MP_CHECKOK(testPointDoubleChud(ecgroup));
+	MP_CHECKOK(testPointDoubleJm(ecgroup));
+	MP_CHECKOK(testPreCompute(ecgroup));
+	MP_CHECKOK(testPointMul(ecgroup));
+	MP_CHECKOK(testPointMulRandom(ecgroup));
+	MP_CHECKOK(testPointMulTime(ecgroup));
+  CLEANUP:
+	return res;
+}
+
+/* Tests a number of curves optimized using floating point arithmetic */
+int
+main(void)
+{
+	mp_err res = MP_OKAY;
+	ECGroup *ecgroup = NULL;
+
+	/* specific arithmetic tests */
+	M_TestCurve("SECG-160R1", ECCurve_SECG_PRIME_160R1);
+	M_TestCurve("SECG-192R1", ECCurve_SECG_PRIME_192R1);
+	M_TestCurve("SEGC-224R1", ECCurve_SECG_PRIME_224R1);
+
+  CLEANUP:
+	ECGroup_free(ecgroup);
+	if (res != MP_OKAY) {
+		printf("Error: exiting with error value %i\n", res);
+	}
+	return res;
+}
diff --git a/security/nss/lib/freebl/ecl/tests/ecp_test.c b/security/nss/lib/freebl/ecl/tests/ecp_test.c
new file mode 100644
index 000000000..eb2844fe5
--- /dev/null
+++ b/security/nss/lib/freebl/ecl/tests/ecp_test.c
@@ -0,0 +1,460 @@
+/* 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the elliptic curve math library for prime field curves.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "mpi.h"
+#include "mplogic.h"
+#include "mpprime.h"
+#include "ecl.h"
+#include "ecl-curve.h"
+#include "ecp.h"
+#include <stdio.h>
+#include <strings.h>
+#include <assert.h>
+
+#include <time.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+
+/* Time k repetitions of operation op. */
+#define M_TimeOperation(op, k) { \
+	double dStart, dNow, dUserTime; \
+	struct rusage ru; \
+	int i; \
+	getrusage(RUSAGE_SELF, &ru); \
+	dStart = (double)ru.ru_utime.tv_sec+(double)ru.ru_utime.tv_usec*0.000001; \
+	for (i = 0; i < k; i++) { \
+		{ op; } \
+	}; \
+	getrusage(RUSAGE_SELF, &ru); \
+	dNow = (double)ru.ru_utime.tv_sec+(double)ru.ru_utime.tv_usec*0.000001; \
+	dUserTime = dNow-dStart; \
+	if (dUserTime) printf("    %-45s k: %6i, t: %6.2f sec\n", #op, k, dUserTime); \
+}
+
+/* Test curve using generic field arithmetic. */
+#define ECTEST_GENERIC_GFP(name_c, name) \
+	printf("Testing %s using generic implementation...\n", name_c); \
+	params = EC_GetNamedCurveParams(name); \
+	if (params == NULL) { \
+			printf("  Error: could not construct params.\n"); \
+			res = MP_NO; \
+			goto CLEANUP; \
+	} \
+	ECGroup_free(group); \
+	group = ECGroup_fromHex(params); \
+	if (group == NULL) { \
+		printf("  Error: could not construct group.\n"); \
+		res = MP_NO; \
+		goto CLEANUP; \
+	} \
+	MP_CHECKOK( ectest_curve_GFp(group, ectestPrint, ectestTime, 1) ); \
+	printf("... okay.\n");
+
+/* Test curve using specific field arithmetic. */
+#define ECTEST_NAMED_GFP(name_c, name) \
+	printf("Testing %s using specific implementation...\n", name_c); \
+	ECGroup_free(group); \
+	group = ECGroup_fromName(name); \
+	if (group == NULL) { \
+		printf("  Warning: could not construct group.\n"); \
+		printf("... failed; continuing with remaining tests.\n"); \
+	} else { \
+		MP_CHECKOK( ectest_curve_GFp(group, ectestPrint, ectestTime, 0) ); \
+		printf("... okay.\n"); \
+	}
+
+/* Performs basic tests of elliptic curve cryptography over prime fields.
+ * If tests fail, then it prints an error message, aborts, and returns an
+ * error code. Otherwise, returns 0. */
+int
+ectest_curve_GFp(ECGroup *group, int ectestPrint, int ectestTime,
+				 int generic)
+{
+
+	mp_int one, order_1, gx, gy, rx, ry, n;
+	int size;
+	mp_err res;
+	char s[1000];
+
+	/* initialize values */
+	MP_CHECKOK(mp_init(&one));
+	MP_CHECKOK(mp_init(&order_1));
+	MP_CHECKOK(mp_init(&gx));
+	MP_CHECKOK(mp_init(&gy));
+	MP_CHECKOK(mp_init(&rx));
+	MP_CHECKOK(mp_init(&ry));
+	MP_CHECKOK(mp_init(&n));
+
+	MP_CHECKOK(mp_set_int(&one, 1));
+	MP_CHECKOK(mp_sub(&group->order, &one, &order_1));
+
+	/* encode base point */
+	if (group->meth->field_dec) {
+		MP_CHECKOK(group->meth->field_dec(&group->genx, &gx, group->meth));
+		MP_CHECKOK(group->meth->field_dec(&group->geny, &gy, group->meth));
+	} else {
+		MP_CHECKOK(mp_copy(&group->genx, &gx));
+		MP_CHECKOK(mp_copy(&group->geny, &gy));
+	}
+	if (ectestPrint) {
+		/* output base point */
+		printf("  base point P:\n");
+		MP_CHECKOK(mp_toradix(&gx, s, 16));
+		printf("    %s\n", s);
+		MP_CHECKOK(mp_toradix(&gy, s, 16));
+		printf("    %s\n", s);
+		if (group->meth->field_enc) {
+			printf("  base point P (encoded):\n");
+			MP_CHECKOK(mp_toradix(&group->genx, s, 16));
+			printf("    %s\n", s);
+			MP_CHECKOK(mp_toradix(&group->geny, s, 16));
+			printf("    %s\n", s);
+		}
+	}
+
+#ifdef ECL_ENABLE_GFP_PT_MUL_AFF
+	/* multiply base point by order - 1 and check for negative of base
+	 * point */
+	MP_CHECKOK(ec_GFp_pt_mul_aff
+			   (&order_1, &group->genx, &group->geny, &rx, &ry, group));
+	if (ectestPrint) {
+		printf("  (order-1)*P (affine):\n");
+		MP_CHECKOK(mp_toradix(&rx, s, 16));
+		printf("    %s\n", s);
+		MP_CHECKOK(mp_toradix(&ry, s, 16));
+		printf("    %s\n", s);
+	}
+	MP_CHECKOK(group->meth->field_neg(&ry, &ry, group->meth));
+	if ((mp_cmp(&rx, &group->genx) != 0)
+		|| (mp_cmp(&ry, &group->geny) != 0)) {
+		printf("  Error: invalid result (expected (- base point)).\n");
+		res = MP_NO;
+		goto CLEANUP;
+	}
+#endif
+
+#ifdef ECL_ENABLE_GFP_PT_MUL_AFF
+	/* multiply base point by order - 1 and check for negative of base
+	 * point */
+	MP_CHECKOK(ec_GFp_pt_mul_jac
+			   (&order_1, &group->genx, &group->geny, &rx, &ry, group));
+	if (ectestPrint) {
+		printf("  (order-1)*P (jacobian):\n");
+		MP_CHECKOK(mp_toradix(&rx, s, 16));
+		printf("    %s\n", s);
+		MP_CHECKOK(mp_toradix(&ry, s, 16));
+		printf("    %s\n", s);
+	}
+	MP_CHECKOK(group->meth->field_neg(&ry, &ry, group->meth));
+	if ((mp_cmp(&rx, &group->genx) != 0)
+		|| (mp_cmp(&ry, &group->geny) != 0)) {
+		printf("  Error: invalid result (expected (- base point)).\n");
+		res = MP_NO;
+		goto CLEANUP;
+	}
+#endif
+
+	/* multiply base point by order - 1 and check for negative of base
+	 * point */
+	MP_CHECKOK(ECPoint_mul(group, &order_1, NULL, NULL, &rx, &ry));
+	if (ectestPrint) {
+		printf("  (order-1)*P (ECPoint_mul):\n");
+		MP_CHECKOK(mp_toradix(&rx, s, 16));
+		printf("    %s\n", s);
+		MP_CHECKOK(mp_toradix(&ry, s, 16));
+		printf("    %s\n", s);
+	}
+	MP_CHECKOK(mp_submod(&group->meth->irr, &ry, &group->meth->irr, &ry));
+	if ((mp_cmp(&rx, &gx) != 0) || (mp_cmp(&ry, &gy) != 0)) {
+		printf("  Error: invalid result (expected (- base point)).\n");
+		res = MP_NO;
+		goto CLEANUP;
+	}
+
+	/* multiply base point by order - 1 and check for negative of base
+	 * point */
+	MP_CHECKOK(ECPoint_mul(group, &order_1, &gx, &gy, &rx, &ry));
+	if (ectestPrint) {
+		printf("  (order-1)*P (ECPoint_mul):\n");
+		MP_CHECKOK(mp_toradix(&rx, s, 16));
+		printf("    %s\n", s);
+		MP_CHECKOK(mp_toradix(&ry, s, 16));
+		printf("    %s\n", s);
+	}
+	MP_CHECKOK(mp_submod(&group->meth->irr, &ry, &group->meth->irr, &ry));
+	if ((mp_cmp(&rx, &gx) != 0) || (mp_cmp(&ry, &gy) != 0)) {
+		printf("  Error: invalid result (expected (- base point)).\n");
+		res = MP_NO;
+		goto CLEANUP;
+	}
+
+#ifdef ECL_ENABLE_GFP_PT_MUL_AFF
+	/* multiply base point by order and check for point at infinity */
+	MP_CHECKOK(ec_GFp_pt_mul_aff
+			   (&group->order, &group->genx, &group->geny, &rx, &ry,
+				group));
+	if (ectestPrint) {
+		printf("  (order)*P (affine):\n");
+		MP_CHECKOK(mp_toradix(&rx, s, 16));
+		printf("    %s\n", s);
+		MP_CHECKOK(mp_toradix(&ry, s, 16));
+		printf("    %s\n", s);
+	}
+	if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+		printf("  Error: invalid result (expected point at infinity).\n");
+		res = MP_NO;
+		goto CLEANUP;
+	}
+#endif
+
+#ifdef ECL_ENABLE_GFP_PT_MUL_JAC
+	/* multiply base point by order and check for point at infinity */
+	MP_CHECKOK(ec_GFp_pt_mul_jac
+			   (&group->order, &group->genx, &group->geny, &rx, &ry,
+				group));
+	if (ectestPrint) {
+		printf("  (order)*P (jacobian):\n");
+		MP_CHECKOK(mp_toradix(&rx, s, 16));
+		printf("    %s\n", s);
+		MP_CHECKOK(mp_toradix(&ry, s, 16));
+		printf("    %s\n", s);
+	}
+	if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+		printf("  Error: invalid result (expected point at infinity).\n");
+		res = MP_NO;
+		goto CLEANUP;
+	}
+#endif
+
+	/* multiply base point by order and check for point at infinity */
+	MP_CHECKOK(ECPoint_mul(group, &group->order, NULL, NULL, &rx, &ry));
+	if (ectestPrint) {
+		printf("  (order)*P (ECPoint_mul):\n");
+		MP_CHECKOK(mp_toradix(&rx, s, 16));
+		printf("    %s\n", s);
+		MP_CHECKOK(mp_toradix(&ry, s, 16));
+		printf("    %s\n", s);
+	}
+	if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+		printf("  Error: invalid result (expected point at infinity).\n");
+		res = MP_NO;
+		goto CLEANUP;
+	}
+
+	/* multiply base point by order and check for point at infinity */
+	MP_CHECKOK(ECPoint_mul(group, &group->order, &gx, &gy, &rx, &ry));
+	if (ectestPrint) {
+		printf("  (order)*P (ECPoint_mul):\n");
+		MP_CHECKOK(mp_toradix(&rx, s, 16));
+		printf("    %s\n", s);
+		MP_CHECKOK(mp_toradix(&ry, s, 16));
+		printf("    %s\n", s);
+	}
+	if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+		printf("  Error: invalid result (expected point at infinity).\n");
+		res = MP_NO;
+		goto CLEANUP;
+	}
+
+	/* check that (order-1)P + (order-1)P + P == (order-1)P */
+	MP_CHECKOK(ECPoints_mul
+			   (group, &order_1, &order_1, &gx, &gy, &rx, &ry));
+	MP_CHECKOK(ECPoints_mul(group, &one, &one, &rx, &ry, &rx, &ry));
+	if (ectestPrint) {
+		printf
+			("  (order-1)*P + (order-1)*P + P == (order-1)*P (ECPoints_mul):\n");
+		MP_CHECKOK(mp_toradix(&rx, s, 16));
+		printf("    %s\n", s);
+		MP_CHECKOK(mp_toradix(&ry, s, 16));
+		printf("    %s\n", s);
+	}
+	MP_CHECKOK(mp_submod(&group->meth->irr, &ry, &group->meth->irr, &ry));
+	if ((mp_cmp(&rx, &gx) != 0) || (mp_cmp(&ry, &gy) != 0)) {
+		printf("  Error: invalid result (expected (- base point)).\n");
+		res = MP_NO;
+		goto CLEANUP;
+	}
+
+	/* test validate_point function */
+	if (ECPoint_validate(group, &gx, &gy) != MP_YES) {
+		printf("  Error: validate point on base point failed.\n");
+		res = MP_NO;
+		goto CLEANUP;
+	}
+	MP_CHECKOK(mp_add_d(&gy, 1, &ry));
+	if (ECPoint_validate(group, &gx, &ry) != MP_NO) {
+		printf("  Error: validate point on invalid point passed.\n");
+		res = MP_NO;
+		goto CLEANUP;
+	}
+
+	if (ectestTime) {
+		/* compute random scalar */
+		size = mpl_significant_bits(&group->meth->irr);
+		if (size < MP_OKAY) {
+			goto CLEANUP;
+		}
+		MP_CHECKOK(mpp_random_size(&n, (size + ECL_BITS - 1) / ECL_BITS));
+		MP_CHECKOK(group->meth->field_mod(&n, &n, group->meth));
+		/* timed test */
+		if (generic) {
+#ifdef ECL_ENABLE_GFP_PT_MUL_AFF
+			M_TimeOperation(MP_CHECKOK
+							(ec_GFp_pt_mul_aff
+							 (&n, &group->genx, &group->geny, &rx, &ry,
+							  group)), 100);
+#endif
+			M_TimeOperation(MP_CHECKOK
+							(ECPoint_mul(group, &n, NULL, NULL, &rx, &ry)),
+							100);
+			M_TimeOperation(MP_CHECKOK
+							(ECPoints_mul
+							 (group, &n, &n, &gx, &gy, &rx, &ry)), 100);
+		} else {
+			M_TimeOperation(MP_CHECKOK
+							(ECPoint_mul(group, &n, NULL, NULL, &rx, &ry)),
+							100);
+			M_TimeOperation(MP_CHECKOK
+							(ECPoint_mul(group, &n, &gx, &gy, &rx, &ry)),
+							100);
+			M_TimeOperation(MP_CHECKOK
+							(ECPoints_mul
+							 (group, &n, &n, &gx, &gy, &rx, &ry)), 100);
+		}
+	}
+
+  CLEANUP:
+	mp_clear(&one);
+	mp_clear(&order_1);
+	mp_clear(&gx);
+	mp_clear(&gy);
+	mp_clear(&rx);
+	mp_clear(&ry);
+	mp_clear(&n);
+	if (res != MP_OKAY) {
+		printf("  Error: exiting with error value %i\n", res);
+	}
+	return res;
+}
+
+/* Prints help information. */
+void
+printUsage()
+{
+	printf("Usage: ecp_test [--print] [--time]\n");
+	printf
+		("	--print     Print out results of each point arithmetic test.\n");
+	printf
+		("	--time      Benchmark point operations and print results.\n");
+}
+
+/* Performs tests of elliptic curve cryptography over prime fields If
+ * tests fail, then it prints an error message, aborts, and returns an
+ * error code. Otherwise, returns 0. */
+int
+main(int argv, char **argc)
+{
+
+	int ectestTime = 0;
+	int ectestPrint = 0;
+	int i;
+	ECGroup *group = NULL;
+	ECCurveParams *params = NULL;
+	mp_err res;
+
+	/* read command-line arguments */
+	for (i = 1; i < argv; i++) {
+		if ((strcasecmp(argc[i], "time") == 0)
+			|| (strcasecmp(argc[i], "-time") == 0)
+			|| (strcasecmp(argc[i], "--time") == 0)) {
+			ectestTime = 1;
+		} else if ((strcasecmp(argc[i], "print") == 0)
+				   || (strcasecmp(argc[i], "-print") == 0)
+				   || (strcasecmp(argc[i], "--print") == 0)) {
+			ectestPrint = 1;
+		} else {
+			printUsage();
+			return 0;
+		}
+	}
+
+	/* generic arithmetic tests */
+	ECTEST_GENERIC_GFP("SECP-160R1", ECCurve_SECG_PRIME_160R1);
+
+	/* specific arithmetic tests */
+	ECTEST_NAMED_GFP("NIST-P192", ECCurve_NIST_P192);
+	ECTEST_NAMED_GFP("NIST-P224", ECCurve_NIST_P224);
+	ECTEST_NAMED_GFP("NIST-P256", ECCurve_NIST_P256);
+	ECTEST_NAMED_GFP("NIST-P384", ECCurve_NIST_P384);
+	ECTEST_NAMED_GFP("NIST-P521", ECCurve_NIST_P521);
+	ECTEST_NAMED_GFP("ANSI X9.62 PRIME192v1", ECCurve_X9_62_PRIME_192V1);
+	ECTEST_NAMED_GFP("ANSI X9.62 PRIME192v2", ECCurve_X9_62_PRIME_192V2);
+	ECTEST_NAMED_GFP("ANSI X9.62 PRIME192v3", ECCurve_X9_62_PRIME_192V3);
+	ECTEST_NAMED_GFP("ANSI X9.62 PRIME239v1", ECCurve_X9_62_PRIME_239V1);
+	ECTEST_NAMED_GFP("ANSI X9.62 PRIME239v2", ECCurve_X9_62_PRIME_239V2);
+	ECTEST_NAMED_GFP("ANSI X9.62 PRIME239v3", ECCurve_X9_62_PRIME_239V3);
+	ECTEST_NAMED_GFP("ANSI X9.62 PRIME256v1", ECCurve_X9_62_PRIME_256V1);
+	ECTEST_NAMED_GFP("SECP-112R1", ECCurve_SECG_PRIME_112R1);
+	ECTEST_NAMED_GFP("SECP-112R2", ECCurve_SECG_PRIME_112R2);
+	ECTEST_NAMED_GFP("SECP-128R1", ECCurve_SECG_PRIME_128R1);
+	ECTEST_NAMED_GFP("SECP-128R2", ECCurve_SECG_PRIME_128R2);
+	ECTEST_NAMED_GFP("SECP-160K1", ECCurve_SECG_PRIME_160K1);
+	ECTEST_NAMED_GFP("SECP-160R1", ECCurve_SECG_PRIME_160R1);
+	ECTEST_NAMED_GFP("SECP-160R2", ECCurve_SECG_PRIME_160R2);
+	ECTEST_NAMED_GFP("SECP-192K1", ECCurve_SECG_PRIME_192K1);
+	ECTEST_NAMED_GFP("SECP-192R1", ECCurve_SECG_PRIME_192R1);
+	ECTEST_NAMED_GFP("SECP-224K1", ECCurve_SECG_PRIME_224K1);
+	ECTEST_NAMED_GFP("SECP-224R1", ECCurve_SECG_PRIME_224R1);
+	ECTEST_NAMED_GFP("SECP-256K1", ECCurve_SECG_PRIME_256K1);
+	ECTEST_NAMED_GFP("SECP-256R1", ECCurve_SECG_PRIME_256R1);
+	ECTEST_NAMED_GFP("SECP-384R1", ECCurve_SECG_PRIME_384R1);
+	ECTEST_NAMED_GFP("SECP-521R1", ECCurve_SECG_PRIME_521R1);
+	ECTEST_NAMED_GFP("WTLS-6 (112)", ECCurve_WTLS_6);
+	ECTEST_NAMED_GFP("WTLS-7 (160)", ECCurve_WTLS_7);
+	ECTEST_NAMED_GFP("WTLS-8 (112)", ECCurve_WTLS_8);
+	ECTEST_NAMED_GFP("WTLS-9 (160)", ECCurve_WTLS_9);
+	ECTEST_NAMED_GFP("WTLS-12 (224)", ECCurve_WTLS_12);
+
+  CLEANUP:
+	EC_FreeCurveParams(params);
+	ECGroup_free(group);
+	if (res != MP_OKAY) {
+		printf("Error: exiting with error value %i\n", res);
+	}
+	return res;
+}
diff --git a/security/nss/lib/freebl/freebl.def b/security/nss/lib/freebl/freebl.def
new file mode 100644
index 000000000..61b3337c2
--- /dev/null
+++ b/security/nss/lib/freebl/freebl.def
@@ -0,0 +1,58 @@
+;+#
+;+# ***** BEGIN LICENSE BLOCK *****
+;+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+;+#
+;+# The contents of this file are subject to the Mozilla Public License Version
+;+# 1.1 (the "License"); you may not use this file except in compliance with
+;+# the License. You may obtain a copy of the License at
+;+# http://www.mozilla.org/MPL/
+;+#
+;+# Software distributed under the License is distributed on an "AS IS" basis,
+;+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+;+# for the specific language governing rights and limitations under the
+;+# License.
+;+#
+;+# The Original Code is the Netscape security libraries.
+;+#
+;+# The Initial Developer of the Original Code is
+;+# Netscape Communications Corporation.
+;+# Portions created by the Initial Developer are Copyright (C) 2000
+;+# the Initial Developer. All Rights Reserved.
+;+#
+;+# Contributor(s):
+;+#
+;+# Alternatively, the contents of this file may be used under the terms of
+;+# either the GNU General Public License Version 2 or later (the "GPL"), or
+;+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+;+# in which case the provisions of the GPL or the LGPL are applicable instead
+;+# of those above. If you wish to allow use of your version of this file only
+;+# under the terms of either the GPL or the LGPL, and not to allow others to
+;+# use your version of this file under the terms of the MPL, indicate your
+;+# decision by deleting the provisions above and replace them with the notice
+;+# and other provisions required by the GPL or the LGPL. If you do not delete
+;+# the provisions above, a recipient may use your version of this file under
+;+# the terms of any one of the MPL, the GPL or the LGPL.
+;+#
+;+# ***** END LICENSE BLOCK *****
+;+#
+;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS
+;+#   1. For all unix platforms, the string ";-"  means "remove this line"
+;+#   2. For all unix platforms, the string " DATA " will be removed from any 
+;+#	line on which it occurs.
+;+#   3. Lines containing ";+" will have ";+" removed on SUN and LINUX.
+;+#      On AIX, lines containing ";+" will be removed.  
+;+#   4. For all unix platforms, the string ";;" will thave the ";;" removed.
+;+#   5. For all unix platforms, after the above processing has taken place,
+;+#    all characters after the first ";" on the line will be removed.  
+;+#    And for AIX, the first ";" will also be removed.
+;+#  This file is passed directly to windows. Since ';' is a comment, all UNIX
+;+#   directives are hidden behind ";", ";+", and ";-"
+;+
+;+NSSprivate_3.11 {               # NSS 3.11 release
+;+    global:
+LIBRARY freebl3 ;-
+EXPORTS	;-
+FREEBL_GetVector;
+;+    local:
+;+       *;
+;+};
diff --git a/security/nss/lib/freebl/freebl.rc b/security/nss/lib/freebl/freebl.rc
new file mode 100644
index 000000000..c8dc397c8
--- /dev/null
+++ b/security/nss/lib/freebl/freebl.rc
@@ -0,0 +1,100 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 2001
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "softkver.h"
+#include <winver.h>
+
+#define MY_LIBNAME "freebl"
+#define MY_FILEDESCRIPTION "NSS freebl Library"
+
+#define STRINGIZE(x) #x
+#define STRINGIZE2(x) STRINGIZE(x)
+#define SOFTOKEN_VMAJOR_STR STRINGIZE2(SOFTOKEN_VMAJOR)
+
+#ifdef _DEBUG
+#define MY_DEBUG_STR " (debug)"
+#define MY_FILEFLAGS_1 VS_FF_DEBUG
+#else
+#define MY_DEBUG_STR ""
+#define MY_FILEFLAGS_1 0x0L
+#endif
+#if SOFTOKEN_BETA
+#define MY_FILEFLAGS_2 MY_FILEFLAGS_1|VS_FF_PRERELEASE
+#else
+#define MY_FILEFLAGS_2 MY_FILEFLAGS_1
+#endif
+
+#ifdef WINNT
+#define MY_FILEOS VOS_NT_WINDOWS32
+#else
+#define MY_FILEOS VOS__WINDOWS32
+#endif
+
+#define MY_INTERNAL_NAME MY_LIBNAME SOFTOKEN_VMAJOR_STR
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Version-information resource
+//
+
+VS_VERSION_INFO VERSIONINFO
+ FILEVERSION SOFTOKEN_VMAJOR,SOFTOKEN_VMINOR,SOFTOKEN_VPATCH,0
+ PRODUCTVERSION SOFTOKEN_VMAJOR,SOFTOKEN_VMINOR,SOFTOKEN_VPATCH,0
+ FILEFLAGSMASK VS_FFI_FILEFLAGSMASK
+ FILEFLAGS MY_FILEFLAGS_2
+ FILEOS MY_FILEOS
+ FILETYPE VFT_DLL
+ FILESUBTYPE 0x0L // not used
+
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+        BLOCK "040904B0" // Lang=US English, CharSet=Unicode
+        BEGIN
+            VALUE "CompanyName", "Mozilla Foundation\0"
+            VALUE "FileDescription", MY_FILEDESCRIPTION MY_DEBUG_STR "\0"
+            VALUE "FileVersion", SOFTOKEN_VERSION "\0"
+            VALUE "InternalName", MY_INTERNAL_NAME "\0"
+            VALUE "OriginalFilename", MY_INTERNAL_NAME ".dll\0"
+            VALUE "ProductName", "Network Security Services\0"
+            VALUE "ProductVersion", SOFTOKEN_VERSION "\0"
+        END
+    END
+    BLOCK "VarFileInfo"
+    BEGIN
+        VALUE "Translation", 0x409, 1200
+    END
+END
diff --git a/security/nss/lib/freebl/freeblver.c b/security/nss/lib/freebl/freeblver.c
new file mode 100644
index 000000000..2c5954534
--- /dev/null
+++ b/security/nss/lib/freebl/freeblver.c
@@ -0,0 +1,56 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 2005
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+/* Library identity and versioning */
+
+#include "softkver.h"
+
+#if defined(DEBUG)
+#define _DEBUG_STRING " (debug)"
+#else
+#define _DEBUG_STRING ""
+#endif
+
+/*
+ * Version information for the 'ident' and 'what commands
+ *
+ * NOTE: the first component of the concatenated rcsid string
+ * must not end in a '$' to prevent rcs keyword substitution.
+ */
+const char __nss_freebl_rcsid[] = "$Header: NSS " SOFTOKEN_VERSION _DEBUG_STRING
+        "  " __DATE__ " " __TIME__ " $";
+const char __nss_freebl_sccsid[] = "@(#)NSS " SOFTOKEN_VERSION _DEBUG_STRING
+        "  " __DATE__ " " __TIME__;
diff --git a/security/nss/lib/freebl/genload.c b/security/nss/lib/freebl/genload.c
new file mode 100644
index 000000000..fac6e22b0
--- /dev/null
+++ b/security/nss/lib/freebl/genload.c
@@ -0,0 +1,191 @@
+/*
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
+ *   Kai Engert <kengert@redhat.com>
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+/*
+ * This file is meant to be included by other .c files.
+ * This file takes a "parameter", the scope which includes this
+ * code shall declare this variable:
+ *   const char *NameOfThisSharedLib;
+ *
+ * NameOfThisSharedLib:
+ *   The file name of the shared library that shall be used as the 
+ *   "reference library". The loader will attempt to load the requested
+ *   library from the same directory as the reference library.
+ */
+
+#ifdef XP_UNIX
+#include <unistd.h>
+#define BL_MAXSYMLINKS 20
+
+/*
+ * If 'link' is a symbolic link, this function follows the symbolic links
+ * and returns the pathname of the ultimate source of the symbolic links.
+ * If 'link' is not a symbolic link, this function returns NULL.
+ * The caller should call PR_Free to free the string returned by this
+ * function.
+ */
+static char* loader_GetOriginalPathname(const char* link)
+{
+    char* resolved = NULL;
+    char* input = NULL;
+    PRUint32 iterations = 0;
+    PRInt32 len = 0, retlen = 0;
+    if (!link) {
+        PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
+        return NULL;
+    }
+    len = PR_MAX(1024, strlen(link) + 1);
+    resolved = PR_Malloc(len);
+    input = PR_Malloc(len);
+    if (!resolved || !input) {
+        if (resolved) {
+            PR_Free(resolved);
+        }
+        if (input) {
+            PR_Free(input);
+        }
+        return NULL;
+    }
+    strcpy(input, link);
+    while ( (iterations++ < BL_MAXSYMLINKS) &&
+            ( (retlen = readlink(input, resolved, len - 1)) > 0) ) {
+        char* tmp = input;
+        resolved[retlen] = '\0'; /* NULL termination */
+        input = resolved;
+        resolved = tmp;
+    }
+    PR_Free(resolved);
+    if (iterations == 1 && retlen < 0) {
+        PR_Free(input);
+        input = NULL;
+    }
+    return input;
+}
+#endif /* XP_UNIX */
+
+/*
+ * Load the library with the file name 'name' residing in the same
+ * directory as the reference library, whose pathname is 'referencePath'.
+ */
+static PRLibrary *
+loader_LoadLibInReferenceDir(const char *referencePath, const char *name)
+{
+    PRLibrary *dlh = NULL;
+    char *fullName = NULL;
+    char* c;
+    PRLibSpec libSpec;
+
+    /* Remove the trailing filename from referencePath and add the new one */
+    c = strrchr(referencePath, PR_GetDirectorySeparator());
+    if (c) {
+        size_t referencePathSize = 1 + c - referencePath;
+        fullName = (char*) PORT_Alloc(strlen(name) + referencePathSize + 1);
+        if (fullName) {
+            memcpy(fullName, referencePath, referencePathSize);
+            strcpy(fullName + referencePathSize, name); 
+#ifdef DEBUG_LOADER
+            PR_fprintf(PR_STDOUT, "\nAttempting to load fully-qualified %s\n", 
+                       fullName);
+#endif
+            libSpec.type = PR_LibSpec_Pathname;
+            libSpec.value.pathname = fullName;
+            dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL);
+            PORT_Free(fullName);
+        }
+    }
+    return dlh;
+}
+
+/*
+ * We use PR_GetLibraryFilePathname to get the pathname of the loaded 
+ * shared lib that contains this function, and then do a PR_LoadLibrary
+ * with an absolute pathname for the softoken shared library.
+ */
+
+static PRLibrary *
+loader_LoadLibrary(const char *nameToLoad)
+{
+    PRLibrary *lib = NULL;
+    char* fullPath = NULL;
+    PRLibSpec libSpec;
+
+    /* Get the pathname for nameOfAlreadyLoadedLib, i.e. /usr/lib/libnss3.so
+     * PR_GetLibraryFilePathname works with either the base library name or a
+     * function pointer, depending on the platform. We can't query an exported
+     * symbol such as NSC_GetFunctionList, because on some platforms we can't
+     * find symbols in loaded implicit dependencies.
+     * But we can just get the address of this function !
+     */
+    fullPath = PR_GetLibraryFilePathname(NameOfThisSharedLib,
+                                         (PRFuncPtr)&loader_LoadLibrary);
+
+    if (fullPath) {
+        lib = loader_LoadLibInReferenceDir(fullPath, nameToLoad);
+#ifdef XP_UNIX
+        if (!lib) {
+            /*
+             * If fullPath is a symbolic link, resolve the symbolic
+             * link and try again.
+             */
+            char* originalfullPath = loader_GetOriginalPathname(fullPath);
+            if (originalfullPath) {
+                PR_Free(fullPath);
+                fullPath = originalfullPath;
+                lib = loader_LoadLibInReferenceDir(fullPath, nameToLoad);
+            }
+        }
+#endif
+        PR_Free(fullPath);
+    }
+    if (!lib) {
+#ifdef DEBUG_LOADER
+        PR_fprintf(PR_STDOUT, "\nAttempting to load %s\n", nameToLoad);
+#endif
+        libSpec.type = PR_LibSpec_Pathname;
+        libSpec.value.pathname = nameToLoad;
+        lib = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL);
+    }
+    if (NULL == lib) {
+#ifdef DEBUG_LOADER
+        PR_fprintf(PR_STDOUT, "\nLoading failed : %s.\n", nameToLoad);
+#endif
+    }
+    return lib;
+}
+
diff --git a/security/nss/lib/freebl/ldvector.c b/security/nss/lib/freebl/ldvector.c
new file mode 100644
index 000000000..9fa51e6eb
--- /dev/null
+++ b/security/nss/lib/freebl/ldvector.c
@@ -0,0 +1,255 @@
+/*
+ * ldvector.c - platform dependent DSO containing freebl implementation.
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include "loader.h"
+#include "alghmac.h"
+
+static const struct FREEBLVectorStr vector = 
+{
+
+    sizeof vector,
+    FREEBL_VERSION,
+
+    RSA_NewKey,
+    RSA_PublicKeyOp,
+    RSA_PrivateKeyOp,
+    DSA_NewKey,
+    DSA_SignDigest,
+    DSA_VerifyDigest,
+    DSA_NewKeyFromSeed,
+    DSA_SignDigestWithSeed,
+    DH_GenParam,
+    DH_NewKey,
+    DH_Derive,
+    KEA_Derive,
+    KEA_Verify,
+    RC4_CreateContext,
+    RC4_DestroyContext,
+    RC4_Encrypt,
+    RC4_Decrypt,
+    RC2_CreateContext,
+    RC2_DestroyContext,
+    RC2_Encrypt,
+    RC2_Decrypt,
+    RC5_CreateContext,
+    RC5_DestroyContext,
+    RC5_Encrypt,
+    RC5_Decrypt,
+    DES_CreateContext,
+    DES_DestroyContext,
+    DES_Encrypt,
+    DES_Decrypt,
+    AES_CreateContext,
+    AES_DestroyContext,
+    AES_Encrypt,
+    AES_Decrypt,
+    MD5_Hash,
+    MD5_HashBuf,
+    MD5_NewContext,
+    MD5_DestroyContext,
+    MD5_Begin,
+    MD5_Update,
+    MD5_End,
+    MD5_FlattenSize,
+    MD5_Flatten,
+    MD5_Resurrect,
+    MD5_TraceState,
+    MD2_Hash,
+    MD2_NewContext,
+    MD2_DestroyContext,
+    MD2_Begin,
+    MD2_Update,
+    MD2_End,
+    MD2_FlattenSize,
+    MD2_Flatten,
+    MD2_Resurrect,
+    SHA1_Hash,
+    SHA1_HashBuf,
+    SHA1_NewContext,
+    SHA1_DestroyContext,
+    SHA1_Begin,
+    SHA1_Update,
+    SHA1_End,
+    SHA1_TraceState,
+    SHA1_FlattenSize,
+    SHA1_Flatten,
+    SHA1_Resurrect,
+    RNG_RNGInit,
+    RNG_RandomUpdate,
+    RNG_GenerateGlobalRandomBytes,
+    RNG_RNGShutdown,
+    PQG_ParamGen,
+    PQG_ParamGenSeedLen,
+    PQG_VerifyParams,
+
+    /* End of Version 3.001. */
+
+    RSA_PrivateKeyOpDoubleChecked,
+    RSA_PrivateKeyCheck,
+    BL_Cleanup,
+
+    /* End of Version 3.002. */
+
+    SHA256_NewContext,
+    SHA256_DestroyContext,
+    SHA256_Begin,
+    SHA256_Update,
+    SHA256_End,
+    SHA256_HashBuf,
+    SHA256_Hash,
+    SHA256_TraceState,
+    SHA256_FlattenSize,
+    SHA256_Flatten,
+    SHA256_Resurrect,
+
+    SHA512_NewContext,
+    SHA512_DestroyContext,
+    SHA512_Begin,
+    SHA512_Update,
+    SHA512_End,
+    SHA512_HashBuf,
+    SHA512_Hash,
+    SHA512_TraceState,
+    SHA512_FlattenSize,
+    SHA512_Flatten,
+    SHA512_Resurrect,
+
+    SHA384_NewContext,
+    SHA384_DestroyContext,
+    SHA384_Begin,
+    SHA384_Update,
+    SHA384_End,
+    SHA384_HashBuf,
+    SHA384_Hash,
+    SHA384_TraceState,
+    SHA384_FlattenSize,
+    SHA384_Flatten,
+    SHA384_Resurrect,
+
+    /* End of Version 3.003. */
+
+    AESKeyWrap_CreateContext,
+    AESKeyWrap_DestroyContext,
+    AESKeyWrap_Encrypt,
+    AESKeyWrap_Decrypt,
+
+    /* End of Version 3.004. */
+
+    BLAPI_SHVerify,
+    BLAPI_VerifySelf,
+
+    /* End of Version 3.005. */
+
+    EC_NewKey,
+    EC_NewKeyFromSeed,
+    EC_ValidatePublicKey,
+    ECDH_Derive,
+    ECDSA_SignDigest,
+    ECDSA_VerifyDigest,
+    ECDSA_SignDigestWithSeed,
+
+    /* End of Version 3.006. */
+    /* End of Version 3.007. */
+
+    AES_InitContext,
+    AESKeyWrap_InitContext,
+    DES_InitContext,
+    RC2_InitContext,
+    RC4_InitContext,
+
+    AES_AllocateContext,
+    AESKeyWrap_AllocateContext,
+    DES_AllocateContext,
+    RC2_AllocateContext,
+    RC4_AllocateContext,
+
+    MD2_Clone,
+    MD5_Clone,
+    SHA1_Clone,
+    SHA256_Clone,
+    SHA384_Clone,
+    SHA512_Clone,
+
+    TLS_PRF,
+    HASH_GetRawHashObject,
+
+    HMAC_Create,
+    HMAC_Init,
+    HMAC_Begin,
+    HMAC_Update,
+    HMAC_Clone,
+    HMAC_Finish,
+    HMAC_Destroy,
+
+    RNG_SystemInfoForRNG,
+
+    /* End of Version 3.008. */
+
+    FIPS186Change_GenerateX,
+    FIPS186Change_ReduceModQForDSA,
+
+    /* End of Version 3.009. */
+    Camellia_InitContext,
+    Camellia_AllocateContext,
+    Camellia_CreateContext,
+    Camellia_DestroyContext,
+    Camellia_Encrypt,
+    Camellia_Decrypt,
+
+    /* End of Version 3.010. */
+    PQG_DestroyParams,
+    PQG_DestroyVerify,
+
+};
+
+const FREEBLVector * 
+FREEBL_GetVector(void)
+{
+    extern const char __nss_freebl_rcsid[];
+    extern const char __nss_freebl_sccsid[];
+
+    /* force a reference that won't get optimized away */
+    volatile char c;
+
+    c = __nss_freebl_rcsid[0] + __nss_freebl_sccsid[0]; 
+    return &vector;
+}
+
diff --git a/security/nss/lib/freebl/loader.c b/security/nss/lib/freebl/loader.c
new file mode 100644
index 000000000..01a1d6059
--- /dev/null
+++ b/security/nss/lib/freebl/loader.c
@@ -0,0 +1,1595 @@
+/*
+ * loader.c - load platform dependent DSO containing freebl implementation.
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include "loader.h"
+#include "prmem.h"
+#include "prerror.h"
+#include "prinit.h"
+#include "prenv.h"
+
+static const char* default_name =
+    SHLIB_PREFIX"freebl"SHLIB_VERSION"."SHLIB_SUFFIX;
+
+/* getLibName() returns the name of the library to load. */
+
+#if defined(SOLARIS) && defined(__sparc)
+#include <stddef.h>
+#include <strings.h>
+#include <sys/systeminfo.h>
+
+
+#if defined(NSS_USE_64)
+
+const static char fpu_hybrid_shared_lib[] = "libfreebl_64fpu_3.so";
+const static char int_hybrid_shared_lib[] = "libfreebl_64int_3.so";
+const static char non_hybrid_shared_lib[] = "libfreebl_64fpu_3.so";
+
+const static char int_hybrid_isa[] = "sparcv9";
+const static char fpu_hybrid_isa[] = "sparcv9+vis";
+
+#else
+
+const static char fpu_hybrid_shared_lib[] = "libfreebl_32fpu_3.so";
+const static char int_hybrid_shared_lib[] = "libfreebl_32int64_3.so";
+const static char non_hybrid_shared_lib[] = "libfreebl_32int_3.so";
+
+const static char int_hybrid_isa[] = "sparcv8plus";
+const static char fpu_hybrid_isa[] = "sparcv8plus+vis";
+
+#endif
+
+static const char *
+getLibName(void)
+{
+    char * found_int_hybrid;
+    char * found_fpu_hybrid;
+    long buflen;
+    char buf[256];
+
+    buflen = sysinfo(SI_ISALIST, buf, sizeof buf);
+    if (buflen <= 0) 
+	return NULL;
+    /* sysinfo output is always supposed to be NUL terminated, but ... */
+    if (buflen < sizeof buf) 
+    	buf[buflen] = '\0';
+    else
+    	buf[(sizeof buf) - 1] = '\0';
+    /* The ISA list is a space separated string of names of ISAs and
+     * ISA extensions, in order of decreasing performance.
+     * There are two different ISAs with which NSS's crypto code can be
+     * accelerated. If both are in the list, we take the first one.
+     * If one is in the list, we use it, and if neither then we use
+     * the base unaccelerated code.
+     */
+    found_int_hybrid = strstr(buf, int_hybrid_isa);
+    found_fpu_hybrid = strstr(buf, fpu_hybrid_isa);
+    if (found_fpu_hybrid && 
+	(!found_int_hybrid ||
+	 (found_int_hybrid - found_fpu_hybrid) >= 0)) {
+	return fpu_hybrid_shared_lib;
+    }
+    if (found_int_hybrid) {
+	return int_hybrid_shared_lib;
+    }
+    return non_hybrid_shared_lib;
+}
+
+#elif defined(HPUX) && !defined(NSS_USE_64) && !defined(__ia64)
+/* This code tests to see if we're running on a PA2.x CPU.
+** It returns true (1) if so, and false (0) otherwise.
+*/
+static const char *
+getLibName(void)
+{
+    long cpu = sysconf(_SC_CPU_VERSION);
+    return (cpu == CPU_PA_RISC2_0) 
+		? "libfreebl_32fpu_3.sl"
+	        : "libfreebl_32int32_3.sl" ;
+}
+#else
+/* default case, for platforms/ABIs that have only one freebl shared lib. */
+static const char * getLibName(void) { return default_name; }
+#endif
+
+#include "prio.h"
+#include "prprf.h"
+#include <stdio.h>
+#include "prsystem.h"
+
+static const char *NameOfThisSharedLib = 
+  SHLIB_PREFIX"softokn"SOFTOKEN_SHLIB_VERSION"."SHLIB_SUFFIX;
+
+static PRLibrary* blLib;
+
+#define LSB(x) ((x)&0xff)
+#define MSB(x) ((x)>>8)
+
+static const FREEBLVector *vector;
+static const char *libraryName = NULL;
+
+#include "genload.c"
+
+/* This function must be run only once. */
+/*  determine if hybrid platform, then actually load the DSO. */
+static PRStatus
+freebl_LoadDSO( void ) 
+{
+  PRLibrary *  handle;
+  const char * name = getLibName();
+
+  if (!name) {
+    PR_SetError(PR_LOAD_LIBRARY_ERROR, 0);
+    return PR_FAILURE;
+  }
+
+  handle = loader_LoadLibrary(name);
+  if (handle) {
+    PRFuncPtr address = PR_FindFunctionSymbol(handle, "FREEBL_GetVector");
+    PRStatus status;
+    if (address) {
+      FREEBLGetVectorFn  * getVector = (FREEBLGetVectorFn *)address;
+      const FREEBLVector * dsoVector = getVector();
+      if (dsoVector) {
+	unsigned short dsoVersion = dsoVector->version;
+	unsigned short  myVersion = FREEBL_VERSION;
+	if (MSB(dsoVersion) == MSB(myVersion) && 
+	    LSB(dsoVersion) >= LSB(myVersion) &&
+	    dsoVector->length >= sizeof(FREEBLVector)) {
+          vector = dsoVector;
+	  libraryName = name;
+	  blLib = handle;
+	  return PR_SUCCESS;
+	}
+      }
+    }
+    status = PR_UnloadLibrary(handle);
+    PORT_Assert(PR_SUCCESS == status);
+  }
+  return PR_FAILURE;
+}
+
+static const PRCallOnceType pristineCallOnce;
+static PRCallOnceType loadFreeBLOnce;
+
+static PRStatus
+freebl_RunLoaderOnce( void )
+{
+  PRStatus status;
+
+  status = PR_CallOnce(&loadFreeBLOnce, &freebl_LoadDSO);
+  return status;
+}
+
+
+RSAPrivateKey * 
+RSA_NewKey(int keySizeInBits, SECItem * publicExponent)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return NULL;
+  return (vector->p_RSA_NewKey)(keySizeInBits, publicExponent);
+}
+
+SECStatus 
+RSA_PublicKeyOp(RSAPublicKey *   key,
+				 unsigned char *  output,
+				 const unsigned char *  input)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_RSA_PublicKeyOp)(key, output, input);
+}
+
+SECStatus 
+RSA_PrivateKeyOp(RSAPrivateKey *  key,
+				  unsigned char *  output,
+				  const unsigned char *  input)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_RSA_PrivateKeyOp)(key, output, input);
+}
+
+SECStatus
+RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey *key,
+                              unsigned char *output,
+                              const unsigned char *input)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_RSA_PrivateKeyOpDoubleChecked)(key, output, input);
+}
+
+SECStatus
+RSA_PrivateKeyCheck(RSAPrivateKey *key)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_RSA_PrivateKeyCheck)(key);
+}
+
+SECStatus 
+DSA_NewKey(const PQGParams * params, DSAPrivateKey ** privKey)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_DSA_NewKey)(params, privKey);
+}
+
+SECStatus 
+DSA_SignDigest(DSAPrivateKey * key, SECItem * signature, const SECItem * digest)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_DSA_SignDigest)( key,  signature,  digest);
+}
+
+SECStatus 
+DSA_VerifyDigest(DSAPublicKey * key, const SECItem * signature, 
+                 const SECItem * digest)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_DSA_VerifyDigest)( key,  signature,  digest);
+}
+
+SECStatus 
+DSA_NewKeyFromSeed(const PQGParams *params, const unsigned char * seed,
+                   DSAPrivateKey **privKey)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_DSA_NewKeyFromSeed)(params,  seed, privKey);
+}
+
+SECStatus 
+DSA_SignDigestWithSeed(DSAPrivateKey * key, SECItem * signature,
+		       const SECItem * digest, const unsigned char * seed)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_DSA_SignDigestWithSeed)( key, signature, digest, seed);
+}
+
+SECStatus 
+DH_GenParam(int primeLen, DHParams ** params)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_DH_GenParam)(primeLen, params);
+}
+
+SECStatus 
+DH_NewKey(DHParams * params, DHPrivateKey ** privKey)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_DH_NewKey)( params, privKey);
+}
+
+SECStatus 
+DH_Derive(SECItem * publicValue, SECItem * prime, SECItem * privateValue, 
+			 SECItem * derivedSecret, unsigned int maxOutBytes)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_DH_Derive)( publicValue, prime, privateValue, 
+				derivedSecret, maxOutBytes);
+}
+
+SECStatus 
+KEA_Derive(SECItem *prime, SECItem *public1, SECItem *public2, 
+	   SECItem *private1, SECItem *private2, SECItem *derivedSecret)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_KEA_Derive)(prime, public1, public2, 
+	                        private1, private2, derivedSecret);
+}
+
+PRBool 
+KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return PR_FALSE;
+  return (vector->p_KEA_Verify)(Y, prime, subPrime);
+}
+
+RC4Context *
+RC4_CreateContext(const unsigned char *key, int len)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return NULL;
+  return (vector->p_RC4_CreateContext)(key, len);
+}
+
+void 
+RC4_DestroyContext(RC4Context *cx, PRBool freeit)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return;
+  (vector->p_RC4_DestroyContext)(cx, freeit);
+}
+
+SECStatus 
+RC4_Encrypt(RC4Context *cx, unsigned char *output, unsigned int *outputLen, 
+	    unsigned int maxOutputLen, const unsigned char *input, 
+	    unsigned int inputLen)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_RC4_Encrypt)(cx, output, outputLen, maxOutputLen, input, 
+	                         inputLen);
+}
+
+SECStatus 
+RC4_Decrypt(RC4Context *cx, unsigned char *output, unsigned int *outputLen, 
+	    unsigned int maxOutputLen, const unsigned char *input, 
+	    unsigned int inputLen)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_RC4_Decrypt)(cx, output, outputLen, maxOutputLen, input, 
+	                         inputLen);
+}
+
+RC2Context *
+RC2_CreateContext(const unsigned char *key, unsigned int len,
+		  const unsigned char *iv, int mode, unsigned effectiveKeyLen)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return NULL;
+  return (vector->p_RC2_CreateContext)(key, len, iv, mode, effectiveKeyLen);
+}
+
+void 
+RC2_DestroyContext(RC2Context *cx, PRBool freeit)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return;
+  (vector->p_RC2_DestroyContext)(cx, freeit);
+}
+
+SECStatus 
+RC2_Encrypt(RC2Context *cx, unsigned char *output, unsigned int *outputLen, 
+	    unsigned int maxOutputLen, const unsigned char *input, 
+	    unsigned int inputLen)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_RC2_Encrypt)(cx, output, outputLen, maxOutputLen, input, 
+	                         inputLen);
+}
+
+SECStatus 
+RC2_Decrypt(RC2Context *cx, unsigned char *output, unsigned int *outputLen, 
+	    unsigned int maxOutputLen, const unsigned char *input, 
+	    unsigned int inputLen)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_RC2_Decrypt)(cx, output, outputLen, maxOutputLen, input, 
+	                         inputLen);
+}
+
+RC5Context *
+RC5_CreateContext(const SECItem *key, unsigned int rounds,
+		  unsigned int wordSize, const unsigned char *iv, int mode)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return NULL;
+  return (vector->p_RC5_CreateContext)(key, rounds, wordSize, iv, mode);
+}
+
+void 
+RC5_DestroyContext(RC5Context *cx, PRBool freeit)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return;
+  (vector->p_RC5_DestroyContext)(cx, freeit);
+}
+
+SECStatus 
+RC5_Encrypt(RC5Context *cx, unsigned char *output, unsigned int *outputLen, 
+	    unsigned int maxOutputLen, const unsigned char *input, 
+	    unsigned int inputLen)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_RC5_Encrypt)(cx, output, outputLen, maxOutputLen, input, 
+				 inputLen);
+}
+
+SECStatus 
+RC5_Decrypt(RC5Context *cx, unsigned char *output, unsigned int *outputLen, 
+	    unsigned int maxOutputLen, const unsigned char *input, 
+	    unsigned int inputLen)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_RC5_Decrypt)(cx, output, outputLen, maxOutputLen, input, 
+	                         inputLen);
+}
+
+DESContext *
+DES_CreateContext(const unsigned char *key, const unsigned char *iv,
+		  int mode, PRBool encrypt)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return NULL;
+  return (vector->p_DES_CreateContext)(key, iv, mode, encrypt);
+}
+
+void 
+DES_DestroyContext(DESContext *cx, PRBool freeit)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return;
+  (vector->p_DES_DestroyContext)(cx, freeit);
+}
+
+SECStatus 
+DES_Encrypt(DESContext *cx, unsigned char *output, unsigned int *outputLen, 
+	    unsigned int maxOutputLen, const unsigned char *input, 
+	    unsigned int inputLen)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_DES_Encrypt)(cx, output, outputLen, maxOutputLen, input, 
+	                         inputLen);
+}
+
+SECStatus 
+DES_Decrypt(DESContext *cx, unsigned char *output, unsigned int *outputLen, 
+	    unsigned int maxOutputLen, const unsigned char *input, 
+	    unsigned int inputLen)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_DES_Decrypt)(cx, output, outputLen, maxOutputLen, input, 
+	                         inputLen);
+}
+
+AESContext *
+AES_CreateContext(const unsigned char *key, const unsigned char *iv, 
+                  int mode, int encrypt,
+                  unsigned int keylen, unsigned int blocklen)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return NULL;
+  return (vector->p_AES_CreateContext)(key, iv, mode, encrypt, keylen, 
+				       blocklen);
+}
+
+void 
+AES_DestroyContext(AESContext *cx, PRBool freeit)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return ;
+  (vector->p_AES_DestroyContext)(cx, freeit);
+}
+
+SECStatus 
+AES_Encrypt(AESContext *cx, unsigned char *output,
+            unsigned int *outputLen, unsigned int maxOutputLen,
+            const unsigned char *input, unsigned int inputLen)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_AES_Encrypt)(cx, output, outputLen, maxOutputLen, 
+				 input, inputLen);
+}
+
+SECStatus 
+AES_Decrypt(AESContext *cx, unsigned char *output,
+            unsigned int *outputLen, unsigned int maxOutputLen,
+            const unsigned char *input, unsigned int inputLen)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_AES_Decrypt)(cx, output, outputLen, maxOutputLen, 
+				 input, inputLen);
+}
+
+SECStatus 
+MD5_Hash(unsigned char *dest, const char *src)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_MD5_Hash)(dest, src);
+}
+
+SECStatus 
+MD5_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_MD5_HashBuf)(dest, src, src_length);
+}
+
+MD5Context *
+MD5_NewContext(void)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return NULL;
+  return (vector->p_MD5_NewContext)();
+}
+
+void 
+MD5_DestroyContext(MD5Context *cx, PRBool freeit)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return;
+  (vector->p_MD5_DestroyContext)(cx, freeit);
+}
+
+void 
+MD5_Begin(MD5Context *cx)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return;
+  (vector->p_MD5_Begin)(cx);
+}
+
+void 
+MD5_Update(MD5Context *cx, const unsigned char *input, unsigned int inputLen)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return;
+  (vector->p_MD5_Update)(cx, input, inputLen);
+}
+
+void 
+MD5_End(MD5Context *cx, unsigned char *digest,
+		    unsigned int *digestLen, unsigned int maxDigestLen)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return;
+  (vector->p_MD5_End)(cx, digest, digestLen, maxDigestLen);
+}
+
+unsigned int 
+MD5_FlattenSize(MD5Context *cx)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return 0;
+  return (vector->p_MD5_FlattenSize)(cx);
+}
+
+SECStatus 
+MD5_Flatten(MD5Context *cx,unsigned char *space)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_MD5_Flatten)(cx, space);
+}
+
+MD5Context * 
+MD5_Resurrect(unsigned char *space, void *arg)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return NULL;
+  return (vector->p_MD5_Resurrect)(space, arg);
+}
+
+void 
+MD5_TraceState(MD5Context *cx)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return ;
+  (vector->p_MD5_TraceState)(cx);
+}
+
+SECStatus 
+MD2_Hash(unsigned char *dest, const char *src)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_MD2_Hash)(dest, src);
+}
+
+MD2Context *
+MD2_NewContext(void)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return NULL;
+  return (vector->p_MD2_NewContext)();
+}
+
+void 
+MD2_DestroyContext(MD2Context *cx, PRBool freeit)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return ;
+  (vector->p_MD2_DestroyContext)(cx, freeit);
+}
+
+void 
+MD2_Begin(MD2Context *cx)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return ;
+  (vector->p_MD2_Begin)(cx);
+}
+
+void 
+MD2_Update(MD2Context *cx, const unsigned char *input, unsigned int inputLen)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return ;
+  (vector->p_MD2_Update)(cx, input, inputLen);
+}
+
+void 
+MD2_End(MD2Context *cx, unsigned char *digest,
+		    unsigned int *digestLen, unsigned int maxDigestLen)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return ;
+  (vector->p_MD2_End)(cx, digest, digestLen, maxDigestLen);
+}
+
+unsigned int 
+MD2_FlattenSize(MD2Context *cx)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return 0;
+  return (vector->p_MD2_FlattenSize)(cx);
+}
+
+SECStatus 
+MD2_Flatten(MD2Context *cx,unsigned char *space)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_MD2_Flatten)(cx, space);
+}
+
+MD2Context * 
+MD2_Resurrect(unsigned char *space, void *arg)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return NULL;
+  return (vector->p_MD2_Resurrect)(space, arg);
+}
+
+
+SECStatus 
+SHA1_Hash(unsigned char *dest, const char *src)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_SHA1_Hash)(dest, src);
+}
+
+SECStatus 
+SHA1_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_SHA1_HashBuf)(dest, src, src_length);
+}
+
+SHA1Context *
+SHA1_NewContext(void)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return NULL;
+  return (vector->p_SHA1_NewContext)();
+}
+
+void 
+SHA1_DestroyContext(SHA1Context *cx, PRBool freeit)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return ;
+  (vector->p_SHA1_DestroyContext)(cx, freeit);
+}
+
+void 
+SHA1_Begin(SHA1Context *cx)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return ;
+  (vector->p_SHA1_Begin)(cx);
+}
+
+void 
+SHA1_Update(SHA1Context *cx, const unsigned char *input,
+			unsigned int inputLen)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return ;
+  (vector->p_SHA1_Update)(cx, input, inputLen);
+}
+
+void 
+SHA1_End(SHA1Context *cx, unsigned char *digest,
+		     unsigned int *digestLen, unsigned int maxDigestLen)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return ;
+  (vector->p_SHA1_End)(cx, digest, digestLen, maxDigestLen);
+}
+
+void 
+SHA1_TraceState(SHA1Context *cx)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return ;
+  (vector->p_SHA1_TraceState)(cx);
+}
+
+unsigned int 
+SHA1_FlattenSize(SHA1Context *cx)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return 0;
+  return (vector->p_SHA1_FlattenSize)(cx);
+}
+
+SECStatus 
+SHA1_Flatten(SHA1Context *cx,unsigned char *space)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_SHA1_Flatten)(cx, space);
+}
+
+SHA1Context * 
+SHA1_Resurrect(unsigned char *space, void *arg)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return NULL;
+  return (vector->p_SHA1_Resurrect)(space, arg);
+}
+
+SECStatus 
+RNG_RNGInit(void)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_RNG_RNGInit)();
+}
+
+SECStatus 
+RNG_RandomUpdate(const void *data, size_t bytes)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_RNG_RandomUpdate)(data, bytes);
+}
+
+SECStatus 
+RNG_GenerateGlobalRandomBytes(void *dest, size_t len)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_RNG_GenerateGlobalRandomBytes)(dest, len);
+}
+
+void  
+RNG_RNGShutdown(void)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return ;
+  (vector->p_RNG_RNGShutdown)();
+}
+
+SECStatus
+PQG_ParamGen(unsigned int j, PQGParams **pParams, PQGVerify **pVfy)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_PQG_ParamGen)(j, pParams, pVfy); 
+}
+
+SECStatus
+PQG_ParamGenSeedLen( unsigned int j, unsigned int seedBytes, 
+                     PQGParams **pParams, PQGVerify **pVfy)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_PQG_ParamGenSeedLen)(j, seedBytes, pParams, pVfy);
+}
+
+SECStatus   
+PQG_VerifyParams(const PQGParams *params, const PQGVerify *vfy, 
+		 SECStatus *result)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_PQG_VerifyParams)(params, vfy, result);
+}
+
+void   
+PQG_DestroyParams(PQGParams *params)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return;
+  (vector->p_PQG_DestroyParams)(params);
+}
+
+void   
+PQG_DestroyVerify(PQGVerify *vfy)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return;
+  (vector->p_PQG_DestroyVerify)(vfy);
+}
+
+void 
+BL_Cleanup(void)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return;
+  (vector->p_BL_Cleanup)();
+}
+
+void
+BL_Unload(void)
+{
+  /* This function is not thread-safe, but doesn't need to be, because it is
+   * only called from functions that are also defined as not thread-safe,
+   * namely C_Finalize in softoken, and the SSL bypass shutdown callback called
+   * from NSS_Shutdown. */
+  char *disableUnload = NULL;
+  vector = NULL;
+  /* If an SSL socket is configured with SSL_BYPASS_PKCS11, but the application
+   * never does a handshake on it, BL_Unload will be called even though freebl
+   * was never loaded. So, don't assert blLib. */
+  if (blLib) {
+      disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
+      if (!disableUnload) {
+          PRStatus status = PR_UnloadLibrary(blLib);
+          PORT_Assert(PR_SUCCESS == status);
+      }
+      blLib = NULL;
+  }
+  loadFreeBLOnce = pristineCallOnce;
+}
+
+/* ============== New for 3.003 =============================== */
+
+SECStatus 
+SHA256_Hash(unsigned char *dest, const char *src)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_SHA256_Hash)(dest, src);
+}
+
+SECStatus 
+SHA256_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_SHA256_HashBuf)(dest, src, src_length);
+}
+
+SHA256Context *
+SHA256_NewContext(void)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return NULL;
+  return (vector->p_SHA256_NewContext)();
+}
+
+void 
+SHA256_DestroyContext(SHA256Context *cx, PRBool freeit)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return ;
+  (vector->p_SHA256_DestroyContext)(cx, freeit);
+}
+
+void 
+SHA256_Begin(SHA256Context *cx)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return ;
+  (vector->p_SHA256_Begin)(cx);
+}
+
+void 
+SHA256_Update(SHA256Context *cx, const unsigned char *input,
+			unsigned int inputLen)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return ;
+  (vector->p_SHA256_Update)(cx, input, inputLen);
+}
+
+void 
+SHA256_End(SHA256Context *cx, unsigned char *digest,
+		     unsigned int *digestLen, unsigned int maxDigestLen)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return ;
+  (vector->p_SHA256_End)(cx, digest, digestLen, maxDigestLen);
+}
+
+void 
+SHA256_TraceState(SHA256Context *cx)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return ;
+  (vector->p_SHA256_TraceState)(cx);
+}
+
+unsigned int 
+SHA256_FlattenSize(SHA256Context *cx)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return 0;
+  return (vector->p_SHA256_FlattenSize)(cx);
+}
+
+SECStatus 
+SHA256_Flatten(SHA256Context *cx,unsigned char *space)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_SHA256_Flatten)(cx, space);
+}
+
+SHA256Context * 
+SHA256_Resurrect(unsigned char *space, void *arg)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return NULL;
+  return (vector->p_SHA256_Resurrect)(space, arg);
+}
+
+SECStatus 
+SHA512_Hash(unsigned char *dest, const char *src)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_SHA512_Hash)(dest, src);
+}
+
+SECStatus 
+SHA512_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_SHA512_HashBuf)(dest, src, src_length);
+}
+
+SHA512Context *
+SHA512_NewContext(void)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return NULL;
+  return (vector->p_SHA512_NewContext)();
+}
+
+void 
+SHA512_DestroyContext(SHA512Context *cx, PRBool freeit)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return ;
+  (vector->p_SHA512_DestroyContext)(cx, freeit);
+}
+
+void 
+SHA512_Begin(SHA512Context *cx)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return ;
+  (vector->p_SHA512_Begin)(cx);
+}
+
+void 
+SHA512_Update(SHA512Context *cx, const unsigned char *input,
+			unsigned int inputLen)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return ;
+  (vector->p_SHA512_Update)(cx, input, inputLen);
+}
+
+void 
+SHA512_End(SHA512Context *cx, unsigned char *digest,
+		     unsigned int *digestLen, unsigned int maxDigestLen)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return ;
+  (vector->p_SHA512_End)(cx, digest, digestLen, maxDigestLen);
+}
+
+void 
+SHA512_TraceState(SHA512Context *cx)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return ;
+  (vector->p_SHA512_TraceState)(cx);
+}
+
+unsigned int 
+SHA512_FlattenSize(SHA512Context *cx)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return 0;
+  return (vector->p_SHA512_FlattenSize)(cx);
+}
+
+SECStatus 
+SHA512_Flatten(SHA512Context *cx,unsigned char *space)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_SHA512_Flatten)(cx, space);
+}
+
+SHA512Context * 
+SHA512_Resurrect(unsigned char *space, void *arg)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return NULL;
+  return (vector->p_SHA512_Resurrect)(space, arg);
+}
+
+
+SECStatus 
+SHA384_Hash(unsigned char *dest, const char *src)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_SHA384_Hash)(dest, src);
+}
+
+SECStatus 
+SHA384_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_SHA384_HashBuf)(dest, src, src_length);
+}
+
+SHA384Context *
+SHA384_NewContext(void)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return NULL;
+  return (vector->p_SHA384_NewContext)();
+}
+
+void 
+SHA384_DestroyContext(SHA384Context *cx, PRBool freeit)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return ;
+  (vector->p_SHA384_DestroyContext)(cx, freeit);
+}
+
+void 
+SHA384_Begin(SHA384Context *cx)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return ;
+  (vector->p_SHA384_Begin)(cx);
+}
+
+void 
+SHA384_Update(SHA384Context *cx, const unsigned char *input,
+			unsigned int inputLen)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return ;
+  (vector->p_SHA384_Update)(cx, input, inputLen);
+}
+
+void 
+SHA384_End(SHA384Context *cx, unsigned char *digest,
+		     unsigned int *digestLen, unsigned int maxDigestLen)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return ;
+  (vector->p_SHA384_End)(cx, digest, digestLen, maxDigestLen);
+}
+
+void 
+SHA384_TraceState(SHA384Context *cx)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return ;
+  (vector->p_SHA384_TraceState)(cx);
+}
+
+unsigned int 
+SHA384_FlattenSize(SHA384Context *cx)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return 0;
+  return (vector->p_SHA384_FlattenSize)(cx);
+}
+
+SECStatus 
+SHA384_Flatten(SHA384Context *cx,unsigned char *space)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_SHA384_Flatten)(cx, space);
+}
+
+SHA384Context * 
+SHA384_Resurrect(unsigned char *space, void *arg)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return NULL;
+  return (vector->p_SHA384_Resurrect)(space, arg);
+}
+
+
+AESKeyWrapContext *
+AESKeyWrap_CreateContext(const unsigned char *key, const unsigned char *iv, 
+                         int encrypt, unsigned int keylen)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return NULL;
+  return vector->p_AESKeyWrap_CreateContext(key, iv, encrypt, keylen);
+}
+
+void 
+AESKeyWrap_DestroyContext(AESKeyWrapContext *cx, PRBool freeit)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return;
+  vector->p_AESKeyWrap_DestroyContext(cx, freeit);
+}
+
+SECStatus 
+AESKeyWrap_Encrypt(AESKeyWrapContext *cx, unsigned char *output,
+		   unsigned int *outputLen, unsigned int maxOutputLen,
+		   const unsigned char *input, unsigned int inputLen)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return vector->p_AESKeyWrap_Encrypt(cx, output, outputLen, maxOutputLen,
+                                      input, inputLen);
+}
+SECStatus 
+AESKeyWrap_Decrypt(AESKeyWrapContext *cx, unsigned char *output,
+		   unsigned int *outputLen, unsigned int maxOutputLen,
+		   const unsigned char *input, unsigned int inputLen)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return vector->p_AESKeyWrap_Decrypt(cx, output, outputLen, maxOutputLen,
+		                      input, inputLen);
+}
+
+PRBool
+BLAPI_SHVerify(const char *name, PRFuncPtr addr)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return PR_FALSE;
+  return vector->p_BLAPI_SHVerify(name, addr);
+}
+
+/*
+ * The Caller is expected to pass NULL as the name, which will
+ * trigger the p_BLAPI_VerifySelf() to return 'TRUE'. If we really loaded
+ * from a shared library, BLAPI_VerifySelf will get pick up the real name
+ * from the static set in freebl_LoadDSO( void ) 
+ */
+PRBool
+BLAPI_VerifySelf(const char *name)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return PR_FALSE;
+  return vector->p_BLAPI_VerifySelf(libraryName);
+}
+
+/* ============== New for 3.006 =============================== */
+
+SECStatus 
+EC_NewKey(ECParams * params, ECPrivateKey ** privKey)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_EC_NewKey)( params, privKey );
+}
+
+SECStatus 
+EC_NewKeyFromSeed(ECParams * params, ECPrivateKey ** privKey,
+    const unsigned char *seed, int seedlen)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_EC_NewKeyFromSeed)( params, privKey, seed, seedlen );
+}
+
+SECStatus 
+EC_ValidatePublicKey(ECParams * params, SECItem * publicValue)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_EC_ValidatePublicKey)( params, publicValue );
+}
+
+SECStatus 
+ECDH_Derive(SECItem * publicValue, ECParams * params, SECItem * privateValue,
+            PRBool withCofactor, SECItem * derivedSecret)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_ECDH_Derive)( publicValue, params, privateValue,
+                                  withCofactor, derivedSecret );
+}
+
+SECStatus
+ECDSA_SignDigest(ECPrivateKey * key, SECItem * signature,
+    const SECItem * digest)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_ECDSA_SignDigest)( key, signature, digest );
+}
+
+SECStatus
+ECDSA_VerifyDigest(ECPublicKey * key, const SECItem * signature,
+    const SECItem * digest)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_ECDSA_VerifyDigest)( key, signature, digest );
+}
+
+SECStatus
+ECDSA_SignDigestWithSeed(ECPrivateKey * key, SECItem * signature,
+    const SECItem * digest, const unsigned char *seed, const int seedlen)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_ECDSA_SignDigestWithSeed)( key, signature, digest, 
+      seed, seedlen );
+}
+
+/* ============== New for 3.008 =============================== */
+
+AESContext *
+AES_AllocateContext(void)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return NULL;
+  return (vector->p_AES_AllocateContext)();
+}
+
+AESKeyWrapContext *
+AESKeyWrap_AllocateContext(void)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return NULL;
+  return (vector->p_AESKeyWrap_AllocateContext)();
+}
+
+DESContext *
+DES_AllocateContext(void)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return NULL;
+  return (vector->p_DES_AllocateContext)();
+}
+
+RC2Context *
+RC2_AllocateContext(void)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return NULL;
+  return (vector->p_RC2_AllocateContext)();
+}
+
+RC4Context *
+RC4_AllocateContext(void)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return NULL;
+  return (vector->p_RC4_AllocateContext)();
+}
+
+SECStatus 
+AES_InitContext(AESContext *cx, const unsigned char *key, 
+		unsigned int keylen, const unsigned char *iv, int mode,
+		unsigned int encrypt, unsigned int blocklen)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_AES_InitContext)(cx, key, keylen, iv, mode, encrypt, 
+				     blocklen);
+}
+
+SECStatus 
+AESKeyWrap_InitContext(AESKeyWrapContext *cx, const unsigned char *key, 
+		unsigned int keylen, const unsigned char *iv, int mode,
+		unsigned int encrypt, unsigned int blocklen)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_AESKeyWrap_InitContext)(cx, key, keylen, iv, mode, 
+					    encrypt, blocklen);
+}
+
+SECStatus 
+DES_InitContext(DESContext *cx, const unsigned char *key, 
+		unsigned int keylen, const unsigned char *iv, int mode,
+		unsigned int encrypt, unsigned int xtra)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_DES_InitContext)(cx, key, keylen, iv, mode, encrypt, xtra);
+}
+
+SECStatus 
+RC2_InitContext(RC2Context *cx, const unsigned char *key, 
+		unsigned int keylen, const unsigned char *iv, int mode,
+		unsigned int effectiveKeyLen, unsigned int xtra)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_RC2_InitContext)(cx, key, keylen, iv, mode, 
+				     effectiveKeyLen, xtra);
+}
+
+SECStatus 
+RC4_InitContext(RC4Context *cx, const unsigned char *key, 
+		unsigned int keylen, const unsigned char *x1, int x2,
+		unsigned int x3, unsigned int x4)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_RC4_InitContext)(cx, key, keylen, x1, x2, x3, x4);
+}
+
+void 
+MD2_Clone(MD2Context *dest, MD2Context *src)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return;
+  (vector->p_MD2_Clone)(dest, src);
+}
+
+void 
+MD5_Clone(MD5Context *dest, MD5Context *src)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return;
+  (vector->p_MD5_Clone)(dest, src);
+}
+
+void 
+SHA1_Clone(SHA1Context *dest, SHA1Context *src)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return;
+  (vector->p_SHA1_Clone)(dest, src);
+}
+
+void 
+SHA256_Clone(SHA256Context *dest, SHA256Context *src)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return;
+  (vector->p_SHA256_Clone)(dest, src);
+}
+
+void 
+SHA384_Clone(SHA384Context *dest, SHA384Context *src)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return;
+  (vector->p_SHA384_Clone)(dest, src);
+}
+
+void 
+SHA512_Clone(SHA512Context *dest, SHA512Context *src)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return;
+  (vector->p_SHA512_Clone)(dest, src);
+}
+
+SECStatus 
+TLS_PRF(const SECItem *secret, const char *label, 
+		     SECItem *seed, SECItem *result, PRBool isFIPS)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_TLS_PRF)(secret, label, seed, result, isFIPS);
+}
+
+const SECHashObject *
+HASH_GetRawHashObject(HASH_HashType hashType)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return NULL;
+  return (vector->p_HASH_GetRawHashObject)(hashType);
+}
+
+
+void
+HMAC_Destroy(HMACContext *cx, PRBool freeit)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return;
+  (vector->p_HMAC_Destroy)(cx, freeit);
+}
+
+HMACContext *
+HMAC_Create(const SECHashObject *hashObj, const unsigned char *secret, 
+	    unsigned int secret_len, PRBool isFIPS)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return NULL;
+  return (vector->p_HMAC_Create)(hashObj, secret, secret_len, isFIPS);
+}
+
+SECStatus
+HMAC_Init(HMACContext *cx, const SECHashObject *hashObj, 
+	  const unsigned char *secret, unsigned int secret_len, PRBool isFIPS)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_HMAC_Init)(cx, hashObj, secret, secret_len, isFIPS);
+}
+
+void
+HMAC_Begin(HMACContext *cx)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return;
+  (vector->p_HMAC_Begin)(cx);
+}
+
+void 
+HMAC_Update(HMACContext *cx, const unsigned char *data, unsigned int data_len)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return;
+  (vector->p_HMAC_Update)(cx, data, data_len);
+}
+
+SECStatus
+HMAC_Finish(HMACContext *cx, unsigned char *result, unsigned int *result_len,
+	    unsigned int max_result_len)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_HMAC_Finish)(cx, result, result_len, max_result_len);
+}
+
+HMACContext *
+HMAC_Clone(HMACContext *cx)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return NULL;
+  return (vector->p_HMAC_Clone)(cx);
+}
+
+void
+RNG_SystemInfoForRNG(void)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return ;
+  (vector->p_RNG_SystemInfoForRNG)();
+
+}
+
+SECStatus
+FIPS186Change_GenerateX(unsigned char *XKEY, const unsigned char *XSEEDj,
+                        unsigned char *x_j)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_FIPS186Change_GenerateX)(XKEY, XSEEDj, x_j);
+}
+
+SECStatus
+FIPS186Change_ReduceModQForDSA(const unsigned char *w,
+                               const unsigned char *q,
+                               unsigned char *xj)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_FIPS186Change_ReduceModQForDSA)(w, q, xj);
+}
+
+/* === new for Camellia === */
+SECStatus 
+Camellia_InitContext(CamelliaContext *cx, const unsigned char *key, 
+		unsigned int keylen, const unsigned char *iv, int mode,
+		unsigned int encrypt, unsigned int unused)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return SECFailure;
+  return (vector->p_Camellia_InitContext)(cx, key, keylen, iv, mode, encrypt,
+					  unused);
+}
+
+CamelliaContext *
+Camellia_AllocateContext(void)
+{
+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+      return NULL;
+  return (vector->p_Camellia_AllocateContext)();
+}
+
+
+CamelliaContext *
+Camellia_CreateContext(const unsigned char *key, const unsigned char *iv, 
+		       int mode, int encrypt,
+		       unsigned int keylen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+	return NULL;
+    return (vector->p_Camellia_CreateContext)(key, iv, mode, encrypt, keylen);
+}
+
+void 
+Camellia_DestroyContext(CamelliaContext *cx, PRBool freeit)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+	return ;
+    (vector->p_Camellia_DestroyContext)(cx, freeit);
+}
+
+SECStatus 
+Camellia_Encrypt(CamelliaContext *cx, unsigned char *output,
+		 unsigned int *outputLen, unsigned int maxOutputLen,
+		 const unsigned char *input, unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+	return SECFailure;
+    return (vector->p_Camellia_Encrypt)(cx, output, outputLen, maxOutputLen, 
+					input, inputLen);
+}
+
+SECStatus 
+Camellia_Decrypt(CamelliaContext *cx, unsigned char *output,
+		 unsigned int *outputLen, unsigned int maxOutputLen,
+		 const unsigned char *input, unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+	return SECFailure;
+    return (vector->p_Camellia_Decrypt)(cx, output, outputLen, maxOutputLen, 
+					input, inputLen);
+}
diff --git a/security/nss/lib/freebl/loader.h b/security/nss/lib/freebl/loader.h
new file mode 100644
index 000000000..fc912d419
--- /dev/null
+++ b/security/nss/lib/freebl/loader.h
@@ -0,0 +1,506 @@
+/*
+ * loader.h - load platform dependent DSO containing freebl implementation.
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#ifndef _LOADER_H_
+#define _LOADER_H_ 1
+
+#include "blapi.h"
+
+#define FREEBL_VERSION 0x030A
+
+struct FREEBLVectorStr {
+
+  unsigned short length;  /* of this struct in bytes */
+  unsigned short version; /* of this struct. */
+
+  RSAPrivateKey * (* p_RSA_NewKey)(int         keySizeInBits,
+				 SECItem *   publicExponent);
+
+  SECStatus (* p_RSA_PublicKeyOp) (RSAPublicKey *   key,
+				 unsigned char *  output,
+				 const unsigned char *  input);
+
+  SECStatus (* p_RSA_PrivateKeyOp)(RSAPrivateKey *  key,
+				  unsigned char *  output,
+				  const unsigned char *  input);
+
+  SECStatus (* p_DSA_NewKey)(const PQGParams *    params, 
+		            DSAPrivateKey **      privKey);
+
+  SECStatus (* p_DSA_SignDigest)(DSAPrivateKey *   key,
+				SECItem *         signature,
+				const SECItem *   digest);
+
+  SECStatus (* p_DSA_VerifyDigest)(DSAPublicKey *  key,
+				  const SECItem *  signature,
+				  const SECItem *  digest);
+
+  SECStatus (* p_DSA_NewKeyFromSeed)(const PQGParams *params, 
+				     const unsigned char * seed,
+                                     DSAPrivateKey **privKey);
+
+  SECStatus (* p_DSA_SignDigestWithSeed)(DSAPrivateKey * key,
+				        SECItem *             signature,
+				        const SECItem *       digest,
+				        const unsigned char * seed);
+
+ SECStatus (* p_DH_GenParam)(int primeLen, DHParams ** params);
+
+ SECStatus (* p_DH_NewKey)(DHParams *           params, 
+                           DHPrivateKey **	privKey);
+
+ SECStatus (* p_DH_Derive)(SECItem *    publicValue, 
+		           SECItem *    prime, 
+			   SECItem *    privateValue, 
+			   SECItem *    derivedSecret,
+			   unsigned int maxOutBytes);
+
+ SECStatus (* p_KEA_Derive)(SECItem *prime, 
+                            SECItem *public1, 
+                            SECItem *public2, 
+			    SECItem *private1, 
+			    SECItem *private2,
+			    SECItem *derivedSecret);
+
+ PRBool (* p_KEA_Verify)(SECItem *Y, SECItem *prime, SECItem *subPrime);
+
+ RC4Context * (* p_RC4_CreateContext)(const unsigned char *key, int len);
+
+ void (* p_RC4_DestroyContext)(RC4Context *cx, PRBool freeit);
+
+ SECStatus (* p_RC4_Encrypt)(RC4Context *cx, unsigned char *output,
+			    unsigned int *outputLen, unsigned int maxOutputLen,
+			    const unsigned char *input, unsigned int inputLen);
+
+ SECStatus (* p_RC4_Decrypt)(RC4Context *cx, unsigned char *output,
+			    unsigned int *outputLen, unsigned int maxOutputLen,
+			    const unsigned char *input, unsigned int inputLen);
+
+ RC2Context * (* p_RC2_CreateContext)(const unsigned char *key, 
+                     unsigned int len, const unsigned char *iv, 
+		     int mode, unsigned effectiveKeyLen);
+
+ void (* p_RC2_DestroyContext)(RC2Context *cx, PRBool freeit);
+
+ SECStatus (* p_RC2_Encrypt)(RC2Context *cx, unsigned char *output,
+			    unsigned int *outputLen, unsigned int maxOutputLen,
+			    const unsigned char *input, unsigned int inputLen);
+
+ SECStatus (* p_RC2_Decrypt)(RC2Context *cx, unsigned char *output,
+			    unsigned int *outputLen, unsigned int maxOutputLen,
+			    const unsigned char *input, unsigned int inputLen);
+
+ RC5Context *(* p_RC5_CreateContext)(const SECItem *key, unsigned int rounds,
+                     unsigned int wordSize, const unsigned char *iv, int mode);
+
+ void (* p_RC5_DestroyContext)(RC5Context *cx, PRBool freeit);
+
+ SECStatus (* p_RC5_Encrypt)(RC5Context *cx, unsigned char *output,
+                            unsigned int *outputLen, unsigned int maxOutputLen,
+                            const unsigned char *input, unsigned int inputLen);
+
+ SECStatus (* p_RC5_Decrypt)(RC5Context *cx, unsigned char *output,
+                            unsigned int *outputLen, unsigned int maxOutputLen,
+                            const unsigned char *input, unsigned int inputLen);
+
+ DESContext *(* p_DES_CreateContext)(const unsigned char *key, 
+                                     const unsigned char *iv,
+				     int mode, PRBool encrypt);
+
+ void (* p_DES_DestroyContext)(DESContext *cx, PRBool freeit);
+
+ SECStatus (* p_DES_Encrypt)(DESContext *cx, unsigned char *output,
+			    unsigned int *outputLen, unsigned int maxOutputLen,
+			    const unsigned char *input, unsigned int inputLen);
+
+ SECStatus (* p_DES_Decrypt)(DESContext *cx, unsigned char *output,
+			    unsigned int *outputLen, unsigned int maxOutputLen,
+			    const unsigned char *input, unsigned int inputLen);
+
+ AESContext * (* p_AES_CreateContext)(const unsigned char *key, 
+                            const unsigned char *iv, 
+			    int mode, int encrypt, unsigned int keylen, 
+			    unsigned int blocklen);
+
+ void (* p_AES_DestroyContext)(AESContext *cx, PRBool freeit);
+
+ SECStatus (* p_AES_Encrypt)(AESContext *cx, unsigned char *output,
+			    unsigned int *outputLen, unsigned int maxOutputLen,
+			    const unsigned char *input, unsigned int inputLen);
+
+ SECStatus (* p_AES_Decrypt)(AESContext *cx, unsigned char *output,
+			    unsigned int *outputLen, unsigned int maxOutputLen,
+			    const unsigned char *input, unsigned int inputLen);
+
+ SECStatus (* p_MD5_Hash)(unsigned char *dest, const char *src);
+
+ SECStatus (* p_MD5_HashBuf)(unsigned char *dest, const unsigned char *src,
+			     uint32 src_length);
+
+ MD5Context *(* p_MD5_NewContext)(void);
+
+ void (* p_MD5_DestroyContext)(MD5Context *cx, PRBool freeit);
+
+ void (* p_MD5_Begin)(MD5Context *cx);
+
+ void (* p_MD5_Update)(MD5Context *cx,
+		       const unsigned char *input, unsigned int inputLen);
+
+ void (* p_MD5_End)(MD5Context *cx, unsigned char *digest,
+		    unsigned int *digestLen, unsigned int maxDigestLen);
+
+ unsigned int (* p_MD5_FlattenSize)(MD5Context *cx);
+
+ SECStatus (* p_MD5_Flatten)(MD5Context *cx,unsigned char *space);
+
+ MD5Context * (* p_MD5_Resurrect)(unsigned char *space, void *arg);
+
+ void (* p_MD5_TraceState)(MD5Context *cx);
+
+ SECStatus (* p_MD2_Hash)(unsigned char *dest, const char *src);
+
+ MD2Context *(* p_MD2_NewContext)(void);
+
+ void (* p_MD2_DestroyContext)(MD2Context *cx, PRBool freeit);
+
+ void (* p_MD2_Begin)(MD2Context *cx);
+
+ void (* p_MD2_Update)(MD2Context *cx,
+		       const unsigned char *input, unsigned int inputLen);
+
+ void (* p_MD2_End)(MD2Context *cx, unsigned char *digest,
+		    unsigned int *digestLen, unsigned int maxDigestLen);
+
+ unsigned int (* p_MD2_FlattenSize)(MD2Context *cx);
+
+ SECStatus (* p_MD2_Flatten)(MD2Context *cx,unsigned char *space);
+
+ MD2Context * (* p_MD2_Resurrect)(unsigned char *space, void *arg);
+
+ SECStatus (* p_SHA1_Hash)(unsigned char *dest, const char *src);
+
+ SECStatus (* p_SHA1_HashBuf)(unsigned char *dest, const unsigned char *src,
+			      uint32 src_length);
+
+ SHA1Context *(* p_SHA1_NewContext)(void);
+
+ void (* p_SHA1_DestroyContext)(SHA1Context *cx, PRBool freeit);
+
+ void (* p_SHA1_Begin)(SHA1Context *cx);
+
+ void (* p_SHA1_Update)(SHA1Context *cx, const unsigned char *input,
+			unsigned int inputLen);
+
+ void (* p_SHA1_End)(SHA1Context *cx, unsigned char *digest,
+		     unsigned int *digestLen, unsigned int maxDigestLen);
+
+ void (* p_SHA1_TraceState)(SHA1Context *cx);
+
+ unsigned int (* p_SHA1_FlattenSize)(SHA1Context *cx);
+
+ SECStatus (* p_SHA1_Flatten)(SHA1Context *cx,unsigned char *space);
+
+ SHA1Context * (* p_SHA1_Resurrect)(unsigned char *space, void *arg);
+
+ SECStatus (* p_RNG_RNGInit)(void);
+
+ SECStatus (* p_RNG_RandomUpdate)(const void *data, size_t bytes);
+
+ SECStatus (* p_RNG_GenerateGlobalRandomBytes)(void *dest, size_t len);
+
+ void  (* p_RNG_RNGShutdown)(void);
+
+ SECStatus (* p_PQG_ParamGen)(unsigned int j, PQGParams **pParams,  
+	                      PQGVerify **pVfy);    
+
+ SECStatus (* p_PQG_ParamGenSeedLen)( unsigned int j, unsigned int seedBytes, 
+                                     PQGParams **pParams, PQGVerify **pVfy); 
+
+ SECStatus (* p_PQG_VerifyParams)(const PQGParams *params, 
+                                  const PQGVerify *vfy, SECStatus *result);
+
+  /* Version 3.001 came to here */
+
+  SECStatus (* p_RSA_PrivateKeyOpDoubleChecked)(RSAPrivateKey *key,
+                              unsigned char *output,
+                              const unsigned char *input);
+
+  SECStatus (* p_RSA_PrivateKeyCheck)(RSAPrivateKey *key);
+
+  void (* p_BL_Cleanup)(void);
+
+  /* Version 3.002 came to here */
+
+ SHA256Context *(* p_SHA256_NewContext)(void);
+ void (* p_SHA256_DestroyContext)(SHA256Context *cx, PRBool freeit);
+ void (* p_SHA256_Begin)(SHA256Context *cx);
+ void (* p_SHA256_Update)(SHA256Context *cx, const unsigned char *input,
+			unsigned int inputLen);
+ void (* p_SHA256_End)(SHA256Context *cx, unsigned char *digest,
+		     unsigned int *digestLen, unsigned int maxDigestLen);
+ SECStatus (* p_SHA256_HashBuf)(unsigned char *dest, const unsigned char *src,
+			      uint32 src_length);
+ SECStatus (* p_SHA256_Hash)(unsigned char *dest, const char *src);
+ void (* p_SHA256_TraceState)(SHA256Context *cx);
+ unsigned int (* p_SHA256_FlattenSize)(SHA256Context *cx);
+ SECStatus (* p_SHA256_Flatten)(SHA256Context *cx,unsigned char *space);
+ SHA256Context * (* p_SHA256_Resurrect)(unsigned char *space, void *arg);
+
+ SHA512Context *(* p_SHA512_NewContext)(void);
+ void (* p_SHA512_DestroyContext)(SHA512Context *cx, PRBool freeit);
+ void (* p_SHA512_Begin)(SHA512Context *cx);
+ void (* p_SHA512_Update)(SHA512Context *cx, const unsigned char *input,
+			unsigned int inputLen);
+ void (* p_SHA512_End)(SHA512Context *cx, unsigned char *digest,
+		     unsigned int *digestLen, unsigned int maxDigestLen);
+ SECStatus (* p_SHA512_HashBuf)(unsigned char *dest, const unsigned char *src,
+			      uint32 src_length);
+ SECStatus (* p_SHA512_Hash)(unsigned char *dest, const char *src);
+ void (* p_SHA512_TraceState)(SHA512Context *cx);
+ unsigned int (* p_SHA512_FlattenSize)(SHA512Context *cx);
+ SECStatus (* p_SHA512_Flatten)(SHA512Context *cx,unsigned char *space);
+ SHA512Context * (* p_SHA512_Resurrect)(unsigned char *space, void *arg);
+
+ SHA384Context *(* p_SHA384_NewContext)(void);
+ void (* p_SHA384_DestroyContext)(SHA384Context *cx, PRBool freeit);
+ void (* p_SHA384_Begin)(SHA384Context *cx);
+ void (* p_SHA384_Update)(SHA384Context *cx, const unsigned char *input,
+			unsigned int inputLen);
+ void (* p_SHA384_End)(SHA384Context *cx, unsigned char *digest,
+		     unsigned int *digestLen, unsigned int maxDigestLen);
+ SECStatus (* p_SHA384_HashBuf)(unsigned char *dest, const unsigned char *src,
+			      uint32 src_length);
+ SECStatus (* p_SHA384_Hash)(unsigned char *dest, const char *src);
+ void (* p_SHA384_TraceState)(SHA384Context *cx);
+ unsigned int (* p_SHA384_FlattenSize)(SHA384Context *cx);
+ SECStatus (* p_SHA384_Flatten)(SHA384Context *cx,unsigned char *space);
+ SHA384Context * (* p_SHA384_Resurrect)(unsigned char *space, void *arg);
+
+  /* Version 3.003 came to here */
+
+ AESKeyWrapContext * (* p_AESKeyWrap_CreateContext)(const unsigned char *key, 
+                   const unsigned char *iv, int encrypt, unsigned int keylen);
+
+ void (* p_AESKeyWrap_DestroyContext)(AESKeyWrapContext *cx, PRBool freeit);
+
+ SECStatus (* p_AESKeyWrap_Encrypt)(AESKeyWrapContext *cx, 
+            unsigned char *output,
+            unsigned int *outputLen, unsigned int maxOutputLen,
+            const unsigned char *input, unsigned int inputLen);
+
+ SECStatus (* p_AESKeyWrap_Decrypt)(AESKeyWrapContext *cx, 
+            unsigned char *output,
+            unsigned int *outputLen, unsigned int maxOutputLen,
+            const unsigned char *input, unsigned int inputLen);
+
+  /* Version 3.004 came to here */
+
+ PRBool (*p_BLAPI_SHVerify)(const char *name, PRFuncPtr addr);
+ PRBool (*p_BLAPI_VerifySelf)(const char *name);
+
+  /* Version 3.005 came to here */
+
+ SECStatus (* p_EC_NewKey)(ECParams *           params, 
+                           ECPrivateKey **	privKey);
+
+ SECStatus (* p_EC_NewKeyFromSeed)(ECParams *   params, 
+                             ECPrivateKey **	privKey,
+                             const unsigned char * seed,
+                             int                seedlen);
+
+ SECStatus (* p_EC_ValidatePublicKey)(ECParams *   params, 
+			     SECItem *	        publicValue);
+
+ SECStatus (* p_ECDH_Derive)(SECItem *          publicValue, 
+                             ECParams *         params,
+                             SECItem *          privateValue,
+                             PRBool             withCofactor,
+                             SECItem *          derivedSecret);
+
+ SECStatus (* p_ECDSA_SignDigest)(ECPrivateKey * key,
+                             SECItem *          signature,
+                             const SECItem *    digest);
+
+ SECStatus (* p_ECDSA_VerifyDigest)(ECPublicKey * key,
+                             const SECItem *    signature,
+                             const SECItem *    digest);
+
+ SECStatus (* p_ECDSA_SignDigestWithSeed)(ECPrivateKey * key,
+                             SECItem *          signature,
+                             const SECItem *    digest,
+                             const unsigned char * seed,
+                             const int          seedlen);
+
+  /* Version 3.006 came to here */
+
+  /* no modification to FREEBLVectorStr itself 
+   * but ECParamStr was modified 
+   */
+
+  /* Version 3.007 came to here */
+
+ SECStatus (* p_AES_InitContext)(AESContext *cx,
+				 const unsigned char *key, 
+				 unsigned int keylen, 
+				 const unsigned char *iv, 
+				 int mode, 
+				 unsigned int encrypt,
+				 unsigned int blocklen);
+ SECStatus (* p_AESKeyWrap_InitContext)(AESKeyWrapContext *cx,
+				 const unsigned char *key, 
+				 unsigned int keylen, 
+				 const unsigned char *iv, 
+				 int mode, 
+				 unsigned int encrypt,
+				 unsigned int blocklen);
+ SECStatus (* p_DES_InitContext)(DESContext *cx,
+				 const unsigned char *key, 
+				 unsigned int keylen,
+				 const unsigned char *iv, 
+				 int mode,
+				 unsigned int encrypt,
+				 unsigned int );
+ SECStatus (* p_RC2_InitContext)(RC2Context *cx,
+				 const unsigned char *key, 
+				 unsigned int keylen,
+				 const unsigned char *iv, 
+				 int mode, 
+				 unsigned int effectiveKeyLen,
+				 unsigned int );
+ SECStatus (* p_RC4_InitContext)(RC4Context *cx, 
+				 const unsigned char *key, 
+				 unsigned int keylen,
+				 const unsigned char *, 
+				 int, 
+				 unsigned int ,
+				 unsigned int );
+
+ AESContext *(*p_AES_AllocateContext)(void);
+ AESKeyWrapContext *(*p_AESKeyWrap_AllocateContext)(void);
+ DESContext *(*p_DES_AllocateContext)(void);
+ RC2Context *(*p_RC2_AllocateContext)(void);
+ RC4Context *(*p_RC4_AllocateContext)(void);
+
+ void (* p_MD2_Clone)(MD2Context *dest, MD2Context *src);
+ void (* p_MD5_Clone)(MD5Context *dest, MD5Context *src);
+ void (* p_SHA1_Clone)(SHA1Context *dest, SHA1Context *src);
+ void (* p_SHA256_Clone)(SHA256Context *dest, SHA256Context *src);
+ void (* p_SHA384_Clone)(SHA384Context *dest, SHA384Context *src);
+ void (* p_SHA512_Clone)(SHA512Context *dest, SHA512Context *src);
+
+ SECStatus (* p_TLS_PRF)(const SECItem *secret, const char *label, 
+		         SECItem *seed, SECItem *result, PRBool isFIPS);
+
+ const SECHashObject *(* p_HASH_GetRawHashObject)(HASH_HashType hashType);
+
+ HMACContext * (* p_HMAC_Create)(const SECHashObject *hashObj, 
+				 const unsigned char *secret, 
+				 unsigned int secret_len, PRBool isFIPS);
+ SECStatus (* p_HMAC_Init)(HMACContext *cx, const SECHashObject *hash_obj, 
+			   const unsigned char *secret, 
+			   unsigned int secret_len, PRBool isFIPS);
+ void (* p_HMAC_Begin)(HMACContext *cx);
+ void  (* p_HMAC_Update)(HMACContext *cx, const unsigned char *data, 
+			 unsigned int data_len);
+ HMACContext * (* p_HMAC_Clone)(HMACContext *cx);
+ SECStatus (* p_HMAC_Finish)(HMACContext *cx, unsigned char *result, 
+			     unsigned int *result_len, 
+			     unsigned int max_result_len);
+ void (* p_HMAC_Destroy)(HMACContext *cx, PRBool freeit);
+
+ void (* p_RNG_SystemInfoForRNG)(void);
+
+  /* Version 3.008 came to here */
+
+ SECStatus (* p_FIPS186Change_GenerateX)(unsigned char *XKEY,
+                                         const unsigned char *XSEEDj,
+                                         unsigned char *x_j);
+ SECStatus (* p_FIPS186Change_ReduceModQForDSA)(const unsigned char *w,
+                                                const unsigned char *q,
+                                                unsigned char *xj);
+
+  /* Version 3.009 came to here */
+
+ SECStatus (* p_Camellia_InitContext)(CamelliaContext *cx,
+				 const unsigned char *key, 
+				 unsigned int keylen, 
+				 const unsigned char *iv, 
+				 int mode, 
+				 unsigned int encrypt,
+				 unsigned int unused);
+
+ CamelliaContext *(*p_Camellia_AllocateContext)(void);
+ CamelliaContext * (* p_Camellia_CreateContext)(const unsigned char *key, 
+						const unsigned char *iv, 
+						int mode, int encrypt,
+						unsigned int keylen);
+ void (* p_Camellia_DestroyContext)(CamelliaContext *cx, PRBool freeit);
+
+ SECStatus (* p_Camellia_Encrypt)(CamelliaContext *cx, unsigned char *output,
+				  unsigned int *outputLen,
+				  unsigned int maxOutputLen,
+				  const unsigned char *input,
+				  unsigned int inputLen);
+
+ SECStatus (* p_Camellia_Decrypt)(CamelliaContext *cx, unsigned char *output,
+				  unsigned int *outputLen,
+				  unsigned int maxOutputLen,
+				  const unsigned char *input,
+				  unsigned int inputLen);
+
+ void (* p_PQG_DestroyParams)(PQGParams *params);
+
+ void (* p_PQG_DestroyVerify)(PQGVerify *vfy);
+
+  /* Version 3.010 came to here */
+};
+
+typedef struct FREEBLVectorStr FREEBLVector;
+
+SEC_BEGIN_PROTOS
+
+typedef const FREEBLVector * FREEBLGetVectorFn(void);
+
+extern FREEBLGetVectorFn FREEBL_GetVector;
+
+SEC_END_PROTOS
+
+#endif
diff --git a/security/nss/lib/freebl/manifest.mn b/security/nss/lib/freebl/manifest.mn
new file mode 100644
index 000000000..417f6bc27
--- /dev/null
+++ b/security/nss/lib/freebl/manifest.mn
@@ -0,0 +1,186 @@
+# 
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the Netscape security libraries.
+#
+# The Initial Developer of the Original Code is
+# Netscape Communications Corporation.
+# Portions created by the Initial Developer are Copyright (C) 1994-2000
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#   Dr Vipul Gupta <vipul.gupta@sun.com> and
+#   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+# NOTE: any ifdefs in this file must be defined on the gmake command line
+# (if anywhere).  They cannot come from Makefile or config.mk 
+
+CORE_DEPTH = ../../..
+
+MODULE = nss
+
+LIBRARY_NAME = freebl
+LIBRARY_VERSION = 3
+
+ifdef FREEBL_CHILD_BUILD
+  ifdef USE_ABI32_INT32
+    LIBRARY_NAME = freebl_32int
+  endif
+  ifdef USE_ABI32_INT64
+    LIBRARY_NAME = freebl_32int64
+  endif
+  ifdef USE_ABI32_FPU
+    LIBRARY_NAME = freebl_32fpu
+  endif
+  ifdef USE_ABI64_INT
+    LIBRARY_NAME = freebl_64int
+  endif
+  ifdef USE_ABI64_FPU
+    LIBRARY_NAME = freebl_64fpu
+  endif
+endif
+
+# if the library name contains _, we prefix the version with _
+ifneq (,$(findstring _,$(LIBRARY_NAME)))
+  LIBRARY_VERSION := _$(LIBRARY_VERSION)
+endif
+
+MAPFILE_SOURCE = freebl.def
+MAPFILE = $(OBJDIR)/$(LIBRARY_NAME).def
+
+SOFTOKEN_LIBRARY_VERSION = 3
+
+DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" \
+	-DSHLIB_VERSION=\"$(LIBRARY_VERSION)\" \
+	-DSOFTOKEN_SHLIB_VERSION=\"$(SOFTOKEN_LIBRARY_VERSION)\"
+
+REQUIRES = 
+
+EXPORTS = \
+	blapit.h \
+	shsign.h \
+	ecl-exp.h \
+	$(NULL)
+
+PRIVATE_EXPORTS = \
+	alghmac.h \
+	blapi.h \
+	secmpi.h \
+	secrng.h \
+	ec.h \
+	ecl.h \
+	ecl-curve.h \
+	$(NULL)
+
+MPI_HDRS = mpi-config.h mpi.h mpi-priv.h mplogic.h mpprime.h logtab.h mp_gf2m.h
+MPI_SRCS = mpprime.c mpmontg.c mplogic.c mpi.c mp_gf2m.c
+
+
+ECL_HDRS = ecl-exp.h ecl.h ec2.h ecp.h ecl-priv.h
+ifdef NSS_ENABLE_ECC
+ECL_SRCS = ecl.c ecl_curve.c ecl_mult.c ecl_gf.c \
+	ecp_aff.c ecp_jac.c ecp_mont.c \
+	ec_naf.c ecp_jm.c
+ifdef NSS_ECC_MORE_THAN_SUITE_B
+ECL_SRCS += ec2_aff.c ec2_mont.c ec2_proj.c \
+	ec2_163.c ec2_193.c ec2_233.c \
+	ecp_192.c ecp_224.c ecp_256.c ecp_384.c ecp_521.c 
+endif
+else
+ECL_SRCS = $(NULL)
+endif
+SHA_SRCS = sha_fast.c
+MPCPU_SRCS = mpcpucache.c
+
+CSRCS = \
+	freeblver.c \
+	ldvector.c \
+	prng_fips1861.c \
+	sysrand.c \
+	$(SHA_SRCS) \
+	md2.c \
+	md5.c \
+	sha512.c \
+	alghmac.c \
+	rawhash.c \
+	alg2268.c \
+	arcfour.c \
+	arcfive.c \
+	desblapi.c \
+	des.c \
+	rijndael.c \
+	aeskeywrap.c \
+	camellia.c \
+	dh.c \
+	ec.c \
+	pqg.c \
+	dsa.c \
+	rsa.c \
+	shvfy.c \
+	tlsprfalg.c \
+	$(MPI_SRCS) \
+	$(MPCPU_SRCS) \
+	$(ECL_SRCS) \
+	$(NULL)
+
+ALL_CSRCS := $(CSRCS)
+
+ALL_HDRS =  \
+	alghmac.h \
+	blapi.h \
+	blapit.h \
+	des.h \
+	ec.h \
+	loader.h \
+	rijndael.h \
+	camellia.h \
+	secmpi.h \
+	sha_fast.h \
+	sha256.h \
+	shsign.h \
+	vis_proto.h \
+	$(NULL)
+
+
+ifdef AES_GEN_TBL
+DEFINES += -DRIJNDAEL_GENERATE_TABLES
+else 
+ifdef AES_GEN_TBL_M
+DEFINES += -DRIJNDAEL_GENERATE_TABLES_MACRO
+else
+ifdef AES_GEN_VAL
+DEFINES += -DRIJNDAEL_GENERATE_VALUES
+else
+ifdef AES_GEN_VAL_M
+DEFINES += -DRIJNDAEL_GENERATE_VALUES_MACRO
+else
+DEFINES += -DRIJNDAEL_INCLUDE_TABLES
+endif
+endif
+endif
+endif
diff --git a/security/nss/lib/freebl/mapfile.Solaris b/security/nss/lib/freebl/mapfile.Solaris
new file mode 100644
index 000000000..2db951327
--- /dev/null
+++ b/security/nss/lib/freebl/mapfile.Solaris
@@ -0,0 +1,43 @@
+#
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the Netscape security libraries.
+#
+# The Initial Developer of the Original Code is
+# Netscape Communications Corporation.
+# Portions created by the Initial Developer are Copyright (C) 2000
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+libfreebl_3.so {
+	global:
+		FREEBL_GetVector;
+	local:
+		*;
+};
diff --git a/security/nss/lib/freebl/md2.c b/security/nss/lib/freebl/md2.c
new file mode 100644
index 000000000..8582f903e
--- /dev/null
+++ b/security/nss/lib/freebl/md2.c
@@ -0,0 +1,296 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "prerr.h"
+#include "secerr.h"
+
+#include "prtypes.h"
+
+#include "blapi.h"
+
+#define MD2_DIGEST_LEN    16
+#define MD2_BUFSIZE       16
+#define MD2_X_SIZE        48  /* The X array, [CV | INPUT | TMP VARS] */
+#define MD2_CV             0  /* index into X for chaining variables */
+#define MD2_INPUT         16  /* index into X for input */
+#define MD2_TMPVARS       32  /* index into X for temporary variables */
+#define MD2_CHECKSUM_SIZE 16
+
+struct MD2ContextStr {
+	unsigned char checksum[MD2_BUFSIZE];
+	unsigned char X[MD2_X_SIZE];
+	PRUint8 unusedBuffer;
+};
+
+static const PRUint8 MD2S[256] = {
+ 0051, 0056, 0103, 0311, 0242, 0330, 0174, 0001,
+ 0075, 0066, 0124, 0241, 0354, 0360, 0006, 0023,
+ 0142, 0247, 0005, 0363, 0300, 0307, 0163, 0214,
+ 0230, 0223, 0053, 0331, 0274, 0114, 0202, 0312,
+ 0036, 0233, 0127, 0074, 0375, 0324, 0340, 0026,
+ 0147, 0102, 0157, 0030, 0212, 0027, 0345, 0022,
+ 0276, 0116, 0304, 0326, 0332, 0236, 0336, 0111,
+ 0240, 0373, 0365, 0216, 0273, 0057, 0356, 0172,
+ 0251, 0150, 0171, 0221, 0025, 0262, 0007, 0077,
+ 0224, 0302, 0020, 0211, 0013, 0042, 0137, 0041,
+ 0200, 0177, 0135, 0232, 0132, 0220, 0062, 0047,
+ 0065, 0076, 0314, 0347, 0277, 0367, 0227, 0003,
+ 0377, 0031, 0060, 0263, 0110, 0245, 0265, 0321,
+ 0327, 0136, 0222, 0052, 0254, 0126, 0252, 0306,
+ 0117, 0270, 0070, 0322, 0226, 0244, 0175, 0266,
+ 0166, 0374, 0153, 0342, 0234, 0164, 0004, 0361,
+ 0105, 0235, 0160, 0131, 0144, 0161, 0207, 0040,
+ 0206, 0133, 0317, 0145, 0346, 0055, 0250, 0002,
+ 0033, 0140, 0045, 0255, 0256, 0260, 0271, 0366,
+ 0034, 0106, 0141, 0151, 0064, 0100, 0176, 0017,
+ 0125, 0107, 0243, 0043, 0335, 0121, 0257, 0072,
+ 0303, 0134, 0371, 0316, 0272, 0305, 0352, 0046,
+ 0054, 0123, 0015, 0156, 0205, 0050, 0204, 0011,
+ 0323, 0337, 0315, 0364, 0101, 0201, 0115, 0122,
+ 0152, 0334, 0067, 0310, 0154, 0301, 0253, 0372,
+ 0044, 0341, 0173, 0010, 0014, 0275, 0261, 0112,
+ 0170, 0210, 0225, 0213, 0343, 0143, 0350, 0155,
+ 0351, 0313, 0325, 0376, 0073, 0000, 0035, 0071,
+ 0362, 0357, 0267, 0016, 0146, 0130, 0320, 0344,
+ 0246, 0167, 0162, 0370, 0353, 0165, 0113, 0012,
+ 0061, 0104, 0120, 0264, 0217, 0355, 0037, 0032,
+ 0333, 0231, 0215, 0063, 0237, 0021, 0203, 0024
+};
+
+SECStatus 
+MD2_Hash(unsigned char *dest, const char *src)
+{
+	unsigned int len;
+	MD2Context *cx = MD2_NewContext();
+	if (!cx) {
+		PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
+		return SECFailure;
+	}
+	MD2_Begin(cx);
+	MD2_Update(cx, (const unsigned char *)src, PORT_Strlen(src));
+	MD2_End(cx, dest, &len, MD2_DIGEST_LEN);
+	MD2_DestroyContext(cx, PR_TRUE);
+	return SECSuccess;
+}
+
+MD2Context *
+MD2_NewContext(void)
+{
+	MD2Context *cx = (MD2Context *)PORT_ZAlloc(sizeof(MD2Context));
+	if (cx == NULL) {
+		PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
+		return NULL;
+	}
+	return cx;
+}
+
+void 
+MD2_DestroyContext(MD2Context *cx, PRBool freeit)
+{
+	if (freeit)
+		PORT_ZFree(cx, sizeof(*cx));
+}
+
+void 
+MD2_Begin(MD2Context *cx)
+{
+	memset(cx, 0, sizeof(*cx));
+	cx->unusedBuffer = MD2_BUFSIZE;
+}
+
+static void
+md2_compress(MD2Context *cx)
+{
+	int j;
+	unsigned char P;
+	P = cx->checksum[MD2_CHECKSUM_SIZE-1];
+	/* Compute the running checksum, and set the tmp variables to be 
+	 * CV[i] XOR input[i] 
+	 */
+#define CKSUMFN(n) \
+	P = cx->checksum[n] ^ MD2S[cx->X[MD2_INPUT+n] ^ P]; \
+	cx->checksum[n] = P; \
+	cx->X[MD2_TMPVARS+n] = cx->X[n] ^ cx->X[MD2_INPUT+n];
+	CKSUMFN(0);
+	CKSUMFN(1);
+	CKSUMFN(2);
+	CKSUMFN(3);
+	CKSUMFN(4);
+	CKSUMFN(5);
+	CKSUMFN(6);
+	CKSUMFN(7);
+	CKSUMFN(8);
+	CKSUMFN(9);
+	CKSUMFN(10);
+	CKSUMFN(11);
+	CKSUMFN(12);
+	CKSUMFN(13);
+	CKSUMFN(14);
+	CKSUMFN(15);
+	/* The compression function. */
+#define COMPRESS(n) \
+	P = cx->X[n] ^ MD2S[P]; \
+	cx->X[n] = P;
+	P = 0x00;
+	for (j=0; j<18; j++) {
+		COMPRESS(0);
+		COMPRESS(1);
+		COMPRESS(2);
+		COMPRESS(3);
+		COMPRESS(4);
+		COMPRESS(5);
+		COMPRESS(6);
+		COMPRESS(7);
+		COMPRESS(8);
+		COMPRESS(9);
+		COMPRESS(10);
+		COMPRESS(11);
+		COMPRESS(12);
+		COMPRESS(13);
+		COMPRESS(14);
+		COMPRESS(15);
+		COMPRESS(16);
+		COMPRESS(17);
+		COMPRESS(18);
+		COMPRESS(19);
+		COMPRESS(20);
+		COMPRESS(21);
+		COMPRESS(22);
+		COMPRESS(23);
+		COMPRESS(24);
+		COMPRESS(25);
+		COMPRESS(26);
+		COMPRESS(27);
+		COMPRESS(28);
+		COMPRESS(29);
+		COMPRESS(30);
+		COMPRESS(31);
+		COMPRESS(32);
+		COMPRESS(33);
+		COMPRESS(34);
+		COMPRESS(35);
+		COMPRESS(36);
+		COMPRESS(37);
+		COMPRESS(38);
+		COMPRESS(39);
+		COMPRESS(40);
+		COMPRESS(41);
+		COMPRESS(42);
+		COMPRESS(43);
+		COMPRESS(44);
+		COMPRESS(45);
+		COMPRESS(46);
+		COMPRESS(47);
+		P = (P + j) % 256;
+	}
+	cx->unusedBuffer = MD2_BUFSIZE;
+}
+
+void 
+MD2_Update(MD2Context *cx, const unsigned char *input, unsigned int inputLen)
+{
+	PRUint32 bytesToConsume;
+	
+	/* Fill the remaining input buffer. */
+	if (cx->unusedBuffer != MD2_BUFSIZE) {
+		bytesToConsume = PR_MIN(inputLen, cx->unusedBuffer);
+		memcpy(&cx->X[MD2_INPUT + (MD2_BUFSIZE - cx->unusedBuffer)],
+		            input, bytesToConsume);
+		if (cx->unusedBuffer + bytesToConsume >= MD2_BUFSIZE)
+			md2_compress(cx);
+		inputLen -= bytesToConsume;
+		input += bytesToConsume;
+	}
+
+	/* Iterate over 16-byte chunks of the input. */
+	while (inputLen >= MD2_BUFSIZE) {
+		memcpy(&cx->X[MD2_INPUT], input, MD2_BUFSIZE);
+		md2_compress(cx);
+		inputLen -= MD2_BUFSIZE;
+		input += MD2_BUFSIZE;
+	}
+
+	/* Copy any input that remains into the buffer. */
+	if (inputLen)
+		memcpy(&cx->X[MD2_INPUT], input, inputLen);
+	cx->unusedBuffer = MD2_BUFSIZE - inputLen;
+}
+
+void 
+MD2_End(MD2Context *cx, unsigned char *digest,
+        unsigned int *digestLen, unsigned int maxDigestLen)
+{
+	PRUint8 padStart;
+	if (maxDigestLen < MD2_BUFSIZE) {
+		PORT_SetError(SEC_ERROR_INVALID_ARGS);
+		return;
+	}
+	padStart = MD2_BUFSIZE - cx->unusedBuffer;
+	memset(&cx->X[MD2_INPUT + padStart], cx->unusedBuffer, 
+	            cx->unusedBuffer);
+	md2_compress(cx);
+	memcpy(&cx->X[MD2_INPUT], cx->checksum, MD2_BUFSIZE);
+	md2_compress(cx);
+	*digestLen = MD2_DIGEST_LEN;
+	memcpy(digest, &cx->X[MD2_CV], MD2_DIGEST_LEN);
+}
+
+unsigned int 
+MD2_FlattenSize(MD2Context *cx)
+{
+	return sizeof(*cx);
+}
+
+SECStatus 
+MD2_Flatten(MD2Context *cx, unsigned char *space)
+{
+	memcpy(space, cx, sizeof(*cx));
+	return SECSuccess;
+}
+
+MD2Context * 
+MD2_Resurrect(unsigned char *space, void *arg)
+{
+	MD2Context *cx = MD2_NewContext();
+	if (cx)
+		memcpy(cx, space, sizeof(*cx));
+	return cx;
+}
+
+void MD2_Clone(MD2Context *dest, MD2Context *src) 
+{
+	memcpy(dest, src, sizeof *dest);
+}
diff --git a/security/nss/lib/freebl/md5.c b/security/nss/lib/freebl/md5.c
new file mode 100644
index 000000000..97c400d9c
--- /dev/null
+++ b/security/nss/lib/freebl/md5.c
@@ -0,0 +1,595 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "prerr.h"
+#include "secerr.h"
+
+#include "prtypes.h"
+#include "prlong.h"
+
+#include "blapi.h"
+
+#define MD5_HASH_LEN 16
+#define MD5_BUFFER_SIZE 64
+#define MD5_END_BUFFER (MD5_BUFFER_SIZE - 8)
+
+#define CV0_1 0x67452301
+#define CV0_2 0xefcdab89
+#define CV0_3 0x98badcfe
+#define CV0_4 0x10325476
+
+#define T1_0  0xd76aa478
+#define T1_1  0xe8c7b756
+#define T1_2  0x242070db
+#define T1_3  0xc1bdceee
+#define T1_4  0xf57c0faf
+#define T1_5  0x4787c62a
+#define T1_6  0xa8304613
+#define T1_7  0xfd469501
+#define T1_8  0x698098d8
+#define T1_9  0x8b44f7af
+#define T1_10 0xffff5bb1
+#define T1_11 0x895cd7be
+#define T1_12 0x6b901122
+#define T1_13 0xfd987193
+#define T1_14 0xa679438e
+#define T1_15 0x49b40821
+
+#define T2_0  0xf61e2562
+#define T2_1  0xc040b340
+#define T2_2  0x265e5a51
+#define T2_3  0xe9b6c7aa
+#define T2_4  0xd62f105d
+#define T2_5  0x02441453
+#define T2_6  0xd8a1e681
+#define T2_7  0xe7d3fbc8
+#define T2_8  0x21e1cde6
+#define T2_9  0xc33707d6
+#define T2_10 0xf4d50d87
+#define T2_11 0x455a14ed
+#define T2_12 0xa9e3e905
+#define T2_13 0xfcefa3f8
+#define T2_14 0x676f02d9
+#define T2_15 0x8d2a4c8a
+
+#define T3_0  0xfffa3942
+#define T3_1  0x8771f681
+#define T3_2  0x6d9d6122
+#define T3_3  0xfde5380c
+#define T3_4  0xa4beea44
+#define T3_5  0x4bdecfa9
+#define T3_6  0xf6bb4b60
+#define T3_7  0xbebfbc70
+#define T3_8  0x289b7ec6
+#define T3_9  0xeaa127fa
+#define T3_10 0xd4ef3085
+#define T3_11 0x04881d05
+#define T3_12 0xd9d4d039
+#define T3_13 0xe6db99e5
+#define T3_14 0x1fa27cf8
+#define T3_15 0xc4ac5665
+
+#define T4_0  0xf4292244
+#define T4_1  0x432aff97
+#define T4_2  0xab9423a7
+#define T4_3  0xfc93a039
+#define T4_4  0x655b59c3
+#define T4_5  0x8f0ccc92
+#define T4_6  0xffeff47d
+#define T4_7  0x85845dd1
+#define T4_8  0x6fa87e4f
+#define T4_9  0xfe2ce6e0
+#define T4_10 0xa3014314
+#define T4_11 0x4e0811a1
+#define T4_12 0xf7537e82
+#define T4_13 0xbd3af235
+#define T4_14 0x2ad7d2bb
+#define T4_15 0xeb86d391
+
+#define R1B0  0
+#define R1B1  1
+#define R1B2  2
+#define R1B3  3
+#define R1B4  4
+#define R1B5  5
+#define R1B6  6
+#define R1B7  7
+#define R1B8  8
+#define R1B9  9
+#define R1B10 10
+#define R1B11 11
+#define R1B12 12
+#define R1B13 13
+#define R1B14 14
+#define R1B15 15
+
+#define R2B0  1
+#define R2B1  6
+#define R2B2  11
+#define R2B3  0
+#define R2B4  5
+#define R2B5  10
+#define R2B6  15
+#define R2B7  4
+#define R2B8  9
+#define R2B9  14
+#define R2B10 3 
+#define R2B11 8 
+#define R2B12 13
+#define R2B13 2 
+#define R2B14 7 
+#define R2B15 12
+
+#define R3B0  5
+#define R3B1  8
+#define R3B2  11
+#define R3B3  14
+#define R3B4  1
+#define R3B5  4
+#define R3B6  7
+#define R3B7  10
+#define R3B8  13
+#define R3B9  0
+#define R3B10 3 
+#define R3B11 6 
+#define R3B12 9 
+#define R3B13 12
+#define R3B14 15
+#define R3B15 2 
+
+#define R4B0  0
+#define R4B1  7
+#define R4B2  14
+#define R4B3  5
+#define R4B4  12
+#define R4B5  3
+#define R4B6  10
+#define R4B7  1
+#define R4B8  8
+#define R4B9  15
+#define R4B10 6 
+#define R4B11 13
+#define R4B12 4 
+#define R4B13 11
+#define R4B14 2 
+#define R4B15 9 
+
+#define S1_0 7
+#define S1_1 12
+#define S1_2 17
+#define S1_3 22
+
+#define S2_0 5
+#define S2_1 9
+#define S2_2 14
+#define S2_3 20
+
+#define S3_0 4
+#define S3_1 11
+#define S3_2 16
+#define S3_3 23
+
+#define S4_0 6
+#define S4_1 10
+#define S4_2 15
+#define S4_3 21
+
+struct MD5ContextStr {
+	PRUint32      lsbInput;
+	PRUint32      msbInput;
+	PRUint32      cv[4];
+	union {
+		PRUint8 b[64];
+		PRUint32 w[16];
+	} u;
+};
+
+#define inBuf u.b
+
+SECStatus 
+MD5_Hash(unsigned char *dest, const char *src)
+{
+	return MD5_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
+}
+
+SECStatus 
+MD5_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
+{
+	unsigned int len;
+	MD5Context cx;
+
+	MD5_Begin(&cx);
+	MD5_Update(&cx, src, src_length);
+	MD5_End(&cx, dest, &len, MD5_HASH_LEN);
+/*	memset(&cx, 0, sizeof cx); */
+	return SECSuccess;
+}
+
+MD5Context *
+MD5_NewContext(void)
+{
+	/* no need to ZAlloc, MD5_Begin will init the context */
+	MD5Context *cx = (MD5Context *)PORT_Alloc(sizeof(MD5Context));
+	if (cx == NULL) {
+		PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
+		return NULL;
+	}
+	return cx;
+}
+
+void 
+MD5_DestroyContext(MD5Context *cx, PRBool freeit)
+{
+/*	memset(cx, 0, sizeof *cx); */
+	if (freeit) {
+	    PORT_Free(cx);
+	}
+}
+
+void 
+MD5_Begin(MD5Context *cx)
+{
+	cx->lsbInput = 0;
+	cx->msbInput = 0;
+/*	memset(cx->inBuf, 0, sizeof(cx->inBuf)); */
+	cx->cv[0] = CV0_1;
+	cx->cv[1] = CV0_2;
+	cx->cv[2] = CV0_3;
+	cx->cv[3] = CV0_4;
+}
+
+#define cls(i32, s) (tmp = i32, tmp << s | tmp >> (32 - s))
+
+#if defined(SOLARIS) || defined(HPUX)
+#define addto64(sumhigh, sumlow, addend) \
+	sumlow += addend; sumhigh += (sumlow < addend);
+#else
+#define addto64(sumhigh, sumlow, addend) \
+	sumlow += addend; if (sumlow < addend) ++sumhigh;
+#endif
+
+#define MASK 0x00ff00ff
+#ifdef IS_LITTLE_ENDIAN
+#define lendian(i32) \
+	(i32)
+#else
+#define lendian(i32) \
+	(tmp = i32 >> 16 | i32 << 16, (tmp & MASK) << 8 | tmp >> 8 & MASK)
+#endif
+
+#ifndef IS_LITTLE_ENDIAN
+
+#define lebytes(b4) \
+	((b4)[3] << 24 | (b4)[2] << 16 | (b4)[1] << 8 | (b4)[0])
+
+static void
+md5_prep_state_le(MD5Context *cx)
+{
+	PRUint32 tmp;
+	cx->u.w[0] = lendian(cx->u.w[0]);
+	cx->u.w[1] = lendian(cx->u.w[1]);
+	cx->u.w[2] = lendian(cx->u.w[2]);
+	cx->u.w[3] = lendian(cx->u.w[3]);
+	cx->u.w[4] = lendian(cx->u.w[4]);
+	cx->u.w[5] = lendian(cx->u.w[5]);
+	cx->u.w[6] = lendian(cx->u.w[6]);
+	cx->u.w[7] = lendian(cx->u.w[7]);
+	cx->u.w[8] = lendian(cx->u.w[8]);
+	cx->u.w[9] = lendian(cx->u.w[9]);
+	cx->u.w[10] = lendian(cx->u.w[10]);
+	cx->u.w[11] = lendian(cx->u.w[11]);
+	cx->u.w[12] = lendian(cx->u.w[12]);
+	cx->u.w[13] = lendian(cx->u.w[13]);
+	cx->u.w[14] = lendian(cx->u.w[14]);
+	cx->u.w[15] = lendian(cx->u.w[15]);
+}
+
+static void
+md5_prep_buffer_le(MD5Context *cx, const PRUint8 *beBuf)
+{
+	cx->u.w[0] = lebytes(&beBuf[0]);
+	cx->u.w[1] = lebytes(&beBuf[4]);
+	cx->u.w[2] = lebytes(&beBuf[8]);
+	cx->u.w[3] = lebytes(&beBuf[12]);
+	cx->u.w[4] = lebytes(&beBuf[16]);
+	cx->u.w[5] = lebytes(&beBuf[20]);
+	cx->u.w[6] = lebytes(&beBuf[24]);
+	cx->u.w[7] = lebytes(&beBuf[28]);
+	cx->u.w[8] = lebytes(&beBuf[32]);
+	cx->u.w[9] = lebytes(&beBuf[36]);
+	cx->u.w[10] = lebytes(&beBuf[40]);
+	cx->u.w[11] = lebytes(&beBuf[44]);
+	cx->u.w[12] = lebytes(&beBuf[48]);
+	cx->u.w[13] = lebytes(&beBuf[52]);
+	cx->u.w[14] = lebytes(&beBuf[56]);
+	cx->u.w[15] = lebytes(&beBuf[60]);
+}
+#endif
+
+
+#define F(X, Y, Z) \
+	((X & Y) | ((~X) & Z))
+
+#define G(X, Y, Z) \
+	((X & Z) | (Y & (~Z)))
+
+#define H(X, Y, Z) \
+	(X ^ Y ^ Z)
+
+#define I(X, Y, Z) \
+	(Y ^ (X | (~Z)))
+
+#define FF(a, b, c, d, bufint, s, ti) \
+	a = b + cls(a + F(b, c, d) + bufint + ti, s)
+
+#define GG(a, b, c, d, bufint, s, ti) \
+	a = b + cls(a + G(b, c, d) + bufint + ti, s)
+
+#define HH(a, b, c, d, bufint, s, ti) \
+	a = b + cls(a + H(b, c, d) + bufint + ti, s)
+
+#define II(a, b, c, d, bufint, s, ti) \
+	a = b + cls(a + I(b, c, d) + bufint + ti, s)
+
+static void
+md5_compress(MD5Context *cx, const PRUint32 *wBuf)
+{
+	PRUint32 a, b, c, d;
+	PRUint32 tmp;
+	a = cx->cv[0];
+	b = cx->cv[1];
+	c = cx->cv[2];
+	d = cx->cv[3];
+	FF(a, b, c, d, wBuf[R1B0 ], S1_0, T1_0);
+	FF(d, a, b, c, wBuf[R1B1 ], S1_1, T1_1);
+	FF(c, d, a, b, wBuf[R1B2 ], S1_2, T1_2);
+	FF(b, c, d, a, wBuf[R1B3 ], S1_3, T1_3);
+	FF(a, b, c, d, wBuf[R1B4 ], S1_0, T1_4);
+	FF(d, a, b, c, wBuf[R1B5 ], S1_1, T1_5);
+	FF(c, d, a, b, wBuf[R1B6 ], S1_2, T1_6);
+	FF(b, c, d, a, wBuf[R1B7 ], S1_3, T1_7);
+	FF(a, b, c, d, wBuf[R1B8 ], S1_0, T1_8);
+	FF(d, a, b, c, wBuf[R1B9 ], S1_1, T1_9);
+	FF(c, d, a, b, wBuf[R1B10], S1_2, T1_10);
+	FF(b, c, d, a, wBuf[R1B11], S1_3, T1_11);
+	FF(a, b, c, d, wBuf[R1B12], S1_0, T1_12);
+	FF(d, a, b, c, wBuf[R1B13], S1_1, T1_13);
+	FF(c, d, a, b, wBuf[R1B14], S1_2, T1_14);
+	FF(b, c, d, a, wBuf[R1B15], S1_3, T1_15);
+	GG(a, b, c, d, wBuf[R2B0 ], S2_0, T2_0);
+	GG(d, a, b, c, wBuf[R2B1 ], S2_1, T2_1);
+	GG(c, d, a, b, wBuf[R2B2 ], S2_2, T2_2);
+	GG(b, c, d, a, wBuf[R2B3 ], S2_3, T2_3);
+	GG(a, b, c, d, wBuf[R2B4 ], S2_0, T2_4);
+	GG(d, a, b, c, wBuf[R2B5 ], S2_1, T2_5);
+	GG(c, d, a, b, wBuf[R2B6 ], S2_2, T2_6);
+	GG(b, c, d, a, wBuf[R2B7 ], S2_3, T2_7);
+	GG(a, b, c, d, wBuf[R2B8 ], S2_0, T2_8);
+	GG(d, a, b, c, wBuf[R2B9 ], S2_1, T2_9);
+	GG(c, d, a, b, wBuf[R2B10], S2_2, T2_10);
+	GG(b, c, d, a, wBuf[R2B11], S2_3, T2_11);
+	GG(a, b, c, d, wBuf[R2B12], S2_0, T2_12);
+	GG(d, a, b, c, wBuf[R2B13], S2_1, T2_13);
+	GG(c, d, a, b, wBuf[R2B14], S2_2, T2_14);
+	GG(b, c, d, a, wBuf[R2B15], S2_3, T2_15);
+	HH(a, b, c, d, wBuf[R3B0 ], S3_0, T3_0);
+	HH(d, a, b, c, wBuf[R3B1 ], S3_1, T3_1);
+	HH(c, d, a, b, wBuf[R3B2 ], S3_2, T3_2);
+	HH(b, c, d, a, wBuf[R3B3 ], S3_3, T3_3);
+	HH(a, b, c, d, wBuf[R3B4 ], S3_0, T3_4);
+	HH(d, a, b, c, wBuf[R3B5 ], S3_1, T3_5);
+	HH(c, d, a, b, wBuf[R3B6 ], S3_2, T3_6);
+	HH(b, c, d, a, wBuf[R3B7 ], S3_3, T3_7);
+	HH(a, b, c, d, wBuf[R3B8 ], S3_0, T3_8);
+	HH(d, a, b, c, wBuf[R3B9 ], S3_1, T3_9);
+	HH(c, d, a, b, wBuf[R3B10], S3_2, T3_10);
+	HH(b, c, d, a, wBuf[R3B11], S3_3, T3_11);
+	HH(a, b, c, d, wBuf[R3B12], S3_0, T3_12);
+	HH(d, a, b, c, wBuf[R3B13], S3_1, T3_13);
+	HH(c, d, a, b, wBuf[R3B14], S3_2, T3_14);
+	HH(b, c, d, a, wBuf[R3B15], S3_3, T3_15);
+	II(a, b, c, d, wBuf[R4B0 ], S4_0, T4_0);
+	II(d, a, b, c, wBuf[R4B1 ], S4_1, T4_1);
+	II(c, d, a, b, wBuf[R4B2 ], S4_2, T4_2);
+	II(b, c, d, a, wBuf[R4B3 ], S4_3, T4_3);
+	II(a, b, c, d, wBuf[R4B4 ], S4_0, T4_4);
+	II(d, a, b, c, wBuf[R4B5 ], S4_1, T4_5);
+	II(c, d, a, b, wBuf[R4B6 ], S4_2, T4_6);
+	II(b, c, d, a, wBuf[R4B7 ], S4_3, T4_7);
+	II(a, b, c, d, wBuf[R4B8 ], S4_0, T4_8);
+	II(d, a, b, c, wBuf[R4B9 ], S4_1, T4_9);
+	II(c, d, a, b, wBuf[R4B10], S4_2, T4_10);
+	II(b, c, d, a, wBuf[R4B11], S4_3, T4_11);
+	II(a, b, c, d, wBuf[R4B12], S4_0, T4_12);
+	II(d, a, b, c, wBuf[R4B13], S4_1, T4_13);
+	II(c, d, a, b, wBuf[R4B14], S4_2, T4_14);
+	II(b, c, d, a, wBuf[R4B15], S4_3, T4_15);
+	cx->cv[0] += a;
+	cx->cv[1] += b;
+	cx->cv[2] += c;
+	cx->cv[3] += d;
+}
+
+void 
+MD5_Update(MD5Context *cx, const unsigned char *input, unsigned int inputLen)
+{
+	PRUint32 bytesToConsume;
+	PRUint32 inBufIndex = cx->lsbInput & 63;
+	const PRUint32 *wBuf;
+
+	/* Add the number of input bytes to the 64-bit input counter. */
+	addto64(cx->msbInput, cx->lsbInput, inputLen);
+	if (inBufIndex) {
+		/* There is already data in the buffer.  Fill with input. */
+		bytesToConsume = PR_MIN(inputLen, MD5_BUFFER_SIZE - inBufIndex);
+		memcpy(&cx->inBuf[inBufIndex], input, bytesToConsume);
+		if (inBufIndex + bytesToConsume >= MD5_BUFFER_SIZE) {
+			/* The buffer is filled.  Run the compression function. */
+#ifndef IS_LITTLE_ENDIAN
+			md5_prep_state_le(cx);
+#endif
+			md5_compress(cx, cx->u.w);
+		}
+		/* Remaining input. */
+		inputLen -= bytesToConsume;
+		input += bytesToConsume;
+	}
+
+	/* Iterate over 64-byte chunks of the message. */
+	while (inputLen >= MD5_BUFFER_SIZE) {
+#ifdef IS_LITTLE_ENDIAN
+#ifdef _X86_
+		/* x86 can handle arithmetic on non-word-aligned buffers */
+		wBuf = (PRUint32 *)input;
+#else
+		if ((ptrdiff_t)input & 0x3) {
+			/* buffer not aligned, copy it to force alignment */
+			memcpy(cx->inBuf, input, MD5_BUFFER_SIZE);
+			wBuf = cx->u.w;
+		} else {
+			/* buffer is aligned */
+			wBuf = (PRUint32 *)input;
+		}
+#endif
+#else
+		md5_prep_buffer_le(cx, input);
+		wBuf = cx->u.w;
+#endif
+		md5_compress(cx, wBuf);
+		inputLen -= MD5_BUFFER_SIZE;
+		input += MD5_BUFFER_SIZE;
+	}
+
+	/* Tail of message (message bytes mod 64). */
+	if (inputLen)
+		memcpy(cx->inBuf, input, inputLen);
+}
+
+static const unsigned char padbytes[] = {
+	0x80, 0x00, 0x00,  0x00,  0x00,  0x00,  0x00,  0x00,  0x00,  0x00,
+	0x00, 0x00, 0x00,  0x00,  0x00,  0x00,  0x00,  0x00,  0x00,  0x00,
+	0x00, 0x00, 0x00,  0x00,  0x00,  0x00,  0x00,  0x00,  0x00,  0x00,
+	0x00, 0x00, 0x00,  0x00,  0x00,  0x00,  0x00,  0x00,  0x00,  0x00,
+	0x00, 0x00, 0x00,  0x00,  0x00,  0x00,  0x00,  0x00,  0x00,  0x00,
+	0x00, 0x00, 0x00,  0x00,  0x00,  0x00,  0x00,  0x00,  0x00,  0x00,
+	0x00, 0x00, 0x00,  0x00,  0x00,  0x00,  0x00,  0x00,  0x00,  0x00,
+	0x00, 0x00, 0x00,  0x00,  0x00,  0x00,  0x00,  0x00,  0x00,  0x00,
+	0x00, 0x00, 0x00,  0x00,  0x00,  0x00,  0x00,  0x00,  0x00,  0x00,
+	0x00, 0x00, 0x00,  0x00,  0x00,  0x00,  0x00,  0x00,  0x00,  0x00,
+	0x00, 0x00, 0x00,  0x00,  0x00,  0x00,  0x00,  0x00,  0x00,  0x00,
+	0x00, 0x00, 0x00,  0x00,  0x00,  0x00,  0x00,  0x00,  0x00,  0x00
+};
+
+void 
+MD5_End(MD5Context *cx, unsigned char *digest,
+        unsigned int *digestLen, unsigned int maxDigestLen)
+{
+#ifndef IS_LITTLE_ENDIAN
+	PRUint32 tmp;
+#endif
+	PRUint32 lowInput, highInput;
+	PRUint32 inBufIndex = cx->lsbInput & 63;
+
+	if (maxDigestLen < MD5_HASH_LEN) {
+		PORT_SetError(SEC_ERROR_INVALID_ARGS);
+		return;
+	}
+
+	/* Copy out the length of bits input before padding. */
+	lowInput = cx->lsbInput; 
+	highInput = (cx->msbInput << 3) | (lowInput >> 29);
+	lowInput <<= 3;
+
+	if (inBufIndex < MD5_END_BUFFER) {
+		MD5_Update(cx, padbytes, MD5_END_BUFFER - inBufIndex);
+	} else {
+		MD5_Update(cx, padbytes, 
+		           MD5_END_BUFFER + MD5_BUFFER_SIZE - inBufIndex);
+	}
+
+	/* Store the number of bytes input (before padding) in final 64 bits. */
+	cx->u.w[14] = lendian(lowInput);
+	cx->u.w[15] = lendian(highInput);
+
+	/* Final call to compress. */
+#ifndef IS_LITTLE_ENDIAN
+	md5_prep_state_le(cx);
+#endif
+	md5_compress(cx, cx->u.w);
+
+	/* Copy the resulting values out of the chain variables into return buf. */
+	*digestLen = MD5_HASH_LEN;
+#ifndef IS_LITTLE_ENDIAN
+	cx->cv[0] = lendian(cx->cv[0]);
+	cx->cv[1] = lendian(cx->cv[1]);
+	cx->cv[2] = lendian(cx->cv[2]);
+	cx->cv[3] = lendian(cx->cv[3]);
+#endif
+	memcpy(digest, cx->cv, MD5_HASH_LEN);
+}
+
+unsigned int 
+MD5_FlattenSize(MD5Context *cx)
+{
+	return sizeof(*cx);
+}
+
+SECStatus 
+MD5_Flatten(MD5Context *cx, unsigned char *space)
+{
+	memcpy(space, cx, sizeof(*cx));
+	return SECSuccess;
+}
+
+MD5Context * 
+MD5_Resurrect(unsigned char *space, void *arg)
+{
+	MD5Context *cx = MD5_NewContext();
+	if (cx)
+		memcpy(cx, space, sizeof(*cx));
+	return cx;
+}
+
+void MD5_Clone(MD5Context *dest, MD5Context *src) 
+{
+	memcpy(dest, src, sizeof *dest);
+}
+
+void 
+MD5_TraceState(MD5Context *cx)
+{
+	PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+}
diff --git a/security/nss/lib/freebl/mknewpc2.c b/security/nss/lib/freebl/mknewpc2.c
new file mode 100644
index 000000000..e2872598f
--- /dev/null
+++ b/security/nss/lib/freebl/mknewpc2.c
@@ -0,0 +1,242 @@
+/*
+ *  mknewpc2.c
+ *
+ *  Generate PC-2 tables for DES-150 library
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the DES-150 library.
+ *
+ * The Initial Developer of the Original Code is
+ * Nelson B. Bolyard, nelsonb@iname.com.
+ * Portions created by the Initial Developer are Copyright (C) 1990
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+typedef unsigned char BYTE;
+typedef unsigned int  HALF;
+
+#define DES_ENCRYPT 0
+#define DES_DECRYPT 1
+
+/* two 28-bit registers defined in key schedule production process */
+static HALF C0, D0;
+
+static HALF L0, R0;
+
+/* key schedule, 16 internal keys, each with 8 6-bit parts */
+static BYTE KS [8] [16];
+
+
+/*
+ * This table takes the 56 bits in C0 and D0 and shows show they are 
+ * permuted into the 8 6-bit parts of the key in the key schedule.
+ * The bits of C0 are numbered left to right, 1-28.
+ * The bits of D0 are numbered left to right, 29-56.
+ * Zeros in this table represent bits that are always zero.
+ * Note that all the bits in the first  4 rows come from C0, 
+ *       and all the bits in the second 4 rows come from D0.
+ */
+static const BYTE PC2[64] = {
+    14, 17, 11, 24,  1,  5,  0,  0,	/* S1 */
+     3, 28, 15,  6, 21, 10,  0,  0,	/* S2 */
+    23, 19, 12,  4, 26,  8,  0,  0,	/* S3 */
+    16,  7, 27, 20, 13,  2,  0,  0,	/* S4 */
+
+    41, 52, 31, 37, 47, 55,  0,  0,	/* S5 */
+    30, 40, 51, 45, 33, 48,  0,  0,	/* S6 */
+    44, 49, 39, 56, 34, 53,  0,  0,	/* S7 */
+    46, 42, 50, 36, 29, 32,  0,  0	/* S8 */
+};
+
+/* This table represents the same info as PC2, except that 
+ * The bits of C0 and D0 are each numbered right to left, 0-27.
+ * -1 values indicate bits that are always zero.
+ * As before all the bits in the first  4 rows come from C0, 
+ *       and all the bits in the second 4 rows come from D0.
+ */
+static       signed char PC2a[64] = {
+/* bits of C0 */
+    14, 11, 17,  4, 27, 23, -1, -1,	/* S1 */
+    25,  0, 13, 22,  7, 18, -1, -1,	/* S2 */
+     5,  9, 16, 24,  2, 20, -1, -1,	/* S3 */
+    12, 21,  1,  8, 15, 26, -1, -1,	/* S4 */
+/* bits of D0 */
+    15,  4, 25, 19,  9,  1, -1, -1,	/* S5 */
+    26, 16,  5, 11, 23,  8, -1, -1,	/* S6 */
+    12,  7, 17,  0, 22,  3, -1, -1,	/* S7 */
+    10, 14,  6, 20, 27, 24, -1, -1 	/* S8 */
+};
+
+/* This table represents the same info as PC2a, except that 
+ * The order of of the rows has been changed to increase the efficiency
+ * with which the key sechedule is created.
+ * Fewer shifts and ANDs are required to make the KS from these.
+ */
+static const signed char PC2b[64] = {
+/* bits of C0 */
+    14, 11, 17,  4, 27, 23, -1, -1,	/* S1 */
+     5,  9, 16, 24,  2, 20, -1, -1,	/* S3 */
+    25,  0, 13, 22,  7, 18, -1, -1,	/* S2 */
+    12, 21,  1,  8, 15, 26, -1, -1,	/* S4 */
+/* bits of D0 */
+    26, 16,  5, 11, 23,  8, -1, -1,	/* S6 */
+    10, 14,  6, 20, 27, 24, -1, -1,	/* S8 */
+    15,  4, 25, 19,  9,  1, -1, -1,	/* S5 */
+    12,  7, 17,  0, 22,  3, -1, -1 	/* S7 */
+};
+
+/* Only 24 of the 28 bits in C0 and D0 are used in PC2.
+ * The used bits of C0 and D0 are grouped into 4 groups of 6,
+ * so that the PC2 permutation can be accomplished with 4 lookups
+ * in tables of 64 entries.
+ * The following table shows how the bits of C0 and D0 are grouped
+ * into indexes for the respective table lookups.  
+ * Bits are numbered right-to-left, 0-27, as in PC2b.
+ */
+static BYTE NDX[48] = {
+/* Bits of C0 */
+    27, 26, 25, 24, 23, 22,	/* C0 table 0 */
+    18, 17, 16, 15, 14, 13,	/* C0 table 1 */
+     9,  8,  7,  2,  1,  0,	/* C0 table 2 */
+     5,  4, 21, 20, 12, 11,	/* C0 table 3 */
+/* bits of D0 */
+    27, 26, 25, 24, 23, 22,	/* D0 table 0 */
+    20, 19, 17, 16, 15, 14,	/* D0 table 1 */
+    12, 11, 10,  9,  8,  7,	/* D0 table 2 */
+     6,  5,  4,  3,  1,  0	/* D0 table 3 */
+};
+
+/* Here's the code that does that grouping. 
+	left   = PC2LOOKUP(0, 0, ((c0 >> 22) & 0x3F) );
+	left  |= PC2LOOKUP(0, 1, ((c0 >> 13) & 0x3F) );
+	left  |= PC2LOOKUP(0, 2, ((c0 >>  4) & 0x38) | (c0 & 0x7) );
+	left  |= PC2LOOKUP(0, 3, ((c0>>18)&0xC) | ((c0>>11)&0x3) | (c0&0x30));
+
+	right  = PC2LOOKUP(1, 0, ((d0 >> 22) & 0x3F) );
+	right |= PC2LOOKUP(1, 1, ((d0 >> 15) & 0x30) | ((d0 >> 14) & 0xf) );
+	right |= PC2LOOKUP(1, 2, ((d0 >>  7) & 0x3F) );
+	right |= PC2LOOKUP(1, 3, ((d0 >>  1) & 0x3C) | (d0 & 0x3));
+*/
+
+void
+make_pc2a( void )
+{
+
+    int i, j;
+
+    for ( i = 0; i < 64; ++i ) {
+	j = PC2[i];
+	if (j == 0)
+	    j = -1;
+	else if ( j < 29 )
+	    j = 28 - j ;
+	else
+	    j = 56 - j;
+	PC2a[i] = j;
+    }
+    for ( i = 0; i < 64; i += 8 ) {
+	printf("%3d,%3d,%3d,%3d,%3d,%3d,%3d,%3d,\n",
+		PC2a[i+0],PC2a[i+1],PC2a[i+2],PC2a[i+3],
+		PC2a[i+4],PC2a[i+5],PC2a[i+6],PC2a[i+7] );
+    }
+}
+
+HALF PC2cd0[64];
+
+HALF PC_2H[8][64];
+
+void
+mktable( )
+{
+    int i;
+    int table;
+    const BYTE * ndx   = NDX;
+    HALF         mask;
+
+    mask  = 0x80000000;
+    for (i = 0; i < 32; ++i, mask >>= 1) {
+	int bit = PC2b[i];
+	if (bit < 0)
+	    continue;
+	PC2cd0[bit + 32] = mask;
+    }
+
+    mask  = 0x80000000;
+    for (i = 32; i < 64; ++i, mask >>= 1) {
+	int bit = PC2b[i];
+	if (bit < 0)
+	    continue;
+	PC2cd0[bit] = mask;
+    }
+
+#if DEBUG
+    for (i = 0; i < 64; ++i) {
+    	printf("0x%08x,\n", PC2cd0[i]);
+    }
+#endif
+    for (i = 0; i < 24; ++i) {
+    	NDX[i] += 32;	/* because c0 is the upper half */
+    }
+
+    for (table = 0; table < 8; ++table) {
+	HALF bitvals[6];
+    	for (i = 0; i < 6; ++i) {
+	    bitvals[5-i] = PC2cd0[*ndx++];
+	}
+	for (i = 0; i < 64; ++i) {
+	    int  j;
+	    int  k     = 0;
+	    HALF value = 0;
+
+	    for (j = i; j; j >>= 1, ++k) {
+	    	if (j & 1) {
+		    value |= bitvals[k];
+		}
+	    }
+	    PC_2H[table][i] = value;
+	}
+	printf("/* table %d */ {\n", table );
+	for (i = 0; i < 64; i += 4) {
+	    printf("    0x%08x, 0x%08x, 0x%08x, 0x%08x, \n",
+		    PC_2H[table][i],   PC_2H[table][i+1],
+		    PC_2H[table][i+2], PC_2H[table][i+3]);
+	}
+	printf("  },\n");
+    }
+}
+
+
+int
+main(void)
+{
+/*   make_pc2a(); */
+   mktable();
+   return 0;
+}
diff --git a/security/nss/lib/freebl/mksp.c b/security/nss/lib/freebl/mksp.c
new file mode 100644
index 000000000..994dcff0c
--- /dev/null
+++ b/security/nss/lib/freebl/mksp.c
@@ -0,0 +1,159 @@
+/*
+ *  mksp.c
+ *
+ *  Generate SP tables for DES-150 library
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the DES-150 library.
+ *
+ * The Initial Developer of the Original Code is
+ * Nelson B. Bolyard, nelsonb@iname.com.
+ * Portions created by the Initial Developer are Copyright (C) 1990
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include <stdio.h>
+
+/*
+ * sboxes - the tables for the s-box functions
+ *        from FIPS 46, pages 15-16.
+ */
+unsigned char S[8][64] = {
+/* Func S1 = */ {
+	14,  0,  4, 15, 13,  7,  1,  4,  2, 14, 15,  2, 11, 13,  8,  1,
+	 3, 10, 10,  6,  6, 12, 12, 11,  5,  9,  9,  5,  0,  3,  7,  8,
+	 4, 15,  1, 12, 14,  8,  8,  2, 13,  4,  6,  9,  2,  1, 11,  7,
+	15,  5, 12, 11,  9,  3,  7, 14,  3, 10, 10,  0,  5,  6,  0, 13
+    },
+/* Func S2 = */ {
+	15,  3,  1, 13,  8,  4, 14,  7,  6, 15, 11,  2,  3,  8,  4, 14,
+	 9, 12,  7,  0,  2,  1, 13, 10, 12,  6,  0,  9,  5, 11, 10,  5,
+	 0, 13, 14,  8,  7, 10, 11,  1, 10,  3,  4, 15, 13,  4,  1,  2,
+	 5, 11,  8,  6, 12,  7,  6, 12,  9,  0,  3,  5,  2, 14, 15,  9
+    },
+/* Func S3 = */ {
+	10, 13,  0,  7,  9,  0, 14,  9,  6,  3,  3,  4, 15,  6,  5, 10,
+	 1,  2, 13,  8, 12,  5,  7, 14, 11, 12,  4, 11,  2, 15,  8,  1,
+	13,  1,  6, 10,  4, 13,  9,  0,  8,  6, 15,  9,  3,  8,  0,  7,
+	11,  4,  1, 15,  2, 14, 12,  3,  5, 11, 10,  5, 14,  2,  7, 12
+    },
+/* Func S4 = */ {
+	 7, 13, 13,  8, 14, 11,  3,  5,  0,  6,  6, 15,  9,  0, 10,  3,
+	 1,  4,  2,  7,  8,  2,  5, 12, 11,  1, 12, 10,  4, 14, 15,  9,
+	10,  3,  6, 15,  9,  0,  0,  6, 12, 10, 11,  1,  7, 13, 13,  8,
+	15,  9,  1,  4,  3,  5, 14, 11,  5, 12,  2,  7,  8,  2,  4, 14
+    },
+/* Func S5 = */ {
+	 2, 14, 12, 11,  4,  2,  1, 12,  7,  4, 10,  7, 11, 13,  6,  1,
+	 8,  5,  5,  0,  3, 15, 15, 10, 13,  3,  0,  9, 14,  8,  9,  6,
+	 4, 11,  2,  8,  1, 12, 11,  7, 10,  1, 13, 14,  7,  2,  8, 13,
+	15,  6,  9, 15, 12,  0,  5,  9,  6, 10,  3,  4,  0,  5, 14,  3
+    },
+/* Func S6 = */ {
+	12, 10,  1, 15, 10,  4, 15,  2,  9,  7,  2, 12,  6,  9,  8,  5,
+	 0,  6, 13,  1,  3, 13,  4, 14, 14,  0,  7, 11,  5,  3, 11,  8,
+	 9,  4, 14,  3, 15,  2,  5, 12,  2,  9,  8,  5, 12, 15,  3, 10,
+	 7, 11,  0, 14,  4,  1, 10,  7,  1,  6, 13,  0, 11,  8,  6, 13
+    },
+/* Func S7 = */ {
+	 4, 13, 11,  0,  2, 11, 14,  7, 15,  4,  0,  9,  8,  1, 13, 10,
+	 3, 14, 12,  3,  9,  5,  7, 12,  5,  2, 10, 15,  6,  8,  1,  6,
+	 1,  6,  4, 11, 11, 13, 13,  8, 12,  1,  3,  4,  7, 10, 14,  7,
+	10,  9, 15,  5,  6,  0,  8, 15,  0, 14,  5,  2,  9,  3,  2, 12
+    },
+/* Func S8 = */ {
+	13,  1,  2, 15,  8, 13,  4,  8,  6, 10, 15,  3, 11,  7,  1,  4,
+	10, 12,  9,  5,  3,  6, 14, 11,  5,  0,  0, 14, 12,  9,  7,  2,
+	 7,  2, 11,  1,  4, 14,  1,  7,  9,  4, 12, 10, 14,  8,  2, 13,
+	 0, 15,  6, 12, 10,  9, 13,  0, 15,  3,  3,  5,  5,  6,  8, 11
+    }
+};
+
+/*
+ * Permutation function for results from s-boxes
+ *   from FIPS 46 pages 12 and 16.
+ * P = 
+ */
+unsigned char P[32] = {
+	16,   7,  20,  21,  29,  12,  28,  17,
+	 1,  15,  23,  26,   5,  18,  31,  10,
+	 2,   8,  24,  14,  32,  27,   3,   9,
+	19,  13,  30,   6,  22,  11,   4,  25
+};
+
+unsigned int Pinv[32];
+unsigned int SP[8][64];
+
+void
+makePinv(void)
+{
+    int i;
+    unsigned int Pi = 0x80000000;
+    for (i = 0; i < 32; ++i) {
+    	int j = 32 - P[i];
+	Pinv[j] = Pi;
+	Pi >>= 1;
+    }
+}
+
+void
+makeSP(void)
+{
+    int box;
+    for (box = 0; box < 8; ++box) {
+	int item;
+	printf("/* box S%d */ {\n", box + 1);
+    	for (item = 0; item < 64; ++item ) {
+	    unsigned int s = S[box][item];
+	    unsigned int val = 0;
+	    unsigned int bitnum = (7-box) * 4;
+	    for (; s; s >>= 1, ++bitnum) {
+		if (s & 1) {
+		    val |= Pinv[bitnum];
+		}
+	    }
+	    val = (val << 3) | (val >> 29);
+	    SP[box][item] = val;
+	}
+	for (item = 0; item < 64; item += 4) {
+	    printf("\t0x%08x, 0x%08x, 0x%08x, 0x%08x,\n",
+	    SP[box][item], SP[box][item+1], SP[box][item+2], SP[box][item+3]);
+	}
+	printf("    },\n");
+    }
+}
+
+int
+main()
+{
+    makePinv();
+    makeSP();
+    return 0;
+}
diff --git a/security/nss/lib/freebl/mpi/Makefile b/security/nss/lib/freebl/mpi/Makefile
new file mode 100644
index 000000000..c0e78531c
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/Makefile
@@ -0,0 +1,281 @@
+#
+# Makefile for MPI library
+
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+#
+# The Initial Developer of the Original Code is
+# Michael J. Fromberger <sting@linguist.dartmouth.edu>.
+# Portions created by the Initial Developer are Copyright (C) 1998
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#   Netscape Communications Corporation
+#   Richard C. Swift        (swift@netscape.com)
+#   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+#
+# $Id$
+#
+
+## Define CC to be the C compiler you wish to use.  The GNU cc
+## compiler (gcc) should work, at the very least
+#CC=cc
+#CC=gcc
+
+## 
+## Define PERL to point to your local Perl interpreter.  It
+## should be Perl 5.x, although it's conceivable that Perl 4
+## might work ... I haven't tested it.
+##
+#PERL=/usr/bin/perl
+#PERL=perl
+
+include target.mk
+
+CFLAGS+= $(XCFLAGS)
+
+##
+## Define LIBS to include any libraries you need to link against.
+## If NO_TABLE is define, LIBS should include '-lm' or whatever is
+## necessary to bring in the math library.  Otherwise, it can be
+## left alone, unless your system has other peculiar requirements.
+##
+LIBS=#-lmalloc#-lefence#-lm
+
+## 
+## Define RANLIB to be the library header randomizer; you might not
+## need this on some systems (just set it to 'echo' on these systems,
+## such as IRIX)
+##
+RANLIB=echo
+
+##
+## This is the version string used for the documentation and 
+## building the distribution tarball.  Don't mess with it unless
+## you are releasing a new version
+VERS=1.7p6
+
+## ----------------------------------------------------------------------
+## You probably don't need to change anything below this line...
+##
+
+##
+## This is the list of source files that need to be packed into
+## the distribution file
+SRCS=   mpi.c mpprime.c mplogic.c mp_gf2m.c mpmontg.c mpi-test.c primes.c \
+	mpcpucache.c tests/ \
+	utils/gcd.c utils/invmod.c utils/lap.c \
+	utils/ptab.pl utils/sieve.c utils/isprime.c\
+	utils/dec2hex.c utils/hex2dec.c utils/bbs_rand.c \
+	utils/bbsrand.c utils/prng.c utils/primegen.c \
+	utils/basecvt.c utils/makeprime.c\
+	utils/fact.c utils/exptmod.c utils/pi.c utils/metime.c \
+	utils/mpi.h utils/mpprime.h mulsqr.c \
+	make-test-arrays test-arrays.txt all-tests make-logtab \
+	types.pl stats timetest multest
+
+## These are the header files that go into the distribution file
+HDRS=mpi.h mpi-config.h utils/mpi.h utils/mpi-config.h mpprime.h mplogic.h mp_gf2m.h \
+     mp_gf2m-priv.h utils/bbs_rand.h tests/mpi.h tests/mpprime.h
+
+## These are the documentation files that go into the distribution file
+DOCS=README doc utils/README utils/PRIMES 
+
+## This is the list of tools built by 'make tools'
+TOOLS=gcd invmod isprime lap dec2hex hex2dec primegen prng \
+	basecvt fact exptmod pi makeprime identest
+
+LIBOBJS = mpprime.o mpmontg.o mplogic.o mp_gf2m.o mpi.o mpcpucache.o $(AS_OBJS)
+LIBHDRS = mpi-config.h mpi-priv.h mpi.h
+APPHDRS = mpi-config.h mpi.h mplogic.h mp_gf2m.h mpprime.h
+
+help:
+	@ echo ""
+	@ echo "The following targets can be built with this Makefile:"
+	@ echo ""
+	@ echo "libmpi.a     - arithmetic and prime testing library"
+	@ echo "mpi-test     - test driver (requires MP_IOFUNC)"
+	@ echo "tools        - command line tools"
+	@ echo "doc          - manual pages for tools"
+	@ echo "clean        - clean up objects and such"
+	@ echo "distclean    - get ready for distribution"
+	@ echo "dist         - distribution tarball"
+	@ echo ""
+
+.SUFFIXES: .c .o .i
+
+.c.i:
+	$(CC) $(CFLAGS) -E $< > $@
+
+#.c.o: $*.h $*.c
+#	$(CC) $(CFLAGS) -c $<
+
+#---------------------------------------
+
+$(LIBOBJS): $(LIBHDRS)
+
+logtab.h: make-logtab
+	$(PERL) make-logtab > logtab.h
+
+mpi.o: mpi.c logtab.h $(LIBHDRS)
+
+mplogic.o: mplogic.c mpi-priv.h mplogic.h $(LIBHDRS)
+
+mp_gf2m.o: mp_gf2m.c mpi-priv.h mp_gf2m.h mp_gf2m-priv.h $(LIBHDRS)
+
+mpmontg.o: mpmontg.c mpi-priv.h mplogic.h mpprime.h $(LIBHDRS)
+
+mpprime.o: mpprime.c mpi-priv.h mpprime.h mplogic.h primes.c $(LIBHDRS)
+
+mpcpucache.o: mpcpucache.c $(LIBHDRS)
+
+mpi_mips.o: mpi_mips.s
+	$(CC) -o $@ $(ASFLAGS) -c mpi_mips.s
+
+mpi_sparc.o : montmulf.h
+
+mpv_sparcv9.s: vis_64.il mpv_sparc.c
+	$(CC) -o $@ $(SOLARIS_FPU_FLAGS) -S vis_64.il mpv_sparc.c
+
+mpv_sparcv8.s: vis_64.il mpv_sparc.c
+	$(CC) -o $@ $(SOLARIS_FPU_FLAGS) -S vis_32.il mpv_sparc.c
+
+montmulfv8.o montmulfv9.o mpv_sparcv8.o mpv_sparcv9.o : %.o : %.s 
+	$(CC) -o $@ $(SOLARIS_ASM_FLAGS) -c $<
+
+# This rule is used to build the .s sources, which are then hand optimized.
+#montmulfv8.s montmulfv9.s : montmulf%.s : montmulf%.il montmulf.c montmulf.h 
+#	$(CC) -o $@ $(SOLARIS_ASM_FLAGS) -S montmulf$*.il montmulf.c
+
+
+libmpi.a: $(LIBOBJS)
+	ar -cvr libmpi.a $(LIBOBJS)
+	$(RANLIB) libmpi.a
+
+lib libs: libmpi.a
+
+mpi.i: mpi.h
+
+#---------------------------------------
+
+MPTESTOBJS = mptest1.o mptest2.o mptest3.o mptest3a.o mptest4.o mptest4a.o \
+	mptest4b.o mptest6.o mptest7.o mptest8.o mptest9.o mptestb.o
+MPTESTS = $(MPTESTOBJS:.o=)
+
+$(MPTESTOBJS): mptest%.o: tests/mptest-%.c $(LIBHDRS)
+	$(CC) $(CFLAGS) -o $@ -c $<
+
+$(MPTESTS): mptest%: mptest%.o libmpi.a
+	$(CC) $(CFLAGS) -o $@ $^  $(LIBS)
+
+tests: mptest1 mptest2 mptest3 mptest3a mptest4 mptest4a mptest4b mptest6 \
+	mptestb bbsrand
+
+utests: mptest7 mptest8 mptest9
+
+#---------------------------------------
+
+EXTRAOBJS = bbsrand.o bbs_rand.o prng.o
+UTILOBJS = primegen.o metime.o identest.o basecvt.o fact.o exptmod.o pi.o \
+	makeprime.o gcd.o invmod.o lap.o isprime.o \
+	dec2hex.o hex2dec.o
+UTILS = $(UTILOBJS:.o=) 
+
+$(UTILS): % : %.o libmpi.a
+	$(CC) $(CFLAGS) -o $@ $^ $(LIBS)
+
+$(UTILOBJS) $(EXTRAOBJS): %.o : utils/%.c $(LIBHDRS)
+	$(CC) $(CFLAGS) -o $@ -c $<
+
+prng: prng.o bbs_rand.o libmpi.a
+	$(CC) $(CFLAGS) -o $@ $^ $(LIBS)
+
+bbsrand: bbsrand.o bbs_rand.o libmpi.a
+	$(CC) $(CFLAGS) -o $@ $^ $(LIBS)
+
+utils: $(UTILS) prng bbsrand
+
+#---------------------------------------
+
+test-info.c: test-arrays.txt
+	$(PERL) make-test-arrays test-arrays.txt > test-info.c
+
+mpi-test.o: mpi-test.c test-info.c $(LIBHDRS)
+	$(CC) $(CFLAGS) -o $@ -c $<
+
+mpi-test: mpi-test.o libmpi.a
+	$(CC) $(CFLAGS) -o $@ $^ $(LIBS)
+
+mdxptest.o: mdxptest.c $(LIBHDRS) mpi-priv.h
+
+mdxptest: mdxptest.o libmpi.a
+	$(CC) $(CFLAGS) -o $@ $^ $(LIBS)
+
+mulsqr.o: mulsqr.c logtab.h mpi.h mpi-config.h mpprime.h 
+	$(CC) $(CFLAGS) -DMP_SQUARE=1 -o $@ -c mulsqr.c 
+
+mulsqr: mulsqr.o libmpi.a
+	$(CC) $(CFLAGS) -o $@ $^ $(LIBS)
+
+#---------------------------------------
+
+alltests: tests utests mpi-test
+
+tools: $(TOOLS)
+
+doc:
+	(cd doc; ./build)
+
+clean:
+	rm -f *.o *.a *.i
+	rm -f core
+	rm -f *~ .*~
+	rm -f utils/*.o
+	rm -f utils/core
+	rm -f utils/*~ utils/.*~
+
+clobber: clean
+	rm -f $(TOOLS) $(UTILS)
+
+distclean: clean
+	rm -f mptest? mpi-test metime mulsqr karatsuba
+	rm -f mptest?a mptest?b
+	rm -f utils/mptest?
+	rm -f test-info.c logtab.h
+	rm -f libmpi.a
+	rm -f $(TOOLS)
+
+dist: Makefile $(HDRS) $(SRCS) $(DOCS)
+	tar -cvf mpi-$(VERS).tar Makefile $(HDRS) $(SRCS) $(DOCS)
+	pgps -ab mpi-$(VERS).tar
+	chmod +r mpi-$(VERS).tar.asc
+	gzip -9 mpi-$(VERS).tar
+
+# END
diff --git a/security/nss/lib/freebl/mpi/Makefile.os2 b/security/nss/lib/freebl/mpi/Makefile.os2
new file mode 100644
index 000000000..c67f9a793
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/Makefile.os2
@@ -0,0 +1,280 @@
+#
+# Makefile.win - gmake Makefile for building MPI with VACPP on OS/2
+#
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+#
+# The Initial Developer of the Original Code is
+# Michael J. Fromberger <sting@linguist.dartmouth.edu>.
+# Portions created by the Initial Developer are Copyright (C) 1998
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#   Netscape Communications Corporation
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+#
+# $Id$
+#
+
+## Define CC to be the C compiler you wish to use.  The GNU cc
+## compiler (gcc) should work, at the very least
+#CC=cc
+#CC=gcc
+CC=icc.exe
+AS=alp.exe
+
+## 
+## Define PERL to point to your local Perl interpreter.  It
+## should be Perl 5.x, although it's conceivable that Perl 4
+## might work ... I haven't tested it.
+##
+#PERL=/usr/bin/perl
+#PERL=perl
+
+##
+## Define CFLAGS to contain any local options your compiler
+## setup requires.
+##
+## Conditional compilation options are no longer here; see
+## the file 'mpi-config.h' instead.
+##
+MPICMN = -I. -DMP_API_COMPATIBLE -DMP_IOFUNC -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD
+
+#OS/2
+AS_SRCS = mpi_x86.asm
+MPICMN += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -DMP_ASSEMBLY_DIV_2DX1D
+#CFLAGS= -Od -Z7 -MD -W3 -nologo -D_X86_ -DXP_PC \
+ -DDEBUG -D_DEBUG -UNDEBUG -DWIN32 -D_WINDOWS -DWIN95 $(MPICMN)
+#CFLAGS = -O2 -MD -W3 -nologo -D_X86_ -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG \
+ -DWIN32 -D_WINDOWS -DWIN95 $(MPICMN)
+#CFLAGS = -Od -Z7 -MD -W3 -nologo -D_X86_ -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG \
+ -DWIN32 -D_WINDOWS -DWIN95 $(MPICMN)
+CFLAGS = /Ti+ -D_X86_ -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG \
+ $(MPICMN)
+ASFLAGS =
+
+##
+## Define LIBS to include any libraries you need to link against.
+## If NO_TABLE is define, LIBS should include '-lm' or whatever is
+## necessary to bring in the math library.  Otherwise, it can be
+## left alone, unless your system has other peculiar requirements.
+##
+LIBS=#-lmalloc#-lefence#-lm
+
+## 
+## Define RANLIB to be the library header randomizer; you might not
+## need this on some systems (just set it to 'echo' on these systems,
+## such as IRIX)
+##
+RANLIB=echo
+
+##
+## This is the version string used for the documentation and 
+## building the distribution tarball.  Don't mess with it unless
+## you are releasing a new version
+VERS=1.7p6
+
+## ----------------------------------------------------------------------
+## You probably don't need to change anything below this line...
+##
+
+##
+## This is the list of source files that need to be packed into
+## the distribution file
+SRCS=   mpi.c mpprime.c mplogic.c mpmontg.c mpi-test.c primes.c tests/ \
+	utils/gcd.c utils/invmod.c utils/lap.c \
+	utils/ptab.pl utils/sieve.c utils/isprime.c\
+	utils/dec2hex.c utils/hex2dec.c utils/bbs_rand.c \
+	utils/bbsrand.c utils/prng.c utils/primegen.c \
+	utils/basecvt.c utils/makeprime.c\
+	utils/fact.c utils/exptmod.c utils/pi.c utils/metime.c \
+	utils/mpi.h utils/mpprime.h mulsqr.c \
+	make-test-arrays test-arrays.txt all-tests make-logtab \
+	types.pl stats timetest multest
+
+## These are the header files that go into the distribution file
+HDRS=mpi.h mpi-config.h utils/mpi.h utils/mpi-config.h mpprime.h mplogic.h \
+     utils/bbs_rand.h tests/mpi.h tests/mpprime.h
+
+## These are the documentation files that go into the distribution file
+DOCS=README doc utils/README utils/PRIMES 
+
+## This is the list of tools built by 'make tools'
+TOOLS=gcd.exe invmod.exe isprime.exe lap.exe dec2hex.exe hex2dec.exe \
+ primegen.exe prng.exe basecvt.exe fact.exe exptmod.exe pi.exe makeprime.exe
+
+AS_OBJS = $(AS_SRCS:.asm=.obj)
+LIBOBJS = mpprime.obj mpmontg.obj mplogic.obj mpi.obj $(AS_OBJS)
+LIBHDRS = mpi-config.h mpi-priv.h mpi.h
+APPHDRS = mpi-config.h mpi.h mplogic.h mpprime.h
+
+
+help:
+	@ echo ""
+	@ echo "The following targets can be built with this Makefile:"
+	@ echo ""
+	@ echo "mpi.lib      - arithmetic and prime testing library"
+	@ echo "mpi-test.exe - test driver (requires MP_IOFUNC)"
+	@ echo "tools        - command line tools"
+	@ echo "doc          - manual pages for tools"
+	@ echo "clean        - clean up objects and such"
+	@ echo "distclean    - get ready for distribution"
+	@ echo "dist         - distribution tarball"
+	@ echo ""
+
+.SUFFIXES: .c .obj .i .lib .exe .asm
+
+.c.i:
+	$(CC) $(CFLAGS) -E $< > $@
+
+.c.obj: 
+	$(CC) $(CFLAGS) -c $<
+
+.asm.obj:
+	$(AS) $(ASFLAGS) $<
+
+.obj.exe:
+	$(CC) $(CFLAGS) -Fo$@ $<
+
+#---------------------------------------
+
+$(LIBOBJS): $(LIBHDRS)
+
+logtab.h: make-logtab
+	$(PERL) make-logtab > logtab.h
+
+mpi.obj: mpi.c logtab.h $(LIBHDRS)
+
+mplogic.obj: mplogic.c mpi-priv.h mplogic.h $(LIBHDRS)
+
+mpmontg.obj: mpmontg.c mpi-priv.h mplogic.h mpprime.h $(LIBHDRS)
+
+mpprime.obj: mpprime.c mpi-priv.h mpprime.h mplogic.h primes.c $(LIBHDRS)
+
+mpi_mips.obj: mpi_mips.s
+	$(CC) -Fo$@ $(ASFLAGS) -c mpi_mips.s
+
+mpi.lib: $(LIBOBJS)
+	ilib /out:mpi.lib $(LIBOBJS)
+	$(RANLIB) mpi.lib
+
+lib libs: mpi.lib
+
+#---------------------------------------
+
+MPTESTOBJS = mptest1.obj mptest2.obj mptest3.obj mptest3a.obj mptest4.obj \
+ mptest4a.obj mptest4b.obj mptest6.obj mptest7.obj mptest8.obj mptest9.obj
+MPTESTS = $(MPTESTOBJS:.obj=.exe)
+
+$(MPTESTOBJS): mptest%.obj: tests/mptest-%.c $(LIBHDRS)
+	$(CC) $(CFLAGS) -Fo$@ -c $<
+
+$(MPTESTS): mptest%.exe: mptest%.obj mpi.lib $(LIBS)
+	$(CC) $(CFLAGS) -Fo$@ $^ 
+
+tests: mptest1.exe mptest2.exe mptest3.exe mptest3a.exe mptest4.exe \
+ mptest4a.exe mptest4b.exe mptest6.exe bbsrand.exe
+
+utests: mptest7.exe mptest8.exe mptest9.exe
+
+#---------------------------------------
+
+EXTRAOBJS = bbsrand.obj bbs_rand.obj prng.obj
+UTILOBJS = primegen.obj metime.obj identest.obj basecvt.obj fact.obj \
+ exptmod.obj pi.obj makeprime.obj karatsuba.obj gcd.obj invmod.obj lap.obj \
+ isprime.obj dec2hex.obj hex2dec.obj
+UTILS = $(UTILOBJS:.obj=.exe) 
+
+$(UTILS): %.exe : %.obj mpi.lib $(LIBS)
+	$(CC) $(CFLAGS) -Fo$@ $^ 
+
+$(UTILOBJS) $(EXTRAOBJS): %.obj : utils/%.c $(LIBHDRS)
+	$(CC) $(CFLAGS) -Fo$@ -c $<
+
+prng.exe: prng.obj bbs_rand.obj mpi.lib $(LIBS)
+	$(CC) $(CFLAGS) -Fo$@ $^
+
+bbsrand.exe: bbsrand.obj bbs_rand.obj mpi.lib $(LIBS)
+	$(CC) $(CFLAGS) -Fo$@ $^
+
+utils: $(UTILS) prng.exe bbsrand.exe
+
+#---------------------------------------
+
+test-info.c: test-arrays.txt
+	$(PERL) make-test-arrays test-arrays.txt > test-info.c
+
+mpi-test.obj: mpi-test.c test-info.c $(LIBHDRS)
+	$(CC) $(CFLAGS) -Fo$@ -c $<
+
+mpi-test.exe: mpi-test.obj mpi.lib $(LIBS)
+	$(CC) $(CFLAGS) -Fo$@ $^
+
+mdxptest.obj: mdxptest.c $(LIBHDRS) mpi-priv.h
+
+mdxptest.exe: mdxptest.obj mpi.lib $(LIBS)
+	$(CC) $(CFLAGS) -Fo$@ $^
+
+mulsqr.obj: mulsqr.c logtab.h mpi.h mpi-config.h mpprime.h 
+	$(CC) $(CFLAGS) -DMP_SQUARE=1 -Fo$@ -c mulsqr.c 
+
+mulsqr.exe: mulsqr.obj mpi.lib $(LIBS)
+	$(CC) $(CFLAGS) -Fo$@ $^
+
+#---------------------------------------
+
+alltests: tests utests mpi-test.exe
+
+tools: $(TOOLS)
+
+doc:
+	(cd doc; ./build)
+
+clean:
+	rm -f *.obj *.lib *.pdb *.ilk
+	cd utils; rm -f *.obj *.lib *.pdb *.ilk
+
+distclean: clean
+	rm -f mptest? mpi-test metime mulsqr karatsuba
+	rm -f mptest?a mptest?b
+	rm -f utils/mptest?
+	rm -f test-info.c logtab.h
+	rm -f mpi.lib
+	rm -f $(TOOLS)
+
+dist: Makefile $(HDRS) $(SRCS) $(DOCS)
+	tar -cvf mpi-$(VERS).tar Makefile $(HDRS) $(SRCS) $(DOCS)
+	pgps -ab mpi-$(VERS).tar
+	chmod +r mpi-$(VERS).tar.asc
+	gzip -9 mpi-$(VERS).tar
+
+
+print: 
+	@echo LIBOBJS = $(LIBOBJS)
+# END
diff --git a/security/nss/lib/freebl/mpi/Makefile.win b/security/nss/lib/freebl/mpi/Makefile.win
new file mode 100644
index 000000000..71ed4893b
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/Makefile.win
@@ -0,0 +1,280 @@
+#
+# Makefile.win - gmake Makefile for building MPI with MSVC on NT
+
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+#
+# The Initial Developer of the Original Code is
+# Michael J. Fromberger <sting@linguist.dartmouth.edu>.
+# Portions created by the Initial Developer are Copyright (C) 1998
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#   Netscape Communications Corporation
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+#
+# $Id$
+#
+
+## Define CC to be the C compiler you wish to use.  The GNU cc
+## compiler (gcc) should work, at the very least
+#CC=cc
+#CC=gcc
+CC=cl.exe
+AS=ml.exe
+
+## 
+## Define PERL to point to your local Perl interpreter.  It
+## should be Perl 5.x, although it's conceivable that Perl 4
+## might work ... I haven't tested it.
+##
+#PERL=/usr/bin/perl
+#PERL=perl
+
+##
+## Define CFLAGS to contain any local options your compiler
+## setup requires.
+##
+## Conditional compilation options are no longer here; see
+## the file 'mpi-config.h' instead.
+##
+MPICMN = -I. -DMP_API_COMPATIBLE -DMP_IOFUNC
+
+#NT
+AS_SRCS = mpi_x86.asm
+MPICMN += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -DMP_ASSEMBLY_DIV_2DX1D
+#CFLAGS= -Od -Z7 -MD -W3 -nologo -D_X86_ -DXP_PC \
+ -DDEBUG -D_DEBUG -UNDEBUG -DWIN32 -D_WINDOWS -DWIN95 $(MPICMN)
+#CFLAGS = -O2 -MD -W3 -nologo -D_X86_ -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG \
+ -DWIN32 -D_WINDOWS -DWIN95 $(MPICMN)
+#CFLAGS = -Od -Z7 -MD -W3 -nologo -D_X86_ -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG \
+ -DWIN32 -D_WINDOWS -DWIN95 $(MPICMN)
+CFLAGS = -O2 -Z7 -MD -W3 -nologo -D_X86_ -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG \
+ -DWIN32 -D_WINDOWS -DWIN95 $(MPICMN)
+ASFLAGS = -Cp -Sn -Zi -coff -I. 
+
+##
+## Define LIBS to include any libraries you need to link against.
+## If NO_TABLE is define, LIBS should include '-lm' or whatever is
+## necessary to bring in the math library.  Otherwise, it can be
+## left alone, unless your system has other peculiar requirements.
+##
+LIBS=#-lmalloc#-lefence#-lm
+
+## 
+## Define RANLIB to be the library header randomizer; you might not
+## need this on some systems (just set it to 'echo' on these systems,
+## such as IRIX)
+##
+RANLIB=echo
+
+##
+## This is the version string used for the documentation and 
+## building the distribution tarball.  Don't mess with it unless
+## you are releasing a new version
+VERS=1.7p6
+
+## ----------------------------------------------------------------------
+## You probably don't need to change anything below this line...
+##
+
+##
+## This is the list of source files that need to be packed into
+## the distribution file
+SRCS=   mpi.c mpprime.c mplogic.c mpmontg.c mpi-test.c primes.c tests/ \
+	utils/gcd.c utils/invmod.c utils/lap.c \
+	utils/ptab.pl utils/sieve.c utils/isprime.c\
+	utils/dec2hex.c utils/hex2dec.c utils/bbs_rand.c \
+	utils/bbsrand.c utils/prng.c utils/primegen.c \
+	utils/basecvt.c utils/makeprime.c\
+	utils/fact.c utils/exptmod.c utils/pi.c utils/metime.c \
+	utils/mpi.h utils/mpprime.h mulsqr.c \
+	make-test-arrays test-arrays.txt all-tests make-logtab \
+	types.pl stats timetest multest
+
+## These are the header files that go into the distribution file
+HDRS=mpi.h mpi-config.h utils/mpi.h utils/mpi-config.h mpprime.h mplogic.h \
+     utils/bbs_rand.h tests/mpi.h tests/mpprime.h
+
+## These are the documentation files that go into the distribution file
+DOCS=README doc utils/README utils/PRIMES 
+
+## This is the list of tools built by 'make tools'
+TOOLS=gcd.exe invmod.exe isprime.exe lap.exe dec2hex.exe hex2dec.exe \
+ primegen.exe prng.exe basecvt.exe fact.exe exptmod.exe pi.exe makeprime.exe
+
+AS_OBJS = $(AS_SRCS:.asm=.obj)
+LIBOBJS = mpprime.obj mpmontg.obj mplogic.obj mpi.obj $(AS_OBJS)
+LIBHDRS = mpi-config.h mpi-priv.h mpi.h
+APPHDRS = mpi-config.h mpi.h mplogic.h mpprime.h
+
+
+help:
+	@ echo ""
+	@ echo "The following targets can be built with this Makefile:"
+	@ echo ""
+	@ echo "mpi.lib     - arithmetic and prime testing library"
+	@ echo "mpi-test     - test driver (requires MP_IOFUNC)"
+	@ echo "tools        - command line tools"
+	@ echo "doc          - manual pages for tools"
+	@ echo "clean        - clean up objects and such"
+	@ echo "distclean    - get ready for distribution"
+	@ echo "dist         - distribution tarball"
+	@ echo ""
+
+.SUFFIXES: .c .obj .i .lib .exe .asm
+
+.c.i:
+	$(CC) $(CFLAGS) -E $< > $@
+
+.c.obj: 
+	$(CC) $(CFLAGS) -c $<
+
+.asm.obj:
+	$(AS) $(ASFLAGS) -c $<
+
+.obj.exe:
+	$(CC) $(CFLAGS) -Fo$@ $<
+
+#---------------------------------------
+
+$(LIBOBJS): $(LIBHDRS)
+
+logtab.h: make-logtab
+	$(PERL) make-logtab > logtab.h
+
+mpi.obj: mpi.c logtab.h $(LIBHDRS)
+
+mplogic.obj: mplogic.c mpi-priv.h mplogic.h $(LIBHDRS)
+
+mpmontg.obj: mpmontg.c mpi-priv.h mplogic.h mpprime.h $(LIBHDRS)
+
+mpprime.obj: mpprime.c mpi-priv.h mpprime.h mplogic.h primes.c $(LIBHDRS)
+
+mpi_mips.obj: mpi_mips.s
+	$(CC) -Fo$@ $(ASFLAGS) -c mpi_mips.s
+
+mpi.lib: $(LIBOBJS)
+	ar -cvr mpi.lib $(LIBOBJS)
+	$(RANLIB) mpi.lib
+
+lib libs: mpi.lib
+
+#---------------------------------------
+
+MPTESTOBJS = mptest1.obj mptest2.obj mptest3.obj mptest3a.obj mptest4.obj \
+ mptest4a.obj mptest4b.obj mptest6.obj mptest7.obj mptest8.obj mptest9.obj
+MPTESTS = $(MPTESTOBJS:.obj=.exe)
+
+$(MPTESTOBJS): mptest%.obj: tests/mptest-%.c $(LIBHDRS)
+	$(CC) $(CFLAGS) -Fo$@ -c $<
+
+$(MPTESTS): mptest%.exe: mptest%.obj mpi.lib $(LIBS)
+	$(CC) $(CFLAGS) -Fo$@ $^ 
+
+tests: mptest1.exe mptest2.exe mptest3.exe mptest3a.exe mptest4.exe \
+ mptest4a.exe mptest4b.exe mptest6.exe bbsrand.exe
+
+utests: mptest7.exe mptest8.exe mptest9.exe
+
+#---------------------------------------
+
+EXTRAOBJS = bbsrand.obj bbs_rand.obj prng.obj
+UTILOBJS = primegen.obj metime.obj identest.obj basecvt.obj fact.obj \
+ exptmod.obj pi.obj makeprime.obj karatsuba.obj gcd.obj invmod.obj lap.obj \
+ isprime.obj dec2hex.obj hex2dec.obj
+UTILS = $(UTILOBJS:.obj=.exe) 
+
+$(UTILS): %.exe : %.obj mpi.lib $(LIBS)
+	$(CC) $(CFLAGS) -Fo$@ $^ 
+
+$(UTILOBJS) $(EXTRAOBJS): %.obj : utils/%.c $(LIBHDRS)
+	$(CC) $(CFLAGS) -Fo$@ -c $<
+
+prng.exe: prng.obj bbs_rand.obj mpi.lib $(LIBS)
+	$(CC) $(CFLAGS) -Fo$@ $^
+
+bbsrand.exe: bbsrand.obj bbs_rand.obj mpi.lib $(LIBS)
+	$(CC) $(CFLAGS) -Fo$@ $^
+
+utils: $(UTILS) prng.exe bbsrand.exe
+
+#---------------------------------------
+
+test-info.c: test-arrays.txt
+	$(PERL) make-test-arrays test-arrays.txt > test-info.c
+
+mpi-test.obj: mpi-test.c test-info.c $(LIBHDRS)
+	$(CC) $(CFLAGS) -Fo$@ -c $<
+
+mpi-test.exe: mpi-test.obj mpi.lib $(LIBS)
+	$(CC) $(CFLAGS) -Fo$@ $^
+
+mdxptest.obj: mdxptest.c $(LIBHDRS) mpi-priv.h
+
+mdxptest.exe: mdxptest.obj mpi.lib $(LIBS)
+	$(CC) $(CFLAGS) -Fo$@ $^
+
+mulsqr.obj: mulsqr.c logtab.h mpi.h mpi-config.h mpprime.h 
+	$(CC) $(CFLAGS) -DMP_SQUARE=1 -Fo$@ -c mulsqr.c 
+
+mulsqr.exe: mulsqr.obj mpi.lib $(LIBS)
+	$(CC) $(CFLAGS) -Fo$@ $^
+
+#---------------------------------------
+
+alltests: tests utests mpi-test.exe
+
+tools: $(TOOLS)
+
+doc:
+	(cd doc; ./build)
+
+clean:
+	rm -f *.obj *.lib *.pdb *.ilk
+	cd utils; rm -f *.obj *.lib *.pdb *.ilk
+
+distclean: clean
+	rm -f mptest? mpi-test metime mulsqr karatsuba
+	rm -f mptest?a mptest?b
+	rm -f utils/mptest?
+	rm -f test-info.c logtab.h
+	rm -f mpi.lib
+	rm -f $(TOOLS)
+
+dist: Makefile $(HDRS) $(SRCS) $(DOCS)
+	tar -cvf mpi-$(VERS).tar Makefile $(HDRS) $(SRCS) $(DOCS)
+	pgps -ab mpi-$(VERS).tar
+	chmod +r mpi-$(VERS).tar.asc
+	gzip -9 mpi-$(VERS).tar
+
+
+print: 
+	@echo LIBOBJS = $(LIBOBJS)
+# END
diff --git a/security/nss/lib/freebl/mpi/README b/security/nss/lib/freebl/mpi/README
new file mode 100644
index 000000000..50ec394e4
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/README
@@ -0,0 +1,799 @@
+***** BEGIN LICENSE BLOCK *****
+Version: MPL 1.1/GPL 2.0/LGPL 2.1
+
+The contents of this file are subject to the Mozilla Public License Version
+1.1 (the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+http://www.mozilla.org/MPL/
+
+Software distributed under the License is distributed on an "AS IS" basis,
+WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+for the specific language governing rights and limitations under the
+License.
+
+The Original Code is the MPI Arbitrary Precision Integer Arithmetic
+library.
+
+The Initial Developer of the Original Code is
+Michael J. Fromberger <sting@linguist.dartmouth.edu>
+Portions created by the Initial Developer are Copyright (C) 1997-2000
+the Initial Developer. All Rights Reserved.
+
+Contributor(s):
+
+Alternatively, the contents of this file may be used under the terms of
+either the GNU General Public License Version 2 or later (the "GPL"), or
+the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+in which case the provisions of the GPL or the LGPL are applicable instead
+of those above. If you wish to allow use of your version of this file only
+under the terms of either the GPL or the LGPL, and not to allow others to
+use your version of this file under the terms of the MPL, indicate your
+decision by deleting the provisions above and replace them with the notice
+and other provisions required by the GPL or the LGPL. If you do not delete
+the provisions above, a recipient may use your version of this file under
+the terms of any one of the MPL, the GPL or the LGPL.
+
+***** END LICENSE BLOCK *****
+
+About the MPI Library
+---------------------
+
+The files 'mpi.h' and 'mpi.c' define a simple, arbitrary precision
+signed integer arithmetic package.  The implementation is not the most
+efficient possible, but the code is small and should be fairly easily
+portable to just about any machine that supports an ANSI C compiler,
+as long as it is capable of at least 16-bit arithmetic (but also see
+below for more on this).
+
+This library was written with an eye to cryptographic applications;
+thus, some care is taken to make sure that temporary values are not
+left lying around in memory when they are no longer in use.  This adds
+some overhead for zeroing buffers before they are released back into
+the free pool; however, it gives you the assurance that there is only
+one copy of your important values residing in your process's address
+space at a time.  Obviously, it is difficult to guarantee anything, in
+a pre-emptive multitasking environment, but this at least helps you
+keep a lid on the more obvious ways your data can get spread around in
+memory.
+
+
+Using the Library
+-----------------
+
+To use the MPI library in your program, you must include the header:
+
+#include "mpi.h"
+
+This header provides all the type and function declarations you'll
+need to use the library.  Almost all the names defined by the library
+begin with the prefix 'mp_', so it should be easy to keep them from
+clashing with your program's namespace (he says, glibly, knowing full
+well there are always pathological cases).
+
+There are a few things you may want to configure about the library.
+By default, the MPI library uses an unsigned short for its digit type,
+and an unsigned int for its word type.  The word type must be big
+enough to contain at least two digits, for the primitive arithmetic to
+work out.  On my machine, a short is 2 bytes and an int is 4 bytes --
+but if you have 64-bit ints, you might want to use a 4-byte digit and
+an 8-byte word.  I have tested the library using 1-byte digits and
+2-byte words, as well.  Whatever you choose to do, the things you need
+to change are:
+
+(1) The type definitions for mp_digit and mp_word.
+
+(2) The macro DIGIT_FMT which tells mp_print() how to display a
+    single digit.  This is just a printf() format string, so you
+    can adjust it appropriately.
+
+(3) The macros DIGIT_MAX and MP_WORD_MAX, which specify the 
+    largest value expressible in an mp_digit and an mp_word,
+    respectively.
+
+Both the mp_digit and mp_word should be UNSIGNED integer types.  The
+code relies on having the full positive precision of the type used for
+digits and words.
+
+The remaining type definitions should be left alone, for the most
+part.  The code in the library does not make any significant
+assumptions about the sizes of things, but there is little if any
+reason to change the other parameters, so I would recommend you leave
+them as you found them.
+
+The library comes with a Perl script, 'types.pl', which will scan your
+current Makefile settings, and attempt to find good definitions for
+these types.  It relies on a Unix sort of build environment, so it
+probably won't work under MacOS or Windows, but it can be convenient
+if you're porting to a new flavour of Unix.  Just run 'types.pl' at
+the command line, and it will spit out its results to the standard
+output.
+
+
+Conventions
+-----------
+
+Most functions in the library return a value of type mp_err.  This
+permits the library to communicate success or various kinds of failure
+to the calling program.  The return values currently defined are:
+
+        MP_OKAY         - okay, operation succeeded, all's well
+        MP_YES          - okay, the answer is yes (same as MP_OKAY)
+        MP_NO           - okay, but answer is no (not MP_OKAY)
+        MP_MEM          - operation ran out of memory
+        MP_RANGE        - input parameter was out of range
+        MP_BADARG       - an invalid input parameter was provided
+        MP_UNDEF        - no output value is defined for this input
+
+The only function which currently uses MP_UNDEF is mp_invmod().
+Division by zero is undefined, but the division functions will return
+MP_RANGE for a zero divisor.  MP_BADARG usually means you passed a
+bogus mp_int structure to the function.  MP_YES and MP_NO are not used
+by the library itself; they're defined so you can use them in your own
+extensions.
+
+If you need a readable interpretation of these error codes in your
+program, you may also use the mp_strerror() function.  This function
+takes an mp_err as input, and returns a pointer to a human-readable
+string describing the meaning of the error.  These strings are stored
+as constants within the library, so the caller should not attempt to
+modify or free the memory associated with these strings.
+
+The library represents values in signed-magnitude format.  Values
+strictly less than zero are negative, all others are considered
+positive (zero is positive by fiat).  You can access the 'sign' member
+of the mp_int structure directly, but better is to use the mp_cmp_z()
+function, to find out which side of zero the value lies on.
+
+Most arithmetic functions have a single-digit variant, as well as the
+full arbitrary-precision.  An mp_digit is an unsigned value between 0
+and DIGIT_MAX inclusive.  The radix is available as RADIX.  The number
+of bits in a given digit is given as DIGIT_BIT.
+
+Generally, input parameters are given before output parameters.
+Unless otherwise specified, any input parameter can be re-used as an
+output parameter, without confusing anything.
+
+The basic numeric type defined by the library is an mp_int.  Virtually
+all the functions in the library take a pointer to an mp_int as one of
+their parameters.  An explanation of how to create and use these
+<HR>
+<A NAME="p23">
+<H3>Problem 23:</H3>
+
+structures follows.  And so, without further ado...
+
+
+Initialization and Cleanup
+--------------------------
+
+The basic numeric type defined by the library is an 'mp_int'.
+However, it is not sufficient to simply declare a variable of type
+mp_int in your program.  These variables also need to be initialized
+before they can be used, to allocate the internal storage they require
+for computation.
+
+This is done using one of the following functions:
+
+        mp_init(mp_int *mp);
+        mp_init_copy(mp_int *mp, mp_int *from);
+        mp_init_size(mp_int *mp, mp_size p);
+
+Each of these requires a pointer to a structure of type mp_int.  The
+basic mp_init() simply initializes the mp_int to a default size, and
+sets its value to zero.  If you would like to initialize a copy of an
+existing mp_int, use mp_init_copy(), where the 'from' parameter is the
+mp_int you'd like to make a copy of.  The third function,
+mp_init_size(), permits you to specify how many digits of precision
+should be preallocated for your mp_int.  This can help the library
+avoid unnecessary re-allocations later on.
+
+The default precision used by mp_init() can be retrieved using:
+
+        precision = mp_get_prec();
+
+This returns the number of digits that will be allocated.  You can
+change this value by using:
+
+        mp_set_prec(unsigned int prec);
+
+Any positive value is acceptable -- if you pass zero, the default
+precision will be re-set to the compiled-in library default (this is
+specified in the header file 'mpi-config.h', and typically defaults to
+8 or 16).
+
+Just as you must allocate an mp_int before you can use it, you must
+clean up the structure when you are done with it.  This is performed
+using the mp_clear() function.  Remember that any mp_int that you
+create as a local variable in a function must be mp_clear()'d before
+that function exits, or else the memory allocated to that mp_int will
+be orphaned and unrecoverable.
+
+To set an mp_int to a given value, the following functions are given:
+
+        mp_set(mp_int *mp, mp_digit d);
+        mp_set_int(mp_int *mp, long z);
+
+The mp_set() function sets the mp_int to a single digit value, while
+mp_set_int() sets the mp_int to a signed long integer value.
+
+To set an mp_int to zero, use:
+
+        mp_zero(mp_int *mp);
+
+
+Copying and Moving
+------------------
+
+If you have two initialized mp_int's, and you want to copy the value
+of one into the other, use:
+
+        mp_copy(from, to)
+
+This takes care of clearing the old value of 'to', and copies the new
+value into it.  If 'to' is not yet initialized, use mp_init_copy()
+instead (see above).
+
+Note:   The library tries, whenever possible, to avoid allocating
+----    new memory.  Thus, mp_copy() tries first to satisfy the needs
+        of the copy by re-using the memory already allocated to 'to'.
+        Only if this proves insufficient will mp_copy() actually
+        allocate new memory.
+
+        For this reason, if you know a priori that 'to' has enough
+        available space to hold 'from', you don't need to check the
+        return value of mp_copy() for memory failure.  The USED()
+        macro tells you how many digits are used by an mp_int, and
+        the ALLOC() macro tells you how many are allocated.
+
+If you have two initialized mp_int's, and you want to exchange their
+values, use:
+
+        mp_exch(a, b)
+
+This is better than using mp_copy() with a temporary, since it will
+not (ever) touch the memory allocator -- it just swaps the exact
+contents of the two structures.  The mp_exch() function cannot fail;
+if you pass it an invalid structure, it just ignores it, and does
+nothing.
+
+
+Basic Arithmetic
+----------------
+
+Once you have initialized your integers, you can operate on them.  The
+basic arithmetic functions on full mp_int values are:
+
+mp_add(a, b, c)         - computes c = a + b
+mp_sub(a, b, c)         - computes c = a - b
+mp_mul(a, b, c)         - computes c = a * b
+mp_sqr(a, b)            - computes b = a * a
+mp_div(a, b, q, r)      - computes q, r such that a = bq + r
+mp_div_2d(a, d, q, r)   - computes q = a / 2^d, r = a % 2^d
+mp_expt(a, b, c)        - computes c = a ** b
+mp_2expt(a, k)          - computes a = 2^k
+mp_sqrt(a, c)           - computes c = floor(sqrt(a))
+
+The mp_div_2d() function efficiently computes division by powers of
+two.  Either the q or r parameter may be NULL, in which case that
+portion of the computation will be discarded.
+
+The algorithms used for some of the computations here are described in
+the following files which are included with this distribution:
+
+mul.txt         Describes the multiplication algorithm
+div.txt         Describes the division algorithm
+expt.txt        Describes the exponentiation algorithm
+sqrt.txt        Describes the square-root algorithm
+square.txt      Describes the squaring algorithm
+
+There are single-digit versions of most of these routines, as well.
+In the following prototypes, 'd' is a single mp_digit:
+
+mp_add_d(a, d, c)       - computes c = a + d
+mp_sub_d(a, d, c)       - computes c = a - d
+mp_mul_d(a, d, c)       - computes c = a * d
+mp_mul_2(a, c)          - computes c = a * 2
+mp_div_d(a, d, q, r)    - computes q, r such that a = bq + r
+mp_div_2(a, c)          - computes c = a / 2
+mp_expt_d(a, d, c)      - computes c = a ** d
+
+The mp_mul_2() and mp_div_2() functions take advantage of the internal
+representation of an mp_int to do multiplication by two more quickly
+than mp_mul_d() would.  Other basic functions of an arithmetic variety
+include:
+
+mp_zero(a)              - assign 0 to a
+mp_neg(a, c)            - negate a: c = -a
+mp_abs(a, c)            - absolute value: c = |a|
+
+
+Comparisons
+-----------
+
+Several comparison functions are provided.  Each of these, unless
+otherwise specified, returns zero if the comparands are equal, < 0 if
+the first is less than the second, and > 0 if the first is greater
+than the second:
+
+mp_cmp_z(a)             - compare a <=> 0
+mp_cmp_d(a, d)          - compare a <=> d, d is a single digit
+mp_cmp(a, b)            - compare a <=> b
+mp_cmp_mag(a, b)        - compare |a| <=> |b|
+mp_cmp_int(a, z)        - compare a <=> z, z is a signed long integer
+mp_isodd(a)             - return nonzero if odd, zero otherwise
+mp_iseven(a)            - return nonzero if even, zero otherwise
+
+
+Modular Arithmetic
+------------------
+
+Modular variations of the basic arithmetic functions are also
+supported.  These are available if the MP_MODARITH parameter in
+mpi-config.h is turned on (it is by default).  The modular arithmetic
+functions are:
+
+mp_mod(a, m, c)         - compute c = a (mod m), 0 <= c < m
+mp_mod_d(a, d, c)       - compute c = a (mod d), 0 <= c < d (see below)
+mp_addmod(a, b, m, c)   - compute c = (a + b) mod m
+mp_submod(a, b, m, c)   - compute c = (a - b) mod m
+mp_mulmod(a, b, m, c)   - compute c = (a * b) mod m
+mp_sqrmod(a, m, c)      - compute c = (a * a) mod m
+mp_exptmod(a, b, m, c)  - compute c = (a ** b) mod m
+mp_exptmod_d(a, d, m, c)- compute c = (a ** d) mod m
+
+The mp_sqr() function squares its input argument.  A call to mp_sqr(a,
+c) is identical in meaning to mp_mul(a, a, c); however, if the
+MP_SQUARE variable is set true in mpi-config.h (see below), then it
+will be implemented with a different algorithm, that is supposed to
+take advantage of the redundant computation that takes place during
+squaring.  Unfortunately, some compilers result in worse performance
+on this code, so you can change the behaviour at will.  There is a
+utility program "mulsqr.c" that lets you test which does better on
+your system.
+
+The mp_sqrmod() function is analogous to the mp_sqr() function; it
+uses the mp_sqr() function rather than mp_mul(), and then performs the
+modular reduction.  This probably won't help much unless you are doing
+a lot of them.
+
+See the file 'square.txt' for a synopsis of the algorithm used.
+
+Note:   The mp_mod_d() function computes a modular reduction around
+----    a single digit d.  The result is a single digit c.
+
+Because an inverse is defined for a (mod m) if and only if (a, m) = 1
+(that is, if a and m are relatively prime), mp_invmod() may not be
+able to compute an inverse for the arguments.  In this case, it
+returns the value MP_UNDEF, and does not modify c.  If an inverse is
+defined, however, it returns MP_OKAY, and sets c to the value of the
+inverse (mod m).
+
+See the file 'redux.txt' for a description of the modular reduction
+algorithm used by mp_exptmod().
+
+
+Greatest Common Divisor
+-----------------------
+
+If The greates common divisor of two values can be found using one of the
+following functions:
+
+mp_gcd(a, b, c)         - compute c = (a, b) using binary algorithm
+mp_lcm(a, b, c)         - compute c = [a, b] = ab / (a, b)
+mp_xgcd(a, b, g, x, y)  - compute g, x, y so that ax + by = g = (a, b)
+
+Also provided is a function to compute modular inverses, if they
+exist:
+
+mp_invmod(a, m, c)      - compute c = a^-1 (mod m), if it exists
+
+The function mp_xgcd() computes the greatest common divisor, and also
+returns values of x and y satisfying Bezout's identity.  This is used
+by mp_invmod() to find modular inverses.  However, if you do not need
+these values, you will find that mp_gcd() is MUCH more efficient,
+since it doesn't need all the intermediate values that mp_xgcd()
+requires in order to compute x and y. 
+
+The mp_gcd() (and mp_xgcd()) functions use the binary (extended) GCD
+algorithm due to Josef Stein.
+
+
+Input & Output Functions
+------------------------
+
+The following basic I/O routines are provided.  These are present at
+all times:
+
+mp_read_radix(mp, str, r)  - convert a string in radix r to an mp_int
+mp_read_raw(mp, s, len)    - convert a string of bytes to an mp_int
+mp_radix_size(mp, r)       - return length of buffer needed by mp_toradix()
+mp_raw_size(mp)            - return length of buffer needed by mp_toraw()
+mp_toradix(mp, str, r)     - convert an mp_int to a string of radix r 
+                             digits
+mp_toraw(mp, str)          - convert an mp_int to a string of bytes
+mp_tovalue(ch, r)          - convert ch to its value when taken as
+                             a radix r digit, or -1 if invalid
+mp_strerror(err)           - get a string describing mp_err value 'err'
+
+If you compile the MPI library with MP_IOFUNC defined, you will also
+have access to the following additional I/O function:
+
+mp_print(mp, ofp)       - print an mp_int as text to output stream ofp
+
+Note that mp_radix_size() returns a size in bytes guaranteed to be AT
+LEAST big enough for the digits output by mp_toradix().  Because it
+uses an approximation technique to figure out how many digits will be
+needed, it may return a figure which is larger than necessary.  Thus,
+the caller should not rely on the value to determine how many bytes
+will actually be written by mp_toradix().  The string mp_toradix()
+creates will be NUL terminated, so the standard C library function
+strlen() should be able to ascertain this for you, if you need it.
+
+The mp_read_radix() and mp_toradix() functions support bases from 2 to
+64 inclusive.  If you require more general radix conversion facilities
+than this, you will need to write them yourself (that's why mp_div_d()
+is provided, after all).
+
+Note:   mp_read_radix() will accept as digits either capital or 
+----    lower-case letters.  However, the current implementation of
+        mp_toradix() only outputs upper-case letters, when writing
+        bases betwee 10 and 36.  The underlying code supports using
+        lower-case letters, but the interface stub does not have a
+        selector for it.  You can add one yourself if you think it
+        is worthwhile -- I do not.  Bases from 36 to 64 use lower-
+        case letters as distinct from upper-case.  Bases 63 and
+        64 use the characters '+' and '/' as digits.
+
+        Note also that compiling with MP_IOFUNC defined will cause
+        inclusion of <stdio.h>, so if you are trying to write code
+        which does not depend on the standard C library, you will
+        probably want to avoid this option.  This is needed because
+        the mp_print() function takes a standard library FILE * as
+        one of its parameters, and uses the fprintf() function.
+
+The mp_toraw() function converts the integer to a sequence of bytes,
+in big-endian ordering (most-significant byte first).  Assuming your
+bytes are 8 bits wide, this corresponds to base 256.  The sign is
+encoded as a single leading byte, whose value is 0 for zero or
+positive values, or 1 for negative values.  The mp_read_raw() function
+reverses this process -- it takes a buffer of bytes, interprets the
+first as a sign indicator (0 = zero/positive, nonzero = negative), and
+the rest as a sequence of 1-byte digits in big-endian ordering.
+
+The mp_raw_size() function returns the exact number of bytes required
+to store the given integer in "raw" format (as described in the
+previous paragraph).  Zero is returned in case of error; a valid
+integer will require at least three bytes of storage.
+
+In previous versions of the MPI library, an "external representation
+format" was supported.  This was removed, however, because I found I
+was never using it, it was not as portable as I would have liked, and
+I decided it was a waste of space.
+
+
+Other Functions
+---------------
+
+The files 'mpprime.h' and 'mpprime.c' define some routines which are
+useful for divisibility testing and probabilistic primality testing.
+The routines defined are:
+
+mpp_divis(a, b)          - is a divisible by b?
+mpp_divis_d(a, d)        - is a divisible by digit d?
+mpp_random(a)            - set a to random value at current precision
+mpp_random_size(a, prec) - set a to random value at given precision
+
+Note:  The mpp_random() and mpp_random_size() functions use the C
+----   library's rand() function to generate random values.  It is
+       up to the caller to seed this generator before it is called.
+       These functions are not suitable for generating quantities
+       requiring cryptographic-quality randomness; they are intended
+       primarily for use in primality testing.
+
+       Note too that the MPI library does not call srand(), so your
+       application should do this, if you ever want the sequence
+       to change.
+
+mpp_divis_vector(a, v, s, w)  - is a divisible by any of the s digits
+                                in v?  If so, let w be the index of 
+                                that digit
+
+mpp_divis_primes(a, np)       - is a divisible by any of the first np
+                                primes?  If so, set np to the prime 
+                                which divided a.
+
+mpp_fermat(a, d)              - test if w^a = w (mod a).  If so, 
+                                returns MP_YES, otherwise MP_NO.
+
+mpp_pprime(a, nt)             - perform nt iterations of the Rabin-
+                                Miller probabilistic primality test
+                                on a.  Returns MP_YES if all tests
+                                passed, or MP_NO if any test fails.
+
+The mpp_fermat() function works based on Fermat's little theorem, a
+consequence of which is that if p is a prime, and (w, p) = 1, then:
+
+        w^p = w (mod p)
+
+Put another way, if w^p != w (mod p), then p is not prime.  The test
+is expensive to compute, but it helps to quickly eliminate an enormous
+class of composite numbers prior to Rabin-Miller testing.
+
+Building the Library
+--------------------
+
+The MPI library is designed to be as self-contained as possible.  You
+should be able to compile it with your favourite ANSI C compiler, and
+link it into your program directly.  If you are on a Unix system using
+the GNU C compiler (gcc), the following should work:
+
+% gcc -ansi -pedantic -Wall -O2 -c mpi.c
+
+The file 'mpi-config.h' defines several configurable parameters for
+the library, which you can adjust to suit your application.  At the
+time of this writing, the available options are:
+
+MP_IOFUNC       - Define true to include the mp_print() function, 
+                  which is moderately useful for debugging.  This
+                  implicitly includes <stdio.h>.
+
+MP_MODARITH     - Define true to include the modular arithmetic
+                  functions.  If you don't need modular arithmetic
+                  in your application, you can set this to zero to
+                  leave out all the modular routines.
+
+MP_NUMTH        - Define true to include number theoretic functions
+                  such as mp_gcd(), mp_lcm(), and mp_invmod().
+
+MP_LOGTAB       - If true, the file "logtab.h" is included, which
+                  is basically a static table of base 2 logarithms.
+                  These are used to compute how big the buffers for
+                  radix conversion need to be.  If you set this false,
+                  the library includes <math.h> and uses log().  This
+                  typically forces you to link against math libraries.
+
+MP_MEMSET       - If true, use memset() to zero buffers.  If you run
+                  into weird alignment related bugs, set this to zero
+                  and an explicit loop will be used.
+
+MP_MEMCPY       - If true, use memcpy() to copy buffers.  If you run
+                  into weird alignment bugs, set this to zero and an
+                  explicit loop will be used.
+
+MP_CRYPTO       - If true, whenever arrays of digits are free'd, they
+                  are zeroed first.  This is useful if you're using
+                  the library in a cryptographic environment; however,
+                  it does add overhead to each free operation.  For
+                  performance, if you don't care about zeroing your
+                  buffers, set this to false.
+
+MP_ARGCHK       - Set to 0, 1, or 2.  This defines how the argument
+                  checking macro, ARGCHK(), gets expanded.  If this 
+                  is set to zero, ARGCHK() expands to nothing; no 
+                  argument checks are performed.  If this is 1, the
+                  ARGCHK() macro expands to code that returns MP_BADARG
+                  or similar at runtime.  If it is 2, ARGCHK() expands 
+                  to an assert() call that aborts the program on a 
+                  bad input.
+
+MP_DEBUG        - Turns on debugging output.  This is probably not at
+                  all useful unless you are debugging the library.  It
+                  tends to spit out a LOT of output.
+
+MP_DEFPREC      - The default precision of a newly-created mp_int, in
+                  digits.  The precision can be changed at runtime by
+                  the mp_set_prec() function, but this is its initial
+                  value.
+
+MP_SQUARE       - If this is set to a nonzero value, the mp_sqr() 
+                  function will use an alternate algorithm that takes
+                  advantage of the redundant inner product computation
+                  when both multiplicands are identical.  Unfortunately,
+                  with some compilers this is actually SLOWER than just
+                  calling mp_mul() with the same argument twice.  So
+                  if you set MP_SQUARE to zero, mp_sqr() will be expan-
+                  ded into a call to mp_mul().  This applies to all 
+                  the uses of mp_sqr(), including mp_sqrmod() and the
+                  internal calls to s_mp_sqr() inside mpi.c
+
+                  The program 'mulsqr' (mulsqr.c) can be used to test
+                  which works best for your configuration.  Set up the
+                  CC and CFLAGS variables in the Makefile, then type:
+
+                        make mulsqr
+
+                  Invoke it with arguments similar to the following:
+
+                        mulsqr 25000 1024
+
+                  That is, 25000 products computed on 1024-bit values.
+                  The output will compare the two timings, and recommend
+                  a setting for MP_SQUARE.  It is off by default.
+
+If you would like to use the mp_print() function (see above), be sure
+to define MP_IOFUNC in mpi-config.h.  Many of the test drivers in the
+'tests' subdirectory expect this to be defined (although the test
+driver 'mpi-test' doesn't need it)
+
+The Makefile which comes with the library should take care of building
+the library for you, if you have set the CC and CFLAGS variables at
+the top of the file appropriately.  By default, they are set up to
+use the GNU C compiler:
+
+CC=gcc
+CFLAGS=-ansi -pedantic -Wall -O2
+
+If all goes well, the library should compile without warnings using
+this combination.  You should, of course, make whatever adjustments
+you find necessary.  
+
+The MPI library distribution comes with several additional programs
+which are intended to demonstrate the use of the library, and provide
+a framework for testing it.  There are a handful of test driver
+programs, in the files named 'mptest-X.c', where X is a digit.  Also,
+there are some simple command-line utilities (in the 'utils'
+directory) for manipulating large numbers.  These include:
+
+basecvt.c       A radix-conversion program, supporting bases from
+                2 to 64 inclusive.
+
+bbsrand.c       A BBS (quadratic residue) pseudo-random number 
+                generator.  The file 'bbsrand.c' is just the driver
+                for the program; the real code lives in the files
+                'bbs_rand.h' and 'bbs_rand.c'
+
+dec2hex.c       Converts decimal to hexadecimal
+
+gcd.c           Computes the greatest common divisor of two values.
+                If invoked as 'xgcd', also computes constants x and
+                y such that (a, b) = ax + by, in accordance with
+                Bezout's identity.
+
+hex2dec.c       Converts hexadecimal to decimal
+
+invmod.c        Computes modular inverses
+
+isprime.c       Performs the Rabin-Miller probabilistic primality
+                test on a number.  Values which fail this test are
+                definitely composite, and those which pass are very
+                likely to be prime (although there are no guarantees)
+
+lap.c           Computes the order (least annihilating power) of
+                a value v modulo m.  Very dumb algorithm.
+
+primegen.c      Generates large (probable) primes.
+
+prng.c          A pseudo-random number generator based on the
+                BBS generator code in 'bbs_rand.c'
+
+sieve.c         Implements the Sieve of Eratosthenes, using a big
+                bitmap, to generate a list of prime numbers.
+
+fact.c          Computes the factorial of an arbitrary precision
+                integer (iterative).
+
+exptmod.c       Computes arbitrary precision modular exponentiation
+                from the command line (exptmod a b m -> a^b (mod m))
+
+Most of these can be built from the Makefile that comes with the
+library.  Try 'make tools', if your environment supports it.  (If you
+are compiling on a Macintosh, I'm afraid you'll have to build them by
+hand -- fortunately, this is not difficult -- the library itself
+should compile just fine under Metrowerks CodeWarrior).
+
+
+Testing the Library
+-------------------
+
+Automatic test vectors are included, in the form of a program called
+'mpi-test'.  To build this program and run all the tests, simply
+invoke the shell script 'all-tests'.  If all the tests pass, you
+should see a message:
+
+        All tests passed
+
+If something went wrong, you'll get:
+
+        One or more tests failed.
+
+If this happens, scan back through the preceding lines, to see which
+test failed.  Any failure indicates a bug in the library, which needs
+to be fixed before it will give accurate results.  If you get any such
+thing, please let me know, and I'll try to fix it.  Please let me know
+what platform and compiler you were using, as well as which test
+failed.  If a reason for failure was given, please send me that text
+as well.
+
+If you're on a system such as the Macintosh, where the standard Unix
+build tools don't work, you can build the 'mpi-test' program manually,
+and run it by hand.  This is tedious and obnoxious, sorry.
+
+Further manual testing can be performed by building the manual testing
+programs, whose source is found in the 'tests' subdirectory.  Each
+test is in a source file called 'mptest-X.c'.  The Makefile contains a
+target to build all of them at once:
+
+        make tests
+
+Read the comments at the top of each source file to see what the
+driver is supposed to test.  You probably don't need to do this; these
+programs were only written to help me as I was developing the library.
+
+The relevant files are:
+
+mpi-test.c              The source for the test driver
+
+make-test-arrays        A Perl script to generate some of the internal
+                        data structures used by mpi-test.c
+
+test-arrays.txt         The source file for make-test-arrays
+
+all-tests               A Bourne shell script which runs all the
+                        tests in the mpi-test suite
+
+Running 'make mpi-test' should build the mpi-test program.  If you
+cannot use make, here is what needs to be done:
+
+(1) Use 'make-test-arrays' to generate the file 'test-info.c' from
+    the 'test-arrays.txt' file.  Since Perl can be found everywhere,
+    even on the Macintosh, this should be no trouble.  Under Unix, 
+    this looks like:
+
+        make-test-arrays test-arrays.txt > test-info.c
+
+(2) Build the MPI library:
+
+        gcc -ansi -pedantic -Wall -c mpi.c
+
+(3) Build the mpi-test program:
+
+        gcc -ansi -pedantic -Wall -o mpi-test mpi.o mpi-test.c
+
+When you've got mpi-test, you can use 'all-tests' to run all the tests
+made available by mpi-test.  If any of them fail, there should be a
+diagnostic indicating what went wrong.  These are fairly high-level
+diagnostics, and won't really help you debug the problem; they're
+simply intended to help you isolate which function caused the problem.
+If you encounter a problem of this sort, feel free to e-mail me, and I
+will certainly attempt to help you debug it.
+
+Note:   Several of the tests hard-wired into 'mpi-test' operate under
+----    the assumption that you are using at least a 16-bit mp_digit 
+        type.  If that is not true, several tests might fail, because 
+        of range problems with the maximum digit value.
+
+        If you are using an 8-bit digit, you will also need to 
+        modify the code for mp_read_raw(), which assumes that
+        multiplication by 256 can be done with mp_mul_d(), a
+        fact that fails when DIGIT_MAX is 255.  You can replace
+        the call with s_mp_lshd(), which will give you the same
+        effect, and without doing as much work. :)
+
+Acknowledgements:
+----------------
+
+The algorithms used in this library were drawn primarily from Volume
+2 of Donald Knuth's magnum opus, _The Art of Computer Programming_, 
+"Semi-Numerical Methods".  Barrett's algorithm for modular reduction
+came from Menezes, Oorschot, and Vanstone's _Handbook of Applied
+Cryptography_, Chapter 14.
+
+Thanks are due to Tom St. Denis, for finding an obnoxious sign-related
+bug in mp_read_raw() that made things break on platforms which use
+signed chars.
+
+About the Author
+----------------
+
+This software was written by Michael J. Fromberger.  You can contact
+the author as follows:
+
+E-mail:   <sting@linguist.dartmouth.edu>
+
+Postal:   8000 Cummings Hall, Thayer School of Engineering
+          Dartmouth College, Hanover, New Hampshire, USA
+
+PGP key:  http://linguist.dartmouth.edu/~sting/keys/mjf.html
+          9736 188B 5AFA 23D6 D6AA  BE0D 5856 4525 289D 9907
+
+Last updated:  16-Jan-2000
diff --git a/security/nss/lib/freebl/mpi/all-tests b/security/nss/lib/freebl/mpi/all-tests
new file mode 100755
index 000000000..5177e0a80
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/all-tests
@@ -0,0 +1,115 @@
+#!/bin/sh
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+#
+# The Initial Developer of the Original Code is
+# Michael J. Fromberger <sting@linguist.dartmouth.edu>.
+# Portions created by the Initial Developer are Copyright (C) 1997
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+ECHO=/bin/echo
+MAKE=gmake
+
+$ECHO "\n** Running unit tests for MPI library\n"
+
+# Build the mpi-test program, which comprises all the unit tests for
+# the MPI library...
+
+$ECHO "Bringing mpi-test up to date ... "
+if $MAKE mpi-test ; then
+  :
+else
+  $ECHO " "
+  $ECHO "Make failed to build mpi-test."
+  $ECHO " "
+  exit 1
+fi
+
+if [ ! -x mpi-test ] ; then
+  $ECHO " "
+  $ECHO "Cannot find 'mpi-test' program, testing cannot continue."
+  $ECHO " "
+  exit 1
+fi
+
+# Get the list of available test suites...
+tests=`mpi-test list | awk '{print $1}'`
+errs=0
+
+# Run each test suite and check the result code of mpi-test
+for test in $tests ; do
+  $ECHO "$test ... \c"
+  if mpi-test $test ; then
+    $ECHO "passed"
+  else
+    $ECHO "FAILED"
+    errs=1
+  fi
+done
+
+# If any tests failed, we'll stop at this point
+if [ "$errs" = "0" ] ; then
+  $ECHO "All unit tests passed"
+else
+  $ECHO "One or more tests failed"
+  exit 1
+fi
+
+# Now try to build the 'pi' program, and see if it can compute the
+# first thousand digits of pi correctly
+$ECHO "\n** Running other tests\n"
+
+$ECHO "Bringing 'pi' up to date ... "
+if $MAKE pi ; then
+    :
+else
+    $ECHO "\nMake failed to build pi.\n"
+    exit 1
+fi
+
+if [ ! -x pi ] ; then
+    $ECHO "\nCannot find 'pi' program; testing cannot continue.\n"
+    exit 1
+fi
+
+./pi 2000 > /tmp/pi.tmp.$$
+if cmp tests/pi2k.txt /tmp/pi.tmp.$$ ; then
+    $ECHO "Okay!  The pi test passes."
+else
+    $ECHO "Oops!  The pi test failed. :("
+    exit 1
+fi
+
+rm -f /tmp/pi.tmp.$$
+
+exit 0
+
+# Here there be dragons
diff --git a/security/nss/lib/freebl/mpi/doc/LICENSE b/security/nss/lib/freebl/mpi/doc/LICENSE
new file mode 100644
index 000000000..35cca68ce
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/doc/LICENSE
@@ -0,0 +1,11 @@
+Within this directory, each of the file listed below is licensed under 
+the terms given in the file LICENSE-MPL, also in this directory.
+
+basecvt.pod
+gcd.pod
+invmod.pod
+isprime.pod
+lap.pod
+mpi-test.pod
+prime.txt
+prng.pod
diff --git a/security/nss/lib/freebl/mpi/doc/LICENSE-MPL b/security/nss/lib/freebl/mpi/doc/LICENSE-MPL
new file mode 100644
index 000000000..d1f78f522
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/doc/LICENSE-MPL
@@ -0,0 +1,35 @@
+***** BEGIN LICENSE BLOCK *****
+Version: MPL 1.1/GPL 2.0/LGPL 2.1
+
+The contents of this file are subject to the Mozilla Public License Version
+1.1 (the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+http://www.mozilla.org/MPL/
+
+Software distributed under the License is distributed on an "AS IS" basis,
+WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+for the specific language governing rights and limitations under the
+License.
+
+The Original Code is the Netscape security libraries.
+
+The Initial Developer of the Original Code is Netscape
+Communications Corporation.  Portions created by Netscape are 
+Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+Rights Reserved.
+
+Contributor(s):
+
+Alternatively, the contents of this file may be used under the terms of
+either the GNU General Public License Version 2 or later (the "GPL"), or
+the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+in which case the provisions of the GPL or the LGPL are applicable instead
+of those above. If you wish to allow use of your version of this file only
+under the terms of either the GPL or the LGPL, and not to allow others to
+use your version of this file under the terms of the MPL, indicate your
+decision by deleting the provisions above and replace them with the notice
+and other provisions required by the GPL or the LGPL. If you do not delete
+the provisions above, a recipient may use your version of this file under
+the terms of any one of the MPL, the GPL or the LGPL.
+
+***** END LICENSE BLOCK *****
diff --git a/security/nss/lib/freebl/mpi/doc/basecvt.pod b/security/nss/lib/freebl/mpi/doc/basecvt.pod
new file mode 100644
index 000000000..5c072ccd6
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/doc/basecvt.pod
@@ -0,0 +1,63 @@
+=head1 NAME
+
+ basecvt - radix conversion for arbitrary precision integers
+
+=head1 SYNOPSIS
+
+ basecvt <ibase> <obase> [values]
+
+=head1 DESCRIPTION
+
+The B<basecvt> program is a command-line tool for converting integers
+of arbitrary precision from one radix to another.  The current version
+supports radix values from 2 (binary) to 64, inclusive.  The first two
+command line arguments specify the input and output radix, in base 10.
+Any further arguments are taken to be integers notated in the input
+radix, and these are converted to the output radix.  The output is
+written, one integer per line, to standard output.
+
+When reading integers, only digits considered "valid" for the input
+radix are considered.  Processing of an integer terminates when an
+invalid input digit is encountered.  So, for example, if you set the
+input radix to 10 and enter '10ACF', B<basecvt> would assume that you
+had entered '10' and ignore the rest of the string.
+
+If no values are provided, no output is written, but the program
+simply terminates with a zero exit status.  Error diagnostics are
+written to standard error in the event of out-of-range radix
+specifications.  Regardless of the actual values of the input and
+output radix, the radix arguments are taken to be in base 10 (decimal)
+notation.
+
+=head1 DIGITS
+
+For radices from 2-10, standard ASCII decimal digits 0-9 are used for
+both input and output.  For radices from 11-36, the ASCII letters A-Z
+are also included, following the convention used in hexadecimal.  In
+this range, input is accepted in either upper or lower case, although
+on output only lower-case letters are used.
+
+For radices from 37-62, the output includes both upper- and lower-case
+ASCII letters, and case matters.  In this range, case is distinguished
+both for input and for output values.
+
+For radices 63 and 64, the characters '+' (plus) and '/' (forward
+solidus) are also used.  These are derived from the MIME base64
+encoding scheme.  The overall encoding is not the same as base64,
+because the ASCII digits are used for the bottom of the range, and the
+letters are shifted upward; however, the output will consist of the
+same character set.
+
+This input and output behaviour is inherited from the MPI library used
+by B<basecvt>, and so is not configurable at runtime.
+
+=head1 SEE ALSO
+
+ dec2hex(1), hex2dec(1)
+
+=head1 AUTHOR
+
+ Michael J. Fromberger <sting@linguist.dartmouth.edu>
+ Thayer School of Engineering, Hanover, New Hampshire, USA
+
+ $Date$
diff --git a/security/nss/lib/freebl/mpi/doc/build b/security/nss/lib/freebl/mpi/doc/build
new file mode 100755
index 000000000..64a2e6ac9
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/doc/build
@@ -0,0 +1,66 @@
+#!/bin/sh
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+#
+# The Initial Developer of the Original Code is
+# Michael J. Fromberger <sting@linguist.dartmouth.edu>.
+# Portions created by the Initial Developer are Copyright (C) 1998
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#   Netscape Communications Corporation
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+# $Id$
+#
+
+VERS="1.7p6"
+SECT="1"
+NAME="MPI Tools"
+
+echo "Building manual pages ..."
+case $# in
+  0)
+    files=`ls *.pod`
+    ;;
+  *)
+    files=$*
+    ;;
+esac
+
+for name in $files
+do
+   echo -n "$name ... "
+#  sname=`noext $name`
+   sname=`basename $name .pod`
+   pod2man --section="$SECT" --center="$NAME" --release="$VERS" $name > $sname.$SECT
+   echo "(done)"
+done
+
+echo "Finished building."
+
diff --git a/security/nss/lib/freebl/mpi/doc/div.txt b/security/nss/lib/freebl/mpi/doc/div.txt
new file mode 100644
index 000000000..aaf4e14b8
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/doc/div.txt
@@ -0,0 +1,101 @@
+Division
+
+This describes the division algorithm used by the MPI library.
+
+Input:    a, b; a > b
+Compute:  Q, R; a = Qb + R
+
+The input numbers are normalized so that the high-order digit of b is
+at least half the radix.  This guarantees that we have a reasonable
+way to guess at the digits of the quotient (this method was taken from
+Knuth, vol. 2, with adaptations).
+
+To normalize, test the high-order digit of b.  If it is less than half
+the radix, multiply both a and b by d, where:
+
+             radix - 1
+	d = -----------
+              bmax + 1
+
+...where bmax is the high-order digit of b.  Otherwise, set d = 1.
+
+Given normalize values for a and b, let the notation a[n] denote the
+nth digit of a.  Let #a be the number of significant figures of a (not
+including any leading zeroes).
+
+	Let R = 0
+	Let p = #a - 1
+
+	while(p >= 0)
+	  do
+	    R = (R * radix) + a[p]
+	    p = p - 1
+	  while(R < b and p >= 0)
+
+	  if(R < b)
+	    break
+
+	  q = (R[#R - 1] * radix) + R[#R - 2]
+	  q = q / b[#b - 1]
+
+	  T = b * q
+
+	  while(T > L)
+	    q = q - 1
+	    T = T - b
+	  endwhile
+
+	  L = L - T
+
+	  Q = (Q * radix) + q
+
+	endwhile
+
+At this point, Q is the quotient, and R is the normalized remainder.
+To denormalize R, compute:
+
+	R = (R / d)
+
+At this point, you are finished.
+
+------------------------------------------------------------------
+***** BEGIN LICENSE BLOCK *****
+Version: MPL 1.1/GPL 2.0/LGPL 2.1
+
+The contents of this file are subject to the Mozilla Public License Version 
+1.1 (the "License"); you may not use this file except in compliance with 
+the License. You may obtain a copy of the License at 
+http://www.mozilla.org/MPL/
+
+Software distributed under the License is distributed on an "AS IS" basis,
+WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+for the specific language governing rights and limitations under the
+License.
+
+The Original Code is the MPI Arbitrary Precision Integer Arithmetic
+library.
+
+The Initial Developer of the Original Code is
+Michael J. Fromberger <sting@linguist.dartmouth.edu>
+Portions created by the Initial Developer are Copyright (C) 1998, 2000
+the Initial Developer. All Rights Reserved.
+
+Contributor(s):
+
+Alternatively, the contents of this file may be used under the terms of
+either the GNU General Public License Version 2 or later (the "GPL"), or
+the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+in which case the provisions of the GPL or the LGPL are applicable instead
+of those above. If you wish to allow use of your version of this file only
+under the terms of either the GPL or the LGPL, and not to allow others to
+use your version of this file under the terms of the MPL, indicate your
+decision by deleting the provisions above and replace them with the notice
+and other provisions required by the GPL or the LGPL. If you do not delete
+the provisions above, a recipient may use your version of this file under
+the terms of any one of the MPL, the GPL or the LGPL.
+
+***** END LICENSE BLOCK *****
+
+$Id$
+
+
diff --git a/security/nss/lib/freebl/mpi/doc/expt.txt b/security/nss/lib/freebl/mpi/doc/expt.txt
new file mode 100644
index 000000000..cea9dcc58
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/doc/expt.txt
@@ -0,0 +1,132 @@
+Exponentiation
+
+For exponentiation, the MPI library uses a simple and fairly standard
+square-and-multiply method.  The algorithm is this:
+
+Input:	a, b
+Output: a ** b
+
+	s = 1
+
+	while(b != 0)
+	  if(b is odd)
+	    s = s * a
+	  endif
+
+	  b = b / 2
+
+	  x = x * x
+	endwhile
+
+	return s
+
+The modular exponentiation is done the same way, except replacing:
+
+	s = s * a
+
+with
+	s = (s * a) mod m
+
+and replacing
+
+	x = x * x
+
+with
+
+	x = (x * x) mod m
+
+Here is a sample exponentiation using the MPI library, as compared to
+the same problem solved by the Unix 'bc' program on my system:
+
+Computation of 2,381,283 ** 235
+
+'bc' says:
+
+4385CA4A804D199FBEAD95FAD0796FAD0D0B51FC9C16743C45568C789666985DB719\
+4D90E393522F74C9601262C0514145A49F3B53D00983F95FDFCEA3D0043ECEF6227E\
+6FB59C924C3EE74447B359B5BF12A555D46CB819809EF423F004B55C587D6F0E8A55\
+4988036A42ACEF9F71459F97CEF6E574BD7373657111648626B1FF8EE15F663B2C0E\
+6BBE5082D4CDE8E14F263635AE8F35DB2C280819517BE388B5573B84C5A19C871685\
+FD408A6471F9D6AFAF5129A7548EAE926B40874B340285F44765BF5468CE20A13267\
+CD88CE6BC786ACED36EC7EA50F67FF27622575319068A332C3C0CB23E26FB55E26F4\
+5F732753A52B8E2FB4D4F42D894242613CA912A25486C3DEC9C66E5DB6182F6C1761\
+CF8CD0D255BE64B93836B27D452AE38F950EB98B517D4CF50D48F0165EF0CCCE1F5C\
+49BF18219FDBA0EEDD1A7E8B187B70C2BAED5EC5C6821EF27FAFB1CFF70111C52235\
+5E948B93A015AA1AE152B110BB5658CB14D3E45A48BFE7F082C1182672A455A695CD\
+A1855E8781E625F25B41B516E77F589FA420C3B058861EA138CF7A2C58DB3C7504FD\
+D29554D78237834CC5AE710D403CC4F6973D5012B7E117A8976B14A0B5AFA889BD47\
+92C461F0F96116F00A97AE9E83DC5203680CAF9A18A062566C145650AB86BE4F907F\
+A9F7AB4A700B29E1E5BACCD6DCBFA513E10832815F710807EED2E279081FEC61D619\
+AB270BEB3D3A1787B35A9DD41A8766CF21F3B5C693B3BAB1C2FA14A4ED202BC35743\
+E5CBE2391624D4F8C9BFBBC78D69764E7C6C5B11BF005677BFAD17D9278FFC1F158F\
+1B3683FF7960FA0608103792C4163DC0AF3E06287BB8624F8FE3A0FFBDF82ACECA2F\
+CFFF2E1AC93F3CA264A1B
+
+MPI says:
+
+4385CA4A804D199FBEAD95FAD0796FAD0D0B51FC9C16743C45568C789666985DB719\
+4D90E393522F74C9601262C0514145A49F3B53D00983F95FDFCEA3D0043ECEF6227E\
+6FB59C924C3EE74447B359B5BF12A555D46CB819809EF423F004B55C587D6F0E8A55\
+4988036A42ACEF9F71459F97CEF6E574BD7373657111648626B1FF8EE15F663B2C0E\
+6BBE5082D4CDE8E14F263635AE8F35DB2C280819517BE388B5573B84C5A19C871685\
+FD408A6471F9D6AFAF5129A7548EAE926B40874B340285F44765BF5468CE20A13267\
+CD88CE6BC786ACED36EC7EA50F67FF27622575319068A332C3C0CB23E26FB55E26F4\
+5F732753A52B8E2FB4D4F42D894242613CA912A25486C3DEC9C66E5DB6182F6C1761\
+CF8CD0D255BE64B93836B27D452AE38F950EB98B517D4CF50D48F0165EF0CCCE1F5C\
+49BF18219FDBA0EEDD1A7E8B187B70C2BAED5EC5C6821EF27FAFB1CFF70111C52235\
+5E948B93A015AA1AE152B110BB5658CB14D3E45A48BFE7F082C1182672A455A695CD\
+A1855E8781E625F25B41B516E77F589FA420C3B058861EA138CF7A2C58DB3C7504FD\
+D29554D78237834CC5AE710D403CC4F6973D5012B7E117A8976B14A0B5AFA889BD47\
+92C461F0F96116F00A97AE9E83DC5203680CAF9A18A062566C145650AB86BE4F907F\
+A9F7AB4A700B29E1E5BACCD6DCBFA513E10832815F710807EED2E279081FEC61D619\
+AB270BEB3D3A1787B35A9DD41A8766CF21F3B5C693B3BAB1C2FA14A4ED202BC35743\
+E5CBE2391624D4F8C9BFBBC78D69764E7C6C5B11BF005677BFAD17D9278FFC1F158F\
+1B3683FF7960FA0608103792C4163DC0AF3E06287BB8624F8FE3A0FFBDF82ACECA2F\
+CFFF2E1AC93F3CA264A1B
+
+Diff says:
+% diff bc.txt mp.txt
+%
+
+------------------------------------------------------------------
+***** BEGIN LICENSE BLOCK *****
+Version: MPL 1.1/GPL 2.0/LGPL 2.1
+
+The contents of this file are subject to the Mozilla Public License Version 
+1.1 (the "License"); you may not use this file except in compliance with 
+the License. You may obtain a copy of the License at 
+http://www.mozilla.org/MPL/
+
+Software distributed under the License is distributed on an "AS IS" basis,
+WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+for the specific language governing rights and limitations under the
+License.
+
+The Original Code is the MPI Arbitrary Precision Integer Arithmetic
+library.
+
+The Initial Developer of the Original Code is
+Michael J. Fromberger <sting@linguist.dartmouth.edu>
+Portions created by the Initial Developer are Copyright (C) 1998, 2000
+the Initial Developer. All Rights Reserved.
+
+Contributor(s):
+
+Alternatively, the contents of this file may be used under the terms of
+either the GNU General Public License Version 2 or later (the "GPL"), or
+the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+in which case the provisions of the GPL or the LGPL are applicable instead
+of those above. If you wish to allow use of your version of this file only
+under the terms of either the GPL or the LGPL, and not to allow others to
+use your version of this file under the terms of the MPL, indicate your
+decision by deleting the provisions above and replace them with the notice
+and other provisions required by the GPL or the LGPL. If you do not delete
+the provisions above, a recipient may use your version of this file under
+the terms of any one of the MPL, the GPL or the LGPL.
+
+***** END LICENSE BLOCK *****
+
+$Id$
+
+
+
diff --git a/security/nss/lib/freebl/mpi/doc/gcd.pod b/security/nss/lib/freebl/mpi/doc/gcd.pod
new file mode 100644
index 000000000..53b955f7e
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/doc/gcd.pod
@@ -0,0 +1,27 @@
+=head1 NAME
+
+ gcd - compute greatest common divisor of two integers
+
+=head1 SYNOPSIS
+
+ gcd <a> <b>
+
+=head1 DESCRIPTION
+
+The B<gcd> program computes the greatest common divisor of two
+arbitrary-precision integers I<a> and I<b>.  The result is written in
+standard decimal notation to the standard output.
+
+If I<b> is zero, B<gcd> will print an error message and exit.
+
+=head1 SEE ALSO
+
+invmod(1), isprime(1), lap(1)
+
+=head1 AUTHOR
+
+ Michael J. Fromberger <sting@linguist.dartmouth.edu>
+ Thayer School of Engineering, Hanover, New Hampshire, USA
+ 
+ $Date$
+
diff --git a/security/nss/lib/freebl/mpi/doc/invmod.pod b/security/nss/lib/freebl/mpi/doc/invmod.pod
new file mode 100644
index 000000000..faa8f9d0c
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/doc/invmod.pod
@@ -0,0 +1,33 @@
+=head1 NAME
+
+ invmod - compute modular inverse of an integer
+
+=head1 SYNOPSIS
+
+ invmod <a> <m>
+
+=head1 DESCRIPTION
+
+The B<invmod> program computes the inverse of I<a>, modulo I<m>, if
+that inverse exists.  Both I<a> and I<m> are arbitrary-precision
+integers in decimal notation.  The result is written in standard
+decimal notation to the standard output.
+
+If there is no inverse, the message:
+
+ No inverse
+
+...will be printed to the standard output (an inverse exists if and
+only if the greatest common divisor of I<a> and I<m> is 1).
+
+=head1 SEE ALSO
+
+gcd(1), isprime(1), lap(1)
+
+=head1 AUTHOR
+
+ Michael J. Fromberger <sting@linguist.dartmouth.edu>
+ Thayer School of Engineering, Hanover, New Hampshire, USA
+ 
+ $Date$
+
diff --git a/security/nss/lib/freebl/mpi/doc/isprime.pod b/security/nss/lib/freebl/mpi/doc/isprime.pod
new file mode 100644
index 000000000..a17c1c1bd
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/doc/isprime.pod
@@ -0,0 +1,62 @@
+=head1 NAME
+
+ isprime - probabilistic primality testing
+
+=head1 SYNOPSIS
+
+ isprime <a>
+
+=head1 DESCRIPTION
+
+The B<isprime> program attempts to determine whether the arbitrary
+precision integer I<a> is prime.  It first tests I<a> for divisibility
+by the first 170 or so small primes, and assuming I<a> is not
+divisible by any of these, applies 15 iterations of the Rabin-Miller
+probabilistic primality test.
+
+If the program discovers that the number is composite, it will print:
+
+ Not prime (reason)
+
+Where I<reason> is either:
+
+	divisible by small prime x
+
+Or:
+
+	failed nth pseudoprime test
+
+In the first case, I<x> indicates the first small prime factor that
+was found.  In the second case, I<n> indicates which of the
+pseudoprime tests failed (numbered from 1)
+
+If this happens, the number is definitely not prime.  However, if the
+number succeeds, this message results:
+
+ Probably prime, 1 in 4^15 chance of false positive
+
+If this happens, the number is prime with very high probability, but
+its primality has not been absolutely proven, only demonstrated to a
+very convincing degree.
+
+The value I<a> can be input in standard decimal notation, or, if it is
+prefixed with I<Ox>, it will be read as hexadecimal.
+
+=head1 ENVIRONMENT
+
+You can control how many iterations of Rabin-Miller are performed on
+the candidate number by setting the I<RM_TESTS> environment variable
+to an integer value before starting up B<isprime>.  This will change
+the output slightly if the number passes all the tests.
+
+=head1 SEE ALSO
+
+gcd(1), invmod(1), lap(1)
+
+=head1 AUTHOR
+
+ Michael J. Fromberger <sting@linguist.dartmouth.edu>
+ Thayer School of Engineering, Hanover, New Hampshire, USA
+ 
+ $Date$
+
diff --git a/security/nss/lib/freebl/mpi/doc/lap.pod b/security/nss/lib/freebl/mpi/doc/lap.pod
new file mode 100644
index 000000000..ac100639b
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/doc/lap.pod
@@ -0,0 +1,35 @@
+=head1 NAME
+
+ lap - compute least annihilating power of a number
+
+=head1 SYNOPSIS
+
+ lap <a> <m>
+
+=head1 DESCRIPTION
+
+The B<lap> program computes the order of I<a> modulo I<m>, for
+arbitrary precision integers I<a> and I<m>.  The B<order> of I<a>
+modulo I<m> is defined as the smallest positive value I<n> for which
+I<a> raised to the I<n>th power, modulo I<m>, is equal to 1.  The
+order may not exist, if I<m> is composite.
+
+=head1 RESTRICTIONS
+
+This program is very slow, especially for large moduli.  It is
+intended as a way to help find primitive elements in a modular field,
+but it does not do so in a particularly inefficient manner.  It was
+written simply to help verify that a particular candidate does not
+have an obviously short cycle mod I<m>.
+
+=head1 SEE ALSO
+
+gcd(1), invmod(1), isprime(1)
+
+=head1 AUTHOR
+
+ Michael J. Fromberger <sting@linguist.dartmouth.edu>
+ Thayer School of Engineering, Hanover, New Hampshire, USA
+ 
+ $Date$
+
diff --git a/security/nss/lib/freebl/mpi/doc/mpi-test.pod b/security/nss/lib/freebl/mpi/doc/mpi-test.pod
new file mode 100644
index 000000000..16050f09f
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/doc/mpi-test.pod
@@ -0,0 +1,49 @@
+=head1 NAME
+
+ mpi-test - automated test program for MPI library
+
+=head1 SYNOPSIS
+
+ mpi-test <suite-name> [quiet]
+ mpi-test list
+ mpi-test help
+
+=head1 DESCRIPTION
+
+The B<mpi-test> program is a general unit test driver for the MPI
+library.  It is used to verify that the library works as it is
+supposed to on your architecture.  As with most such things, passing
+all the tests in B<mpi-test> does not guarantee the code is correct,
+but if any of them fail, there are certainly problems.
+
+Each major function of the library can be tested individually.  For a
+list of the test suites understood by B<mpi-test>, run it with the
+I<list> command line option:
+
+ mpi-test list
+
+This will display a list of the available test suites and a brief
+synopsis of what each one does.  For a brief overview of this
+document, run B<mpi-test> I<help>.
+
+B<mpi-test> exits with a zero status if the selected test succeeds, or
+a nonzero status if it fails.  If a I<suite-name> which is not
+understood by B<mpi-test> is given, a diagnostic is printed to the
+standard error, and the program exits with a result code of 2.  If a
+test fails, the result code will be 1, and a diagnostic is ordinarily
+printed to the standard error.  However, if the I<quiet> option is
+provided, these diagnostics will be suppressed.
+
+=head1 RESTRICTIONS
+
+Only a few canned test cases are provided.  The solutions have been
+verified using the GNU bc(1) program, so bugs there may cause problems
+here; however, this is very unlikely, so if a test fails, it is almost
+certainly my fault, not bc(1)'s.
+
+=head1 AUTHOR
+
+ Michael J. Fromberger <sting@linguist.dartmouth.edu>
+ Thayer School of Engineering, Hanover, New Hampshire, USA
+ 
+ $Date$
diff --git a/security/nss/lib/freebl/mpi/doc/mul.txt b/security/nss/lib/freebl/mpi/doc/mul.txt
new file mode 100644
index 000000000..01464f251
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/doc/mul.txt
@@ -0,0 +1,114 @@
+Multiplication
+
+This describes the multiplication algorithm used by the MPI library.
+
+This is basically a standard "schoolbook" algorithm.  It is slow --
+O(mn) for m = #a, n = #b -- but easy to implement and verify.
+Basically, we run two nested loops, as illustrated here (R is the
+radix):
+
+k = 0
+for j <- 0 to (#b - 1)
+  for i <- 0 to (#a - 1)
+    w = (a[j] * b[i]) + k + c[i+j]
+    c[i+j] = w mod R
+    k = w div R
+  endfor
+  c[i+j] = k;
+  k = 0;
+endfor
+
+It is necessary that 'w' have room for at least two radix R digits.
+The product of any two digits in radix R is at most:
+
+	(R - 1)(R - 1) = R^2 - 2R + 1
+
+Since a two-digit radix-R number can hold R^2 - 1 distinct values,
+this insures that the product will fit into the two-digit register.
+
+To insure that two digits is enough for w, we must also show that
+there is room for the carry-in from the previous multiplication, and
+the current value of the product digit that is being recomputed.
+Assuming each of these may be as big as R - 1 (and no larger,
+certainly), two digits will be enough if and only if:
+
+	(R^2 - 2R + 1) + 2(R - 1) <= R^2 - 1
+
+Solving this equation shows that, indeed, this is the case:
+
+	R^2 - 2R + 1 + 2R - 2 <= R^2 - 1
+
+	R^2 - 1 <= R^2 - 1
+
+This suggests that a good radix would be one more than the largest
+value that can be held in half a machine word -- so, for example, as
+in this implementation, where we used a radix of 65536 on a machine
+with 4-byte words.  Another advantage of a radix of this sort is that
+binary-level operations are easy on numbers in this representation.
+
+Here's an example multiplication worked out longhand in radix-10,
+using the above algorithm:
+
+   a =     999
+   b =   x 999
+  -------------
+   p =   98001
+
+w = (a[jx] * b[ix]) + kin + c[ix + jx]
+c[ix+jx] = w % RADIX
+k = w / RADIX
+                                                               product
+ix	jx	a[jx]	b[ix]	kin	w	c[i+j]	kout	000000
+0	0	9	9	0	81+0+0	1	8	000001
+0	1	9	9	8	81+8+0	9	8	000091
+0	2	9	9	8	81+8+0	9	8	000991
+				8			0	008991
+1	0	9	9	0	81+0+9	0	9	008901
+1	1	9	9	9	81+9+9	9	9	008901
+1	2	9	9	9	81+9+8	8	9	008901
+				9			0	098901
+2	0	9	9	0	81+0+9	0	9	098001
+2	1	9	9	9	81+9+8	8	9	098001
+2	2	9	9	9	81+9+9	9	9	098001
+
+------------------------------------------------------------------
+***** BEGIN LICENSE BLOCK *****
+Version: MPL 1.1/GPL 2.0/LGPL 2.1
+
+The contents of this file are subject to the Mozilla Public License Version 
+1.1 (the "License"); you may not use this file except in compliance with 
+the License. You may obtain a copy of the License at 
+http://www.mozilla.org/MPL/
+
+Software distributed under the License is distributed on an "AS IS" basis,
+WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+for the specific language governing rights and limitations under the
+License.
+
+The Original Code is the MPI Arbitrary Precision Integer Arithmetic
+library.
+
+The Initial Developer of the Original Code is
+Michael J. Fromberger <sting@linguist.dartmouth.edu>
+Portions created by the Initial Developer are Copyright (C) 1998, 2000
+the Initial Developer. All Rights Reserved.
+
+Contributor(s):
+
+Alternatively, the contents of this file may be used under the terms of
+either the GNU General Public License Version 2 or later (the "GPL"), or
+the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+in which case the provisions of the GPL or the LGPL are applicable instead
+of those above. If you wish to allow use of your version of this file only
+under the terms of either the GPL or the LGPL, and not to allow others to
+use your version of this file under the terms of the MPL, indicate your
+decision by deleting the provisions above and replace them with the notice
+and other provisions required by the GPL or the LGPL. If you do not delete
+the provisions above, a recipient may use your version of this file under
+the terms of any one of the MPL, the GPL or the LGPL.
+
+***** END LICENSE BLOCK *****
+
+$Id$
+
+
diff --git a/security/nss/lib/freebl/mpi/doc/pi.txt b/security/nss/lib/freebl/mpi/doc/pi.txt
new file mode 100644
index 000000000..01c82abe9
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/doc/pi.txt
@@ -0,0 +1,90 @@
+This file describes how pi is computed by the program in 'pi.c' (see
+the utils subdirectory).
+
+Basically, we use Machin's formula, which is what everyone in the
+world uses as a simple method for computing approximations to pi.
+This works for up to a few thousand digits without too much effort.
+Beyond that, though, it gets too slow.
+
+Machin's formula states:
+
+	 pi := 16 * arctan(1/5) - 4 * arctan(1/239)
+
+We compute this in integer arithmetic by first multiplying everything
+through by 10^d, where 'd' is the number of digits of pi we wanted to
+compute.  It turns out, the last few digits will be wrong, but the
+number that are wrong is usually very small (ordinarly only 2-3).
+Having done this, we compute the arctan() function using the formula:
+
+                       1      1       1       1       1     
+       arctan(1/x) := --- - ----- + ----- - ----- + ----- - ...
+                       x    3 x^3   5 x^5   7 x^7   9 x^9
+
+This is done iteratively by computing the first term manually, and
+then iteratively dividing x^2 and k, where k = 3, 5, 7, ... out of the
+current figure.  This is then added to (or subtracted from) a running
+sum, as appropriate.  The iteration continues until we overflow our
+available precision and the current figure goes to zero under integer
+division.  At that point, we're finished.
+
+Actually, we get a couple extra bits of precision out of the fact that
+we know we're computing y * arctan(1/x), by setting up the multiplier
+as:
+
+      y * 10^d
+
+... instead of just 10^d.  There is also a bit of cleverness in how
+the loop is constructed, to avoid special-casing the first term.
+Check out the code for arctan() in 'pi.c', if you are interested in
+seeing how it is set up.
+
+Thanks to Jason P. for this algorithm, which I assembled from notes
+and programs found on his cool "Pile of Pi Programs" page, at:
+
+      http://www.isr.umd.edu/~jasonp/pipage.html
+
+Thanks also to Henrik Johansson <Henrik.Johansson@Nexus.Comm.SE>, from
+whose pi program I borrowed the clever idea of pre-multiplying by x in
+order to avoid a special case on the loop iteration.
+
+------------------------------------------------------------------
+***** BEGIN LICENSE BLOCK *****
+Version: MPL 1.1/GPL 2.0/LGPL 2.1
+
+The contents of this file are subject to the Mozilla Public License Version 
+1.1 (the "License"); you may not use this file except in compliance with 
+the License. You may obtain a copy of the License at 
+http://www.mozilla.org/MPL/
+
+Software distributed under the License is distributed on an "AS IS" basis,
+WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+for the specific language governing rights and limitations under the
+License.
+
+The Original Code is the MPI Arbitrary Precision Integer Arithmetic
+library.
+
+The Initial Developer of the Original Code is
+Michael J. Fromberger <sting@linguist.dartmouth.edu>
+Portions created by the Initial Developer are Copyright (C) 1998, 2000
+the Initial Developer. All Rights Reserved.
+
+Contributor(s):
+
+Alternatively, the contents of this file may be used under the terms of
+either the GNU General Public License Version 2 or later (the "GPL"), or
+the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+in which case the provisions of the GPL or the LGPL are applicable instead
+of those above. If you wish to allow use of your version of this file only
+under the terms of either the GPL or the LGPL, and not to allow others to
+use your version of this file under the terms of the MPL, indicate your
+decision by deleting the provisions above and replace them with the notice
+and other provisions required by the GPL or the LGPL. If you do not delete
+the provisions above, a recipient may use your version of this file under
+the terms of any one of the MPL, the GPL or the LGPL.
+
+***** END LICENSE BLOCK *****
+
+$Id$
+
+
diff --git a/security/nss/lib/freebl/mpi/doc/prime.txt b/security/nss/lib/freebl/mpi/doc/prime.txt
new file mode 100644
index 000000000..694797d5f
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/doc/prime.txt
@@ -0,0 +1,6542 @@
+2
+3
+5
+7
+11
+13
+17
+19
+23
+29
+31
+37
+41
+43
+47
+53
+59
+61
+67
+71
+73
+79
+83
+89
+97
+101
+103
+107
+109
+113
+127
+131
+137
+139
+149
+151
+157
+163
+167
+173
+179
+181
+191
+193
+197
+199
+211
+223
+227
+229
+233
+239
+241
+251
+257
+263
+269
+271
+277
+281
+283
+293
+307
+311
+313
+317
+331
+337
+347
+349
+353
+359
+367
+373
+379
+383
+389
+397
+401
+409
+419
+421
+431
+433
+439
+443
+449
+457
+461
+463
+467
+479
+487
+491
+499
+503
+509
+521
+523
+541
+547
+557
+563
+569
+571
+577
+587
+593
+599
+601
+607
+613
+617
+619
+631
+641
+643
+647
+653
+659
+661
+673
+677
+683
+691
+701
+709
+719
+727
+733
+739
+743
+751
+757
+761
+769
+773
+787
+797
+809
+811
+821
+823
+827
+829
+839
+853
+857
+859
+863
+877
+881
+883
+887
+907
+911
+919
+929
+937
+941
+947
+953
+967
+971
+977
+983
+991
+997
+1009
+1013
+1019
+1021
+1031
+1033
+1039
+1049
+1051
+1061
+1063
+1069
+1087
+1091
+1093
+1097
+1103
+1109
+1117
+1123
+1129
+1151
+1153
+1163
+1171
+1181
+1187
+1193
+1201
+1213
+1217
+1223
+1229
+1231
+1237
+1249
+1259
+1277
+1279
+1283
+1289
+1291
+1297
+1301
+1303
+1307
+1319
+1321
+1327
+1361
+1367
+1373
+1381
+1399
+1409
+1423
+1427
+1429
+1433
+1439
+1447
+1451
+1453
+1459
+1471
+1481
+1483
+1487
+1489
+1493
+1499
+1511
+1523
+1531
+1543
+1549
+1553
+1559
+1567
+1571
+1579
+1583
+1597
+1601
+1607
+1609
+1613
+1619
+1621
+1627
+1637
+1657
+1663
+1667
+1669
+1693
+1697
+1699
+1709
+1721
+1723
+1733
+1741
+1747
+1753
+1759
+1777
+1783
+1787
+1789
+1801
+1811
+1823
+1831
+1847
+1861
+1867
+1871
+1873
+1877
+1879
+1889
+1901
+1907
+1913
+1931
+1933
+1949
+1951
+1973
+1979
+1987
+1993
+1997
+1999
+2003
+2011
+2017
+2027
+2029
+2039
+2053
+2063
+2069
+2081
+2083
+2087
+2089
+2099
+2111
+2113
+2129
+2131
+2137
+2141
+2143
+2153
+2161
+2179
+2203
+2207
+2213
+2221
+2237
+2239
+2243
+2251
+2267
+2269
+2273
+2281
+2287
+2293
+2297
+2309
+2311
+2333
+2339
+2341
+2347
+2351
+2357
+2371
+2377
+2381
+2383
+2389
+2393
+2399
+2411
+2417
+2423
+2437
+2441
+2447
+2459
+2467
+2473
+2477
+2503
+2521
+2531
+2539
+2543
+2549
+2551
+2557
+2579
+2591
+2593
+2609
+2617
+2621
+2633
+2647
+2657
+2659
+2663
+2671
+2677
+2683
+2687
+2689
+2693
+2699
+2707
+2711
+2713
+2719
+2729
+2731
+2741
+2749
+2753
+2767
+2777
+2789
+2791
+2797
+2801
+2803
+2819
+2833
+2837
+2843
+2851
+2857
+2861
+2879
+2887
+2897
+2903
+2909
+2917
+2927
+2939
+2953
+2957
+2963
+2969
+2971
+2999
+3001
+3011
+3019
+3023
+3037
+3041
+3049
+3061
+3067
+3079
+3083
+3089
+3109
+3119
+3121
+3137
+3163
+3167
+3169
+3181
+3187
+3191
+3203
+3209
+3217
+3221
+3229
+3251
+3253
+3257
+3259
+3271
+3299
+3301
+3307
+3313
+3319
+3323
+3329
+3331
+3343
+3347
+3359
+3361
+3371
+3373
+3389
+3391
+3407
+3413
+3433
+3449
+3457
+3461
+3463
+3467
+3469
+3491
+3499
+3511
+3517
+3527
+3529
+3533
+3539
+3541
+3547
+3557
+3559
+3571
+3581
+3583
+3593
+3607
+3613
+3617
+3623
+3631
+3637
+3643
+3659
+3671
+3673
+3677
+3691
+3697
+3701
+3709
+3719
+3727
+3733
+3739
+3761
+3767
+3769
+3779
+3793
+3797
+3803
+3821
+3823
+3833
+3847
+3851
+3853
+3863
+3877
+3881
+3889
+3907
+3911
+3917
+3919
+3923
+3929
+3931
+3943
+3947
+3967
+3989
+4001
+4003
+4007
+4013
+4019
+4021
+4027
+4049
+4051
+4057
+4073
+4079
+4091
+4093
+4099
+4111
+4127
+4129
+4133
+4139
+4153
+4157
+4159
+4177
+4201
+4211
+4217
+4219
+4229
+4231
+4241
+4243
+4253
+4259
+4261
+4271
+4273
+4283
+4289
+4297
+4327
+4337
+4339
+4349
+4357
+4363
+4373
+4391
+4397
+4409
+4421
+4423
+4441
+4447
+4451
+4457
+4463
+4481
+4483
+4493
+4507
+4513
+4517
+4519
+4523
+4547
+4549
+4561
+4567
+4583
+4591
+4597
+4603
+4621
+4637
+4639
+4643
+4649
+4651
+4657
+4663
+4673
+4679
+4691
+4703
+4721
+4723
+4729
+4733
+4751
+4759
+4783
+4787
+4789
+4793
+4799
+4801
+4813
+4817
+4831
+4861
+4871
+4877
+4889
+4903
+4909
+4919
+4931
+4933
+4937
+4943
+4951
+4957
+4967
+4969
+4973
+4987
+4993
+4999
+5003
+5009
+5011
+5021
+5023
+5039
+5051
+5059
+5077
+5081
+5087
+5099
+5101
+5107
+5113
+5119
+5147
+5153
+5167
+5171
+5179
+5189
+5197
+5209
+5227
+5231
+5233
+5237
+5261
+5273
+5279
+5281
+5297
+5303
+5309
+5323
+5333
+5347
+5351
+5381
+5387
+5393
+5399
+5407
+5413
+5417
+5419
+5431
+5437
+5441
+5443
+5449
+5471
+5477
+5479
+5483
+5501
+5503
+5507
+5519
+5521
+5527
+5531
+5557
+5563
+5569
+5573
+5581
+5591
+5623
+5639
+5641
+5647
+5651
+5653
+5657
+5659
+5669
+5683
+5689
+5693
+5701
+5711
+5717
+5737
+5741
+5743
+5749
+5779
+5783
+5791
+5801
+5807
+5813
+5821
+5827
+5839
+5843
+5849
+5851
+5857
+5861
+5867
+5869
+5879
+5881
+5897
+5903
+5923
+5927
+5939
+5953
+5981
+5987
+6007
+6011
+6029
+6037
+6043
+6047
+6053
+6067
+6073
+6079
+6089
+6091
+6101
+6113
+6121
+6131
+6133
+6143
+6151
+6163
+6173
+6197
+6199
+6203
+6211
+6217
+6221
+6229
+6247
+6257
+6263
+6269
+6271
+6277
+6287
+6299
+6301
+6311
+6317
+6323
+6329
+6337
+6343
+6353
+6359
+6361
+6367
+6373
+6379
+6389
+6397
+6421
+6427
+6449
+6451
+6469
+6473
+6481
+6491
+6521
+6529
+6547
+6551
+6553
+6563
+6569
+6571
+6577
+6581
+6599
+6607
+6619
+6637
+6653
+6659
+6661
+6673
+6679
+6689
+6691
+6701
+6703
+6709
+6719
+6733
+6737
+6761
+6763
+6779
+6781
+6791
+6793
+6803
+6823
+6827
+6829
+6833
+6841
+6857
+6863
+6869
+6871
+6883
+6899
+6907
+6911
+6917
+6947
+6949
+6959
+6961
+6967
+6971
+6977
+6983
+6991
+6997
+7001
+7013
+7019
+7027
+7039
+7043
+7057
+7069
+7079
+7103
+7109
+7121
+7127
+7129
+7151
+7159
+7177
+7187
+7193
+7207
+7211
+7213
+7219
+7229
+7237
+7243
+7247
+7253
+7283
+7297
+7307
+7309
+7321
+7331
+7333
+7349
+7351
+7369
+7393
+7411
+7417
+7433
+7451
+7457
+7459
+7477
+7481
+7487
+7489
+7499
+7507
+7517
+7523
+7529
+7537
+7541
+7547
+7549
+7559
+7561
+7573
+7577
+7583
+7589
+7591
+7603
+7607
+7621
+7639
+7643
+7649
+7669
+7673
+7681
+7687
+7691
+7699
+7703
+7717
+7723
+7727
+7741
+7753
+7757
+7759
+7789
+7793
+7817
+7823
+7829
+7841
+7853
+7867
+7873
+7877
+7879
+7883
+7901
+7907
+7919
+7927
+7933
+7937
+7949
+7951
+7963
+7993
+8009
+8011
+8017
+8039
+8053
+8059
+8069
+8081
+8087
+8089
+8093
+8101
+8111
+8117
+8123
+8147
+8161
+8167
+8171
+8179
+8191
+8209
+8219
+8221
+8231
+8233
+8237
+8243
+8263
+8269
+8273
+8287
+8291
+8293
+8297
+8311
+8317
+8329
+8353
+8363
+8369
+8377
+8387
+8389
+8419
+8423
+8429
+8431
+8443
+8447
+8461
+8467
+8501
+8513
+8521
+8527
+8537
+8539
+8543
+8563
+8573
+8581
+8597
+8599
+8609
+8623
+8627
+8629
+8641
+8647
+8663
+8669
+8677
+8681
+8689
+8693
+8699
+8707
+8713
+8719
+8731
+8737
+8741
+8747
+8753
+8761
+8779
+8783
+8803
+8807
+8819
+8821
+8831
+8837
+8839
+8849
+8861
+8863
+8867
+8887
+8893
+8923
+8929
+8933
+8941
+8951
+8963
+8969
+8971
+8999
+9001
+9007
+9011
+9013
+9029
+9041
+9043
+9049
+9059
+9067
+9091
+9103
+9109
+9127
+9133
+9137
+9151
+9157
+9161
+9173
+9181
+9187
+9199
+9203
+9209
+9221
+9227
+9239
+9241
+9257
+9277
+9281
+9283
+9293
+9311
+9319
+9323
+9337
+9341
+9343
+9349
+9371
+9377
+9391
+9397
+9403
+9413
+9419
+9421
+9431
+9433
+9437
+9439
+9461
+9463
+9467
+9473
+9479
+9491
+9497
+9511
+9521
+9533
+9539
+9547
+9551
+9587
+9601
+9613
+9619
+9623
+9629
+9631
+9643
+9649
+9661
+9677
+9679
+9689
+9697
+9719
+9721
+9733
+9739
+9743
+9749
+9767
+9769
+9781
+9787
+9791
+9803
+9811
+9817
+9829
+9833
+9839
+9851
+9857
+9859
+9871
+9883
+9887
+9901
+9907
+9923
+9929
+9931
+9941
+9949
+9967
+9973
+10007
+10009
+10037
+10039
+10061
+10067
+10069
+10079
+10091
+10093
+10099
+10103
+10111
+10133
+10139
+10141
+10151
+10159
+10163
+10169
+10177
+10181
+10193
+10211
+10223
+10243
+10247
+10253
+10259
+10267
+10271
+10273
+10289
+10301
+10303
+10313
+10321
+10331
+10333
+10337
+10343
+10357
+10369
+10391
+10399
+10427
+10429
+10433
+10453
+10457
+10459
+10463
+10477
+10487
+10499
+10501
+10513
+10529
+10531
+10559
+10567
+10589
+10597
+10601
+10607
+10613
+10627
+10631
+10639
+10651
+10657
+10663
+10667
+10687
+10691
+10709
+10711
+10723
+10729
+10733
+10739
+10753
+10771
+10781
+10789
+10799
+10831
+10837
+10847
+10853
+10859
+10861
+10867
+10883
+10889
+10891
+10903
+10909
+10937
+10939
+10949
+10957
+10973
+10979
+10987
+10993
+11003
+11027
+11047
+11057
+11059
+11069
+11071
+11083
+11087
+11093
+11113
+11117
+11119
+11131
+11149
+11159
+11161
+11171
+11173
+11177
+11197
+11213
+11239
+11243
+11251
+11257
+11261
+11273
+11279
+11287
+11299
+11311
+11317
+11321
+11329
+11351
+11353
+11369
+11383
+11393
+11399
+11411
+11423
+11437
+11443
+11447
+11467
+11471
+11483
+11489
+11491
+11497
+11503
+11519
+11527
+11549
+11551
+11579
+11587
+11593
+11597
+11617
+11621
+11633
+11657
+11677
+11681
+11689
+11699
+11701
+11717
+11719
+11731
+11743
+11777
+11779
+11783
+11789
+11801
+11807
+11813
+11821
+11827
+11831
+11833
+11839
+11863
+11867
+11887
+11897
+11903
+11909
+11923
+11927
+11933
+11939
+11941
+11953
+11959
+11969
+11971
+11981
+11987
+12007
+12011
+12037
+12041
+12043
+12049
+12071
+12073
+12097
+12101
+12107
+12109
+12113
+12119
+12143
+12149
+12157
+12161
+12163
+12197
+12203
+12211
+12227
+12239
+12241
+12251
+12253
+12263
+12269
+12277
+12281
+12289
+12301
+12323
+12329
+12343
+12347
+12373
+12377
+12379
+12391
+12401
+12409
+12413
+12421
+12433
+12437
+12451
+12457
+12473
+12479
+12487
+12491
+12497
+12503
+12511
+12517
+12527
+12539
+12541
+12547
+12553
+12569
+12577
+12583
+12589
+12601
+12611
+12613
+12619
+12637
+12641
+12647
+12653
+12659
+12671
+12689
+12697
+12703
+12713
+12721
+12739
+12743
+12757
+12763
+12781
+12791
+12799
+12809
+12821
+12823
+12829
+12841
+12853
+12889
+12893
+12899
+12907
+12911
+12917
+12919
+12923
+12941
+12953
+12959
+12967
+12973
+12979
+12983
+13001
+13003
+13007
+13009
+13033
+13037
+13043
+13049
+13063
+13093
+13099
+13103
+13109
+13121
+13127
+13147
+13151
+13159
+13163
+13171
+13177
+13183
+13187
+13217
+13219
+13229
+13241
+13249
+13259
+13267
+13291
+13297
+13309
+13313
+13327
+13331
+13337
+13339
+13367
+13381
+13397
+13399
+13411
+13417
+13421
+13441
+13451
+13457
+13463
+13469
+13477
+13487
+13499
+13513
+13523
+13537
+13553
+13567
+13577
+13591
+13597
+13613
+13619
+13627
+13633
+13649
+13669
+13679
+13681
+13687
+13691
+13693
+13697
+13709
+13711
+13721
+13723
+13729
+13751
+13757
+13759
+13763
+13781
+13789
+13799
+13807
+13829
+13831
+13841
+13859
+13873
+13877
+13879
+13883
+13901
+13903
+13907
+13913
+13921
+13931
+13933
+13963
+13967
+13997
+13999
+14009
+14011
+14029
+14033
+14051
+14057
+14071
+14081
+14083
+14087
+14107
+14143
+14149
+14153
+14159
+14173
+14177
+14197
+14207
+14221
+14243
+14249
+14251
+14281
+14293
+14303
+14321
+14323
+14327
+14341
+14347
+14369
+14387
+14389
+14401
+14407
+14411
+14419
+14423
+14431
+14437
+14447
+14449
+14461
+14479
+14489
+14503
+14519
+14533
+14537
+14543
+14549
+14551
+14557
+14561
+14563
+14591
+14593
+14621
+14627
+14629
+14633
+14639
+14653
+14657
+14669
+14683
+14699
+14713
+14717
+14723
+14731
+14737
+14741
+14747
+14753
+14759
+14767
+14771
+14779
+14783
+14797
+14813
+14821
+14827
+14831
+14843
+14851
+14867
+14869
+14879
+14887
+14891
+14897
+14923
+14929
+14939
+14947
+14951
+14957
+14969
+14983
+15013
+15017
+15031
+15053
+15061
+15073
+15077
+15083
+15091
+15101
+15107
+15121
+15131
+15137
+15139
+15149
+15161
+15173
+15187
+15193
+15199
+15217
+15227
+15233
+15241
+15259
+15263
+15269
+15271
+15277
+15287
+15289
+15299
+15307
+15313
+15319
+15329
+15331
+15349
+15359
+15361
+15373
+15377
+15383
+15391
+15401
+15413
+15427
+15439
+15443
+15451
+15461
+15467
+15473
+15493
+15497
+15511
+15527
+15541
+15551
+15559
+15569
+15581
+15583
+15601
+15607
+15619
+15629
+15641
+15643
+15647
+15649
+15661
+15667
+15671
+15679
+15683
+15727
+15731
+15733
+15737
+15739
+15749
+15761
+15767
+15773
+15787
+15791
+15797
+15803
+15809
+15817
+15823
+15859
+15877
+15881
+15887
+15889
+15901
+15907
+15913
+15919
+15923
+15937
+15959
+15971
+15973
+15991
+16001
+16007
+16033
+16057
+16061
+16063
+16067
+16069
+16073
+16087
+16091
+16097
+16103
+16111
+16127
+16139
+16141
+16183
+16187
+16189
+16193
+16217
+16223
+16229
+16231
+16249
+16253
+16267
+16273
+16301
+16319
+16333
+16339
+16349
+16361
+16363
+16369
+16381
+16411
+16417
+16421
+16427
+16433
+16447
+16451
+16453
+16477
+16481
+16487
+16493
+16519
+16529
+16547
+16553
+16561
+16567
+16573
+16603
+16607
+16619
+16631
+16633
+16649
+16651
+16657
+16661
+16673
+16691
+16693
+16699
+16703
+16729
+16741
+16747
+16759
+16763
+16787
+16811
+16823
+16829
+16831
+16843
+16871
+16879
+16883
+16889
+16901
+16903
+16921
+16927
+16931
+16937
+16943
+16963
+16979
+16981
+16987
+16993
+17011
+17021
+17027
+17029
+17033
+17041
+17047
+17053
+17077
+17093
+17099
+17107
+17117
+17123
+17137
+17159
+17167
+17183
+17189
+17191
+17203
+17207
+17209
+17231
+17239
+17257
+17291
+17293
+17299
+17317
+17321
+17327
+17333
+17341
+17351
+17359
+17377
+17383
+17387
+17389
+17393
+17401
+17417
+17419
+17431
+17443
+17449
+17467
+17471
+17477
+17483
+17489
+17491
+17497
+17509
+17519
+17539
+17551
+17569
+17573
+17579
+17581
+17597
+17599
+17609
+17623
+17627
+17657
+17659
+17669
+17681
+17683
+17707
+17713
+17729
+17737
+17747
+17749
+17761
+17783
+17789
+17791
+17807
+17827
+17837
+17839
+17851
+17863
+17881
+17891
+17903
+17909
+17911
+17921
+17923
+17929
+17939
+17957
+17959
+17971
+17977
+17981
+17987
+17989
+18013
+18041
+18043
+18047
+18049
+18059
+18061
+18077
+18089
+18097
+18119
+18121
+18127
+18131
+18133
+18143
+18149
+18169
+18181
+18191
+18199
+18211
+18217
+18223
+18229
+18233
+18251
+18253
+18257
+18269
+18287
+18289
+18301
+18307
+18311
+18313
+18329
+18341
+18353
+18367
+18371
+18379
+18397
+18401
+18413
+18427
+18433
+18439
+18443
+18451
+18457
+18461
+18481
+18493
+18503
+18517
+18521
+18523
+18539
+18541
+18553
+18583
+18587
+18593
+18617
+18637
+18661
+18671
+18679
+18691
+18701
+18713
+18719
+18731
+18743
+18749
+18757
+18773
+18787
+18793
+18797
+18803
+18839
+18859
+18869
+18899
+18911
+18913
+18917
+18919
+18947
+18959
+18973
+18979
+19001
+19009
+19013
+19031
+19037
+19051
+19069
+19073
+19079
+19081
+19087
+19121
+19139
+19141
+19157
+19163
+19181
+19183
+19207
+19211
+19213
+19219
+19231
+19237
+19249
+19259
+19267
+19273
+19289
+19301
+19309
+19319
+19333
+19373
+19379
+19381
+19387
+19391
+19403
+19417
+19421
+19423
+19427
+19429
+19433
+19441
+19447
+19457
+19463
+19469
+19471
+19477
+19483
+19489
+19501
+19507
+19531
+19541
+19543
+19553
+19559
+19571
+19577
+19583
+19597
+19603
+19609
+19661
+19681
+19687
+19697
+19699
+19709
+19717
+19727
+19739
+19751
+19753
+19759
+19763
+19777
+19793
+19801
+19813
+19819
+19841
+19843
+19853
+19861
+19867
+19889
+19891
+19913
+19919
+19927
+19937
+19949
+19961
+19963
+19973
+19979
+19991
+19993
+19997
+20011
+20021
+20023
+20029
+20047
+20051
+20063
+20071
+20089
+20101
+20107
+20113
+20117
+20123
+20129
+20143
+20147
+20149
+20161
+20173
+20177
+20183
+20201
+20219
+20231
+20233
+20249
+20261
+20269
+20287
+20297
+20323
+20327
+20333
+20341
+20347
+20353
+20357
+20359
+20369
+20389
+20393
+20399
+20407
+20411
+20431
+20441
+20443
+20477
+20479
+20483
+20507
+20509
+20521
+20533
+20543
+20549
+20551
+20563
+20593
+20599
+20611
+20627
+20639
+20641
+20663
+20681
+20693
+20707
+20717
+20719
+20731
+20743
+20747
+20749
+20753
+20759
+20771
+20773
+20789
+20807
+20809
+20849
+20857
+20873
+20879
+20887
+20897
+20899
+20903
+20921
+20929
+20939
+20947
+20959
+20963
+20981
+20983
+21001
+21011
+21013
+21017
+21019
+21023
+21031
+21059
+21061
+21067
+21089
+21101
+21107
+21121
+21139
+21143
+21149
+21157
+21163
+21169
+21179
+21187
+21191
+21193
+21211
+21221
+21227
+21247
+21269
+21277
+21283
+21313
+21317
+21319
+21323
+21341
+21347
+21377
+21379
+21383
+21391
+21397
+21401
+21407
+21419
+21433
+21467
+21481
+21487
+21491
+21493
+21499
+21503
+21517
+21521
+21523
+21529
+21557
+21559
+21563
+21569
+21577
+21587
+21589
+21599
+21601
+21611
+21613
+21617
+21647
+21649
+21661
+21673
+21683
+21701
+21713
+21727
+21737
+21739
+21751
+21757
+21767
+21773
+21787
+21799
+21803
+21817
+21821
+21839
+21841
+21851
+21859
+21863
+21871
+21881
+21893
+21911
+21929
+21937
+21943
+21961
+21977
+21991
+21997
+22003
+22013
+22027
+22031
+22037
+22039
+22051
+22063
+22067
+22073
+22079
+22091
+22093
+22109
+22111
+22123
+22129
+22133
+22147
+22153
+22157
+22159
+22171
+22189
+22193
+22229
+22247
+22259
+22271
+22273
+22277
+22279
+22283
+22291
+22303
+22307
+22343
+22349
+22367
+22369
+22381
+22391
+22397
+22409
+22433
+22441
+22447
+22453
+22469
+22481
+22483
+22501
+22511
+22531
+22541
+22543
+22549
+22567
+22571
+22573
+22613
+22619
+22621
+22637
+22639
+22643
+22651
+22669
+22679
+22691
+22697
+22699
+22709
+22717
+22721
+22727
+22739
+22741
+22751
+22769
+22777
+22783
+22787
+22807
+22811
+22817
+22853
+22859
+22861
+22871
+22877
+22901
+22907
+22921
+22937
+22943
+22961
+22963
+22973
+22993
+23003
+23011
+23017
+23021
+23027
+23029
+23039
+23041
+23053
+23057
+23059
+23063
+23071
+23081
+23087
+23099
+23117
+23131
+23143
+23159
+23167
+23173
+23189
+23197
+23201
+23203
+23209
+23227
+23251
+23269
+23279
+23291
+23293
+23297
+23311
+23321
+23327
+23333
+23339
+23357
+23369
+23371
+23399
+23417
+23431
+23447
+23459
+23473
+23497
+23509
+23531
+23537
+23539
+23549
+23557
+23561
+23563
+23567
+23581
+23593
+23599
+23603
+23609
+23623
+23627
+23629
+23633
+23663
+23669
+23671
+23677
+23687
+23689
+23719
+23741
+23743
+23747
+23753
+23761
+23767
+23773
+23789
+23801
+23813
+23819
+23827
+23831
+23833
+23857
+23869
+23873
+23879
+23887
+23893
+23899
+23909
+23911
+23917
+23929
+23957
+23971
+23977
+23981
+23993
+24001
+24007
+24019
+24023
+24029
+24043
+24049
+24061
+24071
+24077
+24083
+24091
+24097
+24103
+24107
+24109
+24113
+24121
+24133
+24137
+24151
+24169
+24179
+24181
+24197
+24203
+24223
+24229
+24239
+24247
+24251
+24281
+24317
+24329
+24337
+24359
+24371
+24373
+24379
+24391
+24407
+24413
+24419
+24421
+24439
+24443
+24469
+24473
+24481
+24499
+24509
+24517
+24527
+24533
+24547
+24551
+24571
+24593
+24611
+24623
+24631
+24659
+24671
+24677
+24683
+24691
+24697
+24709
+24733
+24749
+24763
+24767
+24781
+24793
+24799
+24809
+24821
+24841
+24847
+24851
+24859
+24877
+24889
+24907
+24917
+24919
+24923
+24943
+24953
+24967
+24971
+24977
+24979
+24989
+25013
+25031
+25033
+25037
+25057
+25073
+25087
+25097
+25111
+25117
+25121
+25127
+25147
+25153
+25163
+25169
+25171
+25183
+25189
+25219
+25229
+25237
+25243
+25247
+25253
+25261
+25301
+25303
+25307
+25309
+25321
+25339
+25343
+25349
+25357
+25367
+25373
+25391
+25409
+25411
+25423
+25439
+25447
+25453
+25457
+25463
+25469
+25471
+25523
+25537
+25541
+25561
+25577
+25579
+25583
+25589
+25601
+25603
+25609
+25621
+25633
+25639
+25643
+25657
+25667
+25673
+25679
+25693
+25703
+25717
+25733
+25741
+25747
+25759
+25763
+25771
+25793
+25799
+25801
+25819
+25841
+25847
+25849
+25867
+25873
+25889
+25903
+25913
+25919
+25931
+25933
+25939
+25943
+25951
+25969
+25981
+25997
+25999
+26003
+26017
+26021
+26029
+26041
+26053
+26083
+26099
+26107
+26111
+26113
+26119
+26141
+26153
+26161
+26171
+26177
+26183
+26189
+26203
+26209
+26227
+26237
+26249
+26251
+26261
+26263
+26267
+26293
+26297
+26309
+26317
+26321
+26339
+26347
+26357
+26371
+26387
+26393
+26399
+26407
+26417
+26423
+26431
+26437
+26449
+26459
+26479
+26489
+26497
+26501
+26513
+26539
+26557
+26561
+26573
+26591
+26597
+26627
+26633
+26641
+26647
+26669
+26681
+26683
+26687
+26693
+26699
+26701
+26711
+26713
+26717
+26723
+26729
+26731
+26737
+26759
+26777
+26783
+26801
+26813
+26821
+26833
+26839
+26849
+26861
+26863
+26879
+26881
+26891
+26893
+26903
+26921
+26927
+26947
+26951
+26953
+26959
+26981
+26987
+26993
+27011
+27017
+27031
+27043
+27059
+27061
+27067
+27073
+27077
+27091
+27103
+27107
+27109
+27127
+27143
+27179
+27191
+27197
+27211
+27239
+27241
+27253
+27259
+27271
+27277
+27281
+27283
+27299
+27329
+27337
+27361
+27367
+27397
+27407
+27409
+27427
+27431
+27437
+27449
+27457
+27479
+27481
+27487
+27509
+27527
+27529
+27539
+27541
+27551
+27581
+27583
+27611
+27617
+27631
+27647
+27653
+27673
+27689
+27691
+27697
+27701
+27733
+27737
+27739
+27743
+27749
+27751
+27763
+27767
+27773
+27779
+27791
+27793
+27799
+27803
+27809
+27817
+27823
+27827
+27847
+27851
+27883
+27893
+27901
+27917
+27919
+27941
+27943
+27947
+27953
+27961
+27967
+27983
+27997
+28001
+28019
+28027
+28031
+28051
+28057
+28069
+28081
+28087
+28097
+28099
+28109
+28111
+28123
+28151
+28163
+28181
+28183
+28201
+28211
+28219
+28229
+28277
+28279
+28283
+28289
+28297
+28307
+28309
+28319
+28349
+28351
+28387
+28393
+28403
+28409
+28411
+28429
+28433
+28439
+28447
+28463
+28477
+28493
+28499
+28513
+28517
+28537
+28541
+28547
+28549
+28559
+28571
+28573
+28579
+28591
+28597
+28603
+28607
+28619
+28621
+28627
+28631
+28643
+28649
+28657
+28661
+28663
+28669
+28687
+28697
+28703
+28711
+28723
+28729
+28751
+28753
+28759
+28771
+28789
+28793
+28807
+28813
+28817
+28837
+28843
+28859
+28867
+28871
+28879
+28901
+28909
+28921
+28927
+28933
+28949
+28961
+28979
+29009
+29017
+29021
+29023
+29027
+29033
+29059
+29063
+29077
+29101
+29123
+29129
+29131
+29137
+29147
+29153
+29167
+29173
+29179
+29191
+29201
+29207
+29209
+29221
+29231
+29243
+29251
+29269
+29287
+29297
+29303
+29311
+29327
+29333
+29339
+29347
+29363
+29383
+29387
+29389
+29399
+29401
+29411
+29423
+29429
+29437
+29443
+29453
+29473
+29483
+29501
+29527
+29531
+29537
+29567
+29569
+29573
+29581
+29587
+29599
+29611
+29629
+29633
+29641
+29663
+29669
+29671
+29683
+29717
+29723
+29741
+29753
+29759
+29761
+29789
+29803
+29819
+29833
+29837
+29851
+29863
+29867
+29873
+29879
+29881
+29917
+29921
+29927
+29947
+29959
+29983
+29989
+30011
+30013
+30029
+30047
+30059
+30071
+30089
+30091
+30097
+30103
+30109
+30113
+30119
+30133
+30137
+30139
+30161
+30169
+30181
+30187
+30197
+30203
+30211
+30223
+30241
+30253
+30259
+30269
+30271
+30293
+30307
+30313
+30319
+30323
+30341
+30347
+30367
+30389
+30391
+30403
+30427
+30431
+30449
+30467
+30469
+30491
+30493
+30497
+30509
+30517
+30529
+30539
+30553
+30557
+30559
+30577
+30593
+30631
+30637
+30643
+30649
+30661
+30671
+30677
+30689
+30697
+30703
+30707
+30713
+30727
+30757
+30763
+30773
+30781
+30803
+30809
+30817
+30829
+30839
+30841
+30851
+30853
+30859
+30869
+30871
+30881
+30893
+30911
+30931
+30937
+30941
+30949
+30971
+30977
+30983
+31013
+31019
+31033
+31039
+31051
+31063
+31069
+31079
+31081
+31091
+31121
+31123
+31139
+31147
+31151
+31153
+31159
+31177
+31181
+31183
+31189
+31193
+31219
+31223
+31231
+31237
+31247
+31249
+31253
+31259
+31267
+31271
+31277
+31307
+31319
+31321
+31327
+31333
+31337
+31357
+31379
+31387
+31391
+31393
+31397
+31469
+31477
+31481
+31489
+31511
+31513
+31517
+31531
+31541
+31543
+31547
+31567
+31573
+31583
+31601
+31607
+31627
+31643
+31649
+31657
+31663
+31667
+31687
+31699
+31721
+31723
+31727
+31729
+31741
+31751
+31769
+31771
+31793
+31799
+31817
+31847
+31849
+31859
+31873
+31883
+31891
+31907
+31957
+31963
+31973
+31981
+31991
+32003
+32009
+32027
+32029
+32051
+32057
+32059
+32063
+32069
+32077
+32083
+32089
+32099
+32117
+32119
+32141
+32143
+32159
+32173
+32183
+32189
+32191
+32203
+32213
+32233
+32237
+32251
+32257
+32261
+32297
+32299
+32303
+32309
+32321
+32323
+32327
+32341
+32353
+32359
+32363
+32369
+32371
+32377
+32381
+32401
+32411
+32413
+32423
+32429
+32441
+32443
+32467
+32479
+32491
+32497
+32503
+32507
+32531
+32533
+32537
+32561
+32563
+32569
+32573
+32579
+32587
+32603
+32609
+32611
+32621
+32633
+32647
+32653
+32687
+32693
+32707
+32713
+32717
+32719
+32749
+32771
+32779
+32783
+32789
+32797
+32801
+32803
+32831
+32833
+32839
+32843
+32869
+32887
+32909
+32911
+32917
+32933
+32939
+32941
+32957
+32969
+32971
+32983
+32987
+32993
+32999
+33013
+33023
+33029
+33037
+33049
+33053
+33071
+33073
+33083
+33091
+33107
+33113
+33119
+33149
+33151
+33161
+33179
+33181
+33191
+33199
+33203
+33211
+33223
+33247
+33287
+33289
+33301
+33311
+33317
+33329
+33331
+33343
+33347
+33349
+33353
+33359
+33377
+33391
+33403
+33409
+33413
+33427
+33457
+33461
+33469
+33479
+33487
+33493
+33503
+33521
+33529
+33533
+33547
+33563
+33569
+33577
+33581
+33587
+33589
+33599
+33601
+33613
+33617
+33619
+33623
+33629
+33637
+33641
+33647
+33679
+33703
+33713
+33721
+33739
+33749
+33751
+33757
+33767
+33769
+33773
+33791
+33797
+33809
+33811
+33827
+33829
+33851
+33857
+33863
+33871
+33889
+33893
+33911
+33923
+33931
+33937
+33941
+33961
+33967
+33997
+34019
+34031
+34033
+34039
+34057
+34061
+34123
+34127
+34129
+34141
+34147
+34157
+34159
+34171
+34183
+34211
+34213
+34217
+34231
+34253
+34259
+34261
+34267
+34273
+34283
+34297
+34301
+34303
+34313
+34319
+34327
+34337
+34351
+34361
+34367
+34369
+34381
+34403
+34421
+34429
+34439
+34457
+34469
+34471
+34483
+34487
+34499
+34501
+34511
+34513
+34519
+34537
+34543
+34549
+34583
+34589
+34591
+34603
+34607
+34613
+34631
+34649
+34651
+34667
+34673
+34679
+34687
+34693
+34703
+34721
+34729
+34739
+34747
+34757
+34759
+34763
+34781
+34807
+34819
+34841
+34843
+34847
+34849
+34871
+34877
+34883
+34897
+34913
+34919
+34939
+34949
+34961
+34963
+34981
+35023
+35027
+35051
+35053
+35059
+35069
+35081
+35083
+35089
+35099
+35107
+35111
+35117
+35129
+35141
+35149
+35153
+35159
+35171
+35201
+35221
+35227
+35251
+35257
+35267
+35279
+35281
+35291
+35311
+35317
+35323
+35327
+35339
+35353
+35363
+35381
+35393
+35401
+35407
+35419
+35423
+35437
+35447
+35449
+35461
+35491
+35507
+35509
+35521
+35527
+35531
+35533
+35537
+35543
+35569
+35573
+35591
+35593
+35597
+35603
+35617
+35671
+35677
+35729
+35731
+35747
+35753
+35759
+35771
+35797
+35801
+35803
+35809
+35831
+35837
+35839
+35851
+35863
+35869
+35879
+35897
+35899
+35911
+35923
+35933
+35951
+35963
+35969
+35977
+35983
+35993
+35999
+36007
+36011
+36013
+36017
+36037
+36061
+36067
+36073
+36083
+36097
+36107
+36109
+36131
+36137
+36151
+36161
+36187
+36191
+36209
+36217
+36229
+36241
+36251
+36263
+36269
+36277
+36293
+36299
+36307
+36313
+36319
+36341
+36343
+36353
+36373
+36383
+36389
+36433
+36451
+36457
+36467
+36469
+36473
+36479
+36493
+36497
+36523
+36527
+36529
+36541
+36551
+36559
+36563
+36571
+36583
+36587
+36599
+36607
+36629
+36637
+36643
+36653
+36671
+36677
+36683
+36691
+36697
+36709
+36713
+36721
+36739
+36749
+36761
+36767
+36779
+36781
+36787
+36791
+36793
+36809
+36821
+36833
+36847
+36857
+36871
+36877
+36887
+36899
+36901
+36913
+36919
+36923
+36929
+36931
+36943
+36947
+36973
+36979
+36997
+37003
+37013
+37019
+37021
+37039
+37049
+37057
+37061
+37087
+37097
+37117
+37123
+37139
+37159
+37171
+37181
+37189
+37199
+37201
+37217
+37223
+37243
+37253
+37273
+37277
+37307
+37309
+37313
+37321
+37337
+37339
+37357
+37361
+37363
+37369
+37379
+37397
+37409
+37423
+37441
+37447
+37463
+37483
+37489
+37493
+37501
+37507
+37511
+37517
+37529
+37537
+37547
+37549
+37561
+37567
+37571
+37573
+37579
+37589
+37591
+37607
+37619
+37633
+37643
+37649
+37657
+37663
+37691
+37693
+37699
+37717
+37747
+37781
+37783
+37799
+37811
+37813
+37831
+37847
+37853
+37861
+37871
+37879
+37889
+37897
+37907
+37951
+37957
+37963
+37967
+37987
+37991
+37993
+37997
+38011
+38039
+38047
+38053
+38069
+38083
+38113
+38119
+38149
+38153
+38167
+38177
+38183
+38189
+38197
+38201
+38219
+38231
+38237
+38239
+38261
+38273
+38281
+38287
+38299
+38303
+38317
+38321
+38327
+38329
+38333
+38351
+38371
+38377
+38393
+38431
+38447
+38449
+38453
+38459
+38461
+38501
+38543
+38557
+38561
+38567
+38569
+38593
+38603
+38609
+38611
+38629
+38639
+38651
+38653
+38669
+38671
+38677
+38693
+38699
+38707
+38711
+38713
+38723
+38729
+38737
+38747
+38749
+38767
+38783
+38791
+38803
+38821
+38833
+38839
+38851
+38861
+38867
+38873
+38891
+38903
+38917
+38921
+38923
+38933
+38953
+38959
+38971
+38977
+38993
+39019
+39023
+39041
+39043
+39047
+39079
+39089
+39097
+39103
+39107
+39113
+39119
+39133
+39139
+39157
+39161
+39163
+39181
+39191
+39199
+39209
+39217
+39227
+39229
+39233
+39239
+39241
+39251
+39293
+39301
+39313
+39317
+39323
+39341
+39343
+39359
+39367
+39371
+39373
+39383
+39397
+39409
+39419
+39439
+39443
+39451
+39461
+39499
+39503
+39509
+39511
+39521
+39541
+39551
+39563
+39569
+39581
+39607
+39619
+39623
+39631
+39659
+39667
+39671
+39679
+39703
+39709
+39719
+39727
+39733
+39749
+39761
+39769
+39779
+39791
+39799
+39821
+39827
+39829
+39839
+39841
+39847
+39857
+39863
+39869
+39877
+39883
+39887
+39901
+39929
+39937
+39953
+39971
+39979
+39983
+39989
+40009
+40013
+40031
+40037
+40039
+40063
+40087
+40093
+40099
+40111
+40123
+40127
+40129
+40151
+40153
+40163
+40169
+40177
+40189
+40193
+40213
+40231
+40237
+40241
+40253
+40277
+40283
+40289
+40343
+40351
+40357
+40361
+40387
+40423
+40427
+40429
+40433
+40459
+40471
+40483
+40487
+40493
+40499
+40507
+40519
+40529
+40531
+40543
+40559
+40577
+40583
+40591
+40597
+40609
+40627
+40637
+40639
+40693
+40697
+40699
+40709
+40739
+40751
+40759
+40763
+40771
+40787
+40801
+40813
+40819
+40823
+40829
+40841
+40847
+40849
+40853
+40867
+40879
+40883
+40897
+40903
+40927
+40933
+40939
+40949
+40961
+40973
+40993
+41011
+41017
+41023
+41039
+41047
+41051
+41057
+41077
+41081
+41113
+41117
+41131
+41141
+41143
+41149
+41161
+41177
+41179
+41183
+41189
+41201
+41203
+41213
+41221
+41227
+41231
+41233
+41243
+41257
+41263
+41269
+41281
+41299
+41333
+41341
+41351
+41357
+41381
+41387
+41389
+41399
+41411
+41413
+41443
+41453
+41467
+41479
+41491
+41507
+41513
+41519
+41521
+41539
+41543
+41549
+41579
+41593
+41597
+41603
+41609
+41611
+41617
+41621
+41627
+41641
+41647
+41651
+41659
+41669
+41681
+41687
+41719
+41729
+41737
+41759
+41761
+41771
+41777
+41801
+41809
+41813
+41843
+41849
+41851
+41863
+41879
+41887
+41893
+41897
+41903
+41911
+41927
+41941
+41947
+41953
+41957
+41959
+41969
+41981
+41983
+41999
+42013
+42017
+42019
+42023
+42043
+42061
+42071
+42073
+42083
+42089
+42101
+42131
+42139
+42157
+42169
+42179
+42181
+42187
+42193
+42197
+42209
+42221
+42223
+42227
+42239
+42257
+42281
+42283
+42293
+42299
+42307
+42323
+42331
+42337
+42349
+42359
+42373
+42379
+42391
+42397
+42403
+42407
+42409
+42433
+42437
+42443
+42451
+42457
+42461
+42463
+42467
+42473
+42487
+42491
+42499
+42509
+42533
+42557
+42569
+42571
+42577
+42589
+42611
+42641
+42643
+42649
+42667
+42677
+42683
+42689
+42697
+42701
+42703
+42709
+42719
+42727
+42737
+42743
+42751
+42767
+42773
+42787
+42793
+42797
+42821
+42829
+42839
+42841
+42853
+42859
+42863
+42899
+42901
+42923
+42929
+42937
+42943
+42953
+42961
+42967
+42979
+42989
+43003
+43013
+43019
+43037
+43049
+43051
+43063
+43067
+43093
+43103
+43117
+43133
+43151
+43159
+43177
+43189
+43201
+43207
+43223
+43237
+43261
+43271
+43283
+43291
+43313
+43319
+43321
+43331
+43391
+43397
+43399
+43403
+43411
+43427
+43441
+43451
+43457
+43481
+43487
+43499
+43517
+43541
+43543
+43573
+43577
+43579
+43591
+43597
+43607
+43609
+43613
+43627
+43633
+43649
+43651
+43661
+43669
+43691
+43711
+43717
+43721
+43753
+43759
+43777
+43781
+43783
+43787
+43789
+43793
+43801
+43853
+43867
+43889
+43891
+43913
+43933
+43943
+43951
+43961
+43963
+43969
+43973
+43987
+43991
+43997
+44017
+44021
+44027
+44029
+44041
+44053
+44059
+44071
+44087
+44089
+44101
+44111
+44119
+44123
+44129
+44131
+44159
+44171
+44179
+44189
+44201
+44203
+44207
+44221
+44249
+44257
+44263
+44267
+44269
+44273
+44279
+44281
+44293
+44351
+44357
+44371
+44381
+44383
+44389
+44417
+44449
+44453
+44483
+44491
+44497
+44501
+44507
+44519
+44531
+44533
+44537
+44543
+44549
+44563
+44579
+44587
+44617
+44621
+44623
+44633
+44641
+44647
+44651
+44657
+44683
+44687
+44699
+44701
+44711
+44729
+44741
+44753
+44771
+44773
+44777
+44789
+44797
+44809
+44819
+44839
+44843
+44851
+44867
+44879
+44887
+44893
+44909
+44917
+44927
+44939
+44953
+44959
+44963
+44971
+44983
+44987
+45007
+45013
+45053
+45061
+45077
+45083
+45119
+45121
+45127
+45131
+45137
+45139
+45161
+45179
+45181
+45191
+45197
+45233
+45247
+45259
+45263
+45281
+45289
+45293
+45307
+45317
+45319
+45329
+45337
+45341
+45343
+45361
+45377
+45389
+45403
+45413
+45427
+45433
+45439
+45481
+45491
+45497
+45503
+45523
+45533
+45541
+45553
+45557
+45569
+45587
+45589
+45599
+45613
+45631
+45641
+45659
+45667
+45673
+45677
+45691
+45697
+45707
+45737
+45751
+45757
+45763
+45767
+45779
+45817
+45821
+45823
+45827
+45833
+45841
+45853
+45863
+45869
+45887
+45893
+45943
+45949
+45953
+45959
+45971
+45979
+45989
+46021
+46027
+46049
+46051
+46061
+46073
+46091
+46093
+46099
+46103
+46133
+46141
+46147
+46153
+46171
+46181
+46183
+46187
+46199
+46219
+46229
+46237
+46261
+46271
+46273
+46279
+46301
+46307
+46309
+46327
+46337
+46349
+46351
+46381
+46399
+46411
+46439
+46441
+46447
+46451
+46457
+46471
+46477
+46489
+46499
+46507
+46511
+46523
+46549
+46559
+46567
+46573
+46589
+46591
+46601
+46619
+46633
+46639
+46643
+46649
+46663
+46679
+46681
+46687
+46691
+46703
+46723
+46727
+46747
+46751
+46757
+46769
+46771
+46807
+46811
+46817
+46819
+46829
+46831
+46853
+46861
+46867
+46877
+46889
+46901
+46919
+46933
+46957
+46993
+46997
+47017
+47041
+47051
+47057
+47059
+47087
+47093
+47111
+47119
+47123
+47129
+47137
+47143
+47147
+47149
+47161
+47189
+47207
+47221
+47237
+47251
+47269
+47279
+47287
+47293
+47297
+47303
+47309
+47317
+47339
+47351
+47353
+47363
+47381
+47387
+47389
+47407
+47417
+47419
+47431
+47441
+47459
+47491
+47497
+47501
+47507
+47513
+47521
+47527
+47533
+47543
+47563
+47569
+47581
+47591
+47599
+47609
+47623
+47629
+47639
+47653
+47657
+47659
+47681
+47699
+47701
+47711
+47713
+47717
+47737
+47741
+47743
+47777
+47779
+47791
+47797
+47807
+47809
+47819
+47837
+47843
+47857
+47869
+47881
+47903
+47911
+47917
+47933
+47939
+47947
+47951
+47963
+47969
+47977
+47981
+48017
+48023
+48029
+48049
+48073
+48079
+48091
+48109
+48119
+48121
+48131
+48157
+48163
+48179
+48187
+48193
+48197
+48221
+48239
+48247
+48259
+48271
+48281
+48299
+48311
+48313
+48337
+48341
+48353
+48371
+48383
+48397
+48407
+48409
+48413
+48437
+48449
+48463
+48473
+48479
+48481
+48487
+48491
+48497
+48523
+48527
+48533
+48539
+48541
+48563
+48571
+48589
+48593
+48611
+48619
+48623
+48647
+48649
+48661
+48673
+48677
+48679
+48731
+48733
+48751
+48757
+48761
+48767
+48779
+48781
+48787
+48799
+48809
+48817
+48821
+48823
+48847
+48857
+48859
+48869
+48871
+48883
+48889
+48907
+48947
+48953
+48973
+48989
+48991
+49003
+49009
+49019
+49031
+49033
+49037
+49043
+49057
+49069
+49081
+49103
+49109
+49117
+49121
+49123
+49139
+49157
+49169
+49171
+49177
+49193
+49199
+49201
+49207
+49211
+49223
+49253
+49261
+49277
+49279
+49297
+49307
+49331
+49333
+49339
+49363
+49367
+49369
+49391
+49393
+49409
+49411
+49417
+49429
+49433
+49451
+49459
+49463
+49477
+49481
+49499
+49523
+49529
+49531
+49537
+49547
+49549
+49559
+49597
+49603
+49613
+49627
+49633
+49639
+49663
+49667
+49669
+49681
+49697
+49711
+49727
+49739
+49741
+49747
+49757
+49783
+49787
+49789
+49801
+49807
+49811
+49823
+49831
+49843
+49853
+49871
+49877
+49891
+49919
+49921
+49927
+49937
+49939
+49943
+49957
+49991
+49993
+49999
+50021
+50023
+50033
+50047
+50051
+50053
+50069
+50077
+50087
+50093
+50101
+50111
+50119
+50123
+50129
+50131
+50147
+50153
+50159
+50177
+50207
+50221
+50227
+50231
+50261
+50263
+50273
+50287
+50291
+50311
+50321
+50329
+50333
+50341
+50359
+50363
+50377
+50383
+50387
+50411
+50417
+50423
+50441
+50459
+50461
+50497
+50503
+50513
+50527
+50539
+50543
+50549
+50551
+50581
+50587
+50591
+50593
+50599
+50627
+50647
+50651
+50671
+50683
+50707
+50723
+50741
+50753
+50767
+50773
+50777
+50789
+50821
+50833
+50839
+50849
+50857
+50867
+50873
+50891
+50893
+50909
+50923
+50929
+50951
+50957
+50969
+50971
+50989
+50993
+51001
+51031
+51043
+51047
+51059
+51061
+51071
+51109
+51131
+51133
+51137
+51151
+51157
+51169
+51193
+51197
+51199
+51203
+51217
+51229
+51239
+51241
+51257
+51263
+51283
+51287
+51307
+51329
+51341
+51343
+51347
+51349
+51361
+51383
+51407
+51413
+51419
+51421
+51427
+51431
+51437
+51439
+51449
+51461
+51473
+51479
+51481
+51487
+51503
+51511
+51517
+51521
+51539
+51551
+51563
+51577
+51581
+51593
+51599
+51607
+51613
+51631
+51637
+51647
+51659
+51673
+51679
+51683
+51691
+51713
+51719
+51721
+51749
+51767
+51769
+51787
+51797
+51803
+51817
+51827
+51829
+51839
+51853
+51859
+51869
+51871
+51893
+51899
+51907
+51913
+51929
+51941
+51949
+51971
+51973
+51977
+51991
+52009
+52021
+52027
+52051
+52057
+52067
+52069
+52081
+52103
+52121
+52127
+52147
+52153
+52163
+52177
+52181
+52183
+52189
+52201
+52223
+52237
+52249
+52253
+52259
+52267
+52289
+52291
+52301
+52313
+52321
+52361
+52363
+52369
+52379
+52387
+52391
+52433
+52453
+52457
+52489
+52501
+52511
+52517
+52529
+52541
+52543
+52553
+52561
+52567
+52571
+52579
+52583
+52609
+52627
+52631
+52639
+52667
+52673
+52691
+52697
+52709
+52711
+52721
+52727
+52733
+52747
+52757
+52769
+52783
+52807
+52813
+52817
+52837
+52859
+52861
+52879
+52883
+52889
+52901
+52903
+52919
+52937
+52951
+52957
+52963
+52967
+52973
+52981
+52999
+53003
+53017
+53047
+53051
+53069
+53077
+53087
+53089
+53093
+53101
+53113
+53117
+53129
+53147
+53149
+53161
+53171
+53173
+53189
+53197
+53201
+53231
+53233
+53239
+53267
+53269
+53279
+53281
+53299
+53309
+53323
+53327
+53353
+53359
+53377
+53381
+53401
+53407
+53411
+53419
+53437
+53441
+53453
+53479
+53503
+53507
+53527
+53549
+53551
+53569
+53591
+53593
+53597
+53609
+53611
+53617
+53623
+53629
+53633
+53639
+53653
+53657
+53681
+53693
+53699
+53717
+53719
+53731
+53759
+53773
+53777
+53783
+53791
+53813
+53819
+53831
+53849
+53857
+53861
+53881
+53887
+53891
+53897
+53899
+53917
+53923
+53927
+53939
+53951
+53959
+53987
+53993
+54001
+54011
+54013
+54037
+54049
+54059
+54083
+54091
+54101
+54121
+54133
+54139
+54151
+54163
+54167
+54181
+54193
+54217
+54251
+54269
+54277
+54287
+54293
+54311
+54319
+54323
+54331
+54347
+54361
+54367
+54371
+54377
+54401
+54403
+54409
+54413
+54419
+54421
+54437
+54443
+54449
+54469
+54493
+54497
+54499
+54503
+54517
+54521
+54539
+54541
+54547
+54559
+54563
+54577
+54581
+54583
+54601
+54617
+54623
+54629
+54631
+54647
+54667
+54673
+54679
+54709
+54713
+54721
+54727
+54751
+54767
+54773
+54779
+54787
+54799
+54829
+54833
+54851
+54869
+54877
+54881
+54907
+54917
+54919
+54941
+54949
+54959
+54973
+54979
+54983
+55001
+55009
+55021
+55049
+55051
+55057
+55061
+55073
+55079
+55103
+55109
+55117
+55127
+55147
+55163
+55171
+55201
+55207
+55213
+55217
+55219
+55229
+55243
+55249
+55259
+55291
+55313
+55331
+55333
+55337
+55339
+55343
+55351
+55373
+55381
+55399
+55411
+55439
+55441
+55457
+55469
+55487
+55501
+55511
+55529
+55541
+55547
+55579
+55589
+55603
+55609
+55619
+55621
+55631
+55633
+55639
+55661
+55663
+55667
+55673
+55681
+55691
+55697
+55711
+55717
+55721
+55733
+55763
+55787
+55793
+55799
+55807
+55813
+55817
+55819
+55823
+55829
+55837
+55843
+55849
+55871
+55889
+55897
+55901
+55903
+55921
+55927
+55931
+55933
+55949
+55967
+55987
+55997
+56003
+56009
+56039
+56041
+56053
+56081
+56087
+56093
+56099
+56101
+56113
+56123
+56131
+56149
+56167
+56171
+56179
+56197
+56207
+56209
+56237
+56239
+56249
+56263
+56267
+56269
+56299
+56311
+56333
+56359
+56369
+56377
+56383
+56393
+56401
+56417
+56431
+56437
+56443
+56453
+56467
+56473
+56477
+56479
+56489
+56501
+56503
+56509
+56519
+56527
+56531
+56533
+56543
+56569
+56591
+56597
+56599
+56611
+56629
+56633
+56659
+56663
+56671
+56681
+56687
+56701
+56711
+56713
+56731
+56737
+56747
+56767
+56773
+56779
+56783
+56807
+56809
+56813
+56821
+56827
+56843
+56857
+56873
+56891
+56893
+56897
+56909
+56911
+56921
+56923
+56929
+56941
+56951
+56957
+56963
+56983
+56989
+56993
+56999
+57037
+57041
+57047
+57059
+57073
+57077
+57089
+57097
+57107
+57119
+57131
+57139
+57143
+57149
+57163
+57173
+57179
+57191
+57193
+57203
+57221
+57223
+57241
+57251
+57259
+57269
+57271
+57283
+57287
+57301
+57329
+57331
+57347
+57349
+57367
+57373
+57383
+57389
+57397
+57413
+57427
+57457
+57467
+57487
+57493
+57503
+57527
+57529
+57557
+57559
+57571
+57587
+57593
+57601
+57637
+57641
+57649
+57653
+57667
+57679
+57689
+57697
+57709
+57713
+57719
+57727
+57731
+57737
+57751
+57773
+57781
+57787
+57791
+57793
+57803
+57809
+57829
+57839
+57847
+57853
+57859
+57881
+57899
+57901
+57917
+57923
+57943
+57947
+57973
+57977
+57991
+58013
+58027
+58031
+58043
+58049
+58057
+58061
+58067
+58073
+58099
+58109
+58111
+58129
+58147
+58151
+58153
+58169
+58171
+58189
+58193
+58199
+58207
+58211
+58217
+58229
+58231
+58237
+58243
+58271
+58309
+58313
+58321
+58337
+58363
+58367
+58369
+58379
+58391
+58393
+58403
+58411
+58417
+58427
+58439
+58441
+58451
+58453
+58477
+58481
+58511
+58537
+58543
+58549
+58567
+58573
+58579
+58601
+58603
+58613
+58631
+58657
+58661
+58679
+58687
+58693
+58699
+58711
+58727
+58733
+58741
+58757
+58763
+58771
+58787
+58789
+58831
+58889
+58897
+58901
+58907
+58909
+58913
+58921
+58937
+58943
+58963
+58967
+58979
+58991
+58997
+59009
+59011
+59021
+59023
+59029
+59051
+59053
+59063
+59069
+59077
+59083
+59093
+59107
+59113
+59119
+59123
+59141
+59149
+59159
+59167
+59183
+59197
+59207
+59209
+59219
+59221
+59233
+59239
+59243
+59263
+59273
+59281
+59333
+59341
+59351
+59357
+59359
+59369
+59377
+59387
+59393
+59399
+59407
+59417
+59419
+59441
+59443
+59447
+59453
+59467
+59471
+59473
+59497
+59509
+59513
+59539
+59557
+59561
+59567
+59581
+59611
+59617
+59621
+59627
+59629
+59651
+59659
+59663
+59669
+59671
+59693
+59699
+59707
+59723
+59729
+59743
+59747
+59753
+59771
+59779
+59791
+59797
+59809
+59833
+59863
+59879
+59887
+59921
+59929
+59951
+59957
+59971
+59981
+59999
+60013
+60017
+60029
+60037
+60041
+60077
+60083
+60089
+60091
+60101
+60103
+60107
+60127
+60133
+60139
+60149
+60161
+60167
+60169
+60209
+60217
+60223
+60251
+60257
+60259
+60271
+60289
+60293
+60317
+60331
+60337
+60343
+60353
+60373
+60383
+60397
+60413
+60427
+60443
+60449
+60457
+60493
+60497
+60509
+60521
+60527
+60539
+60589
+60601
+60607
+60611
+60617
+60623
+60631
+60637
+60647
+60649
+60659
+60661
+60679
+60689
+60703
+60719
+60727
+60733
+60737
+60757
+60761
+60763
+60773
+60779
+60793
+60811
+60821
+60859
+60869
+60887
+60889
+60899
+60901
+60913
+60917
+60919
+60923
+60937
+60943
+60953
+60961
+61001
+61007
+61027
+61031
+61043
+61051
+61057
+61091
+61099
+61121
+61129
+61141
+61151
+61153
+61169
+61211
+61223
+61231
+61253
+61261
+61283
+61291
+61297
+61331
+61333
+61339
+61343
+61357
+61363
+61379
+61381
+61403
+61409
+61417
+61441
+61463
+61469
+61471
+61483
+61487
+61493
+61507
+61511
+61519
+61543
+61547
+61553
+61559
+61561
+61583
+61603
+61609
+61613
+61627
+61631
+61637
+61643
+61651
+61657
+61667
+61673
+61681
+61687
+61703
+61717
+61723
+61729
+61751
+61757
+61781
+61813
+61819
+61837
+61843
+61861
+61871
+61879
+61909
+61927
+61933
+61949
+61961
+61967
+61979
+61981
+61987
+61991
+62003
+62011
+62017
+62039
+62047
+62053
+62057
+62071
+62081
+62099
+62119
+62129
+62131
+62137
+62141
+62143
+62171
+62189
+62191
+62201
+62207
+62213
+62219
+62233
+62273
+62297
+62299
+62303
+62311
+62323
+62327
+62347
+62351
+62383
+62401
+62417
+62423
+62459
+62467
+62473
+62477
+62483
+62497
+62501
+62507
+62533
+62539
+62549
+62563
+62581
+62591
+62597
+62603
+62617
+62627
+62633
+62639
+62653
+62659
+62683
+62687
+62701
+62723
+62731
+62743
+62753
+62761
+62773
+62791
+62801
+62819
+62827
+62851
+62861
+62869
+62873
+62897
+62903
+62921
+62927
+62929
+62939
+62969
+62971
+62981
+62983
+62987
+62989
+63029
+63031
+63059
+63067
+63073
+63079
+63097
+63103
+63113
+63127
+63131
+63149
+63179
+63197
+63199
+63211
+63241
+63247
+63277
+63281
+63299
+63311
+63313
+63317
+63331
+63337
+63347
+63353
+63361
+63367
+63377
+63389
+63391
+63397
+63409
+63419
+63421
+63439
+63443
+63463
+63467
+63473
+63487
+63493
+63499
+63521
+63527
+63533
+63541
+63559
+63577
+63587
+63589
+63599
+63601
+63607
+63611
+63617
+63629
+63647
+63649
+63659
+63667
+63671
+63689
+63691
+63697
+63703
+63709
+63719
+63727
+63737
+63743
+63761
+63773
+63781
+63793
+63799
+63803
+63809
+63823
+63839
+63841
+63853
+63857
+63863
+63901
+63907
+63913
+63929
+63949
+63977
+63997
+64007
+64013
+64019
+64033
+64037
+64063
+64067
+64081
+64091
+64109
+64123
+64151
+64153
+64157
+64171
+64187
+64189
+64217
+64223
+64231
+64237
+64271
+64279
+64283
+64301
+64303
+64319
+64327
+64333
+64373
+64381
+64399
+64403
+64433
+64439
+64451
+64453
+64483
+64489
+64499
+64513
+64553
+64567
+64577
+64579
+64591
+64601
+64609
+64613
+64621
+64627
+64633
+64661
+64663
+64667
+64679
+64693
+64709
+64717
+64747
+64763
+64781
+64783
+64793
+64811
+64817
+64849
+64853
+64871
+64877
+64879
+64891
+64901
+64919
+64921
+64927
+64937
+64951
+64969
+64997
+65003
+65011
+65027
+65029
+65033
+65053
+65063
+65071
+65089
+65099
+65101
+65111
+65119
+65123
+65129
+65141
+65147
+65167
+65171
+65173
+65179
+65183
+65203
+65213
+65239
+65257
+65267
+65269
+65287
+65293
+65309
+65323
+65327
+65353
+65357
+65371
+65381
+65393
+65407
+65413
+65419
+65423
+65437
+65447
+65449
+65479
+65497
+65519
+65521
diff --git a/security/nss/lib/freebl/mpi/doc/prng.pod b/security/nss/lib/freebl/mpi/doc/prng.pod
new file mode 100644
index 000000000..1ae75da82
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/doc/prng.pod
@@ -0,0 +1,41 @@
+=head1 NAME
+
+ prng - pseudo-random number generator
+
+=head1 SYNOPSIS
+
+ prng [count]
+
+=head1 DESCRIPTION
+
+B<Prng> generates 32-bit pseudo-random integers using the
+Blum-Blum-Shub (BBS) quadratic residue generator.  It is seeded using
+the standard C library's rand() function, which itself seeded from the
+system clock and the process ID number.  Thus, the values generated
+are not particularly useful for cryptographic applications, but they
+are in general much better than the typical output of the usual
+multiplicative congruency generator used by most runtime libraries.
+
+You may optionally specify how many random values should be generated
+by giving a I<count> argument on the command line.  If you do not
+specify a count, only one random value will be generated.  The results
+are output to the standard output in decimal notation, one value per
+line.
+
+=head1 RESTRICTIONS
+
+As stated above, B<prng> uses the C library's rand() function to seed
+the generator, so it is not terribly suitable for cryptographic
+applications.  Also note that each time you run the program, a new
+seed is generated, so it is better to run it once with a I<count>
+parameter than it is to run it multiple times to generate several
+values.
+
+=head1 AUTHOR
+
+ Michael J. Fromberger <sting@linguist.dartmouth.edu>
+ Copyright (C) 1998 Michael J. Fromberger, All Rights Reserved
+ Thayer School of Engineering, Dartmouth College, Hanover, NH  USA
+
+ $Date$
+
diff --git a/security/nss/lib/freebl/mpi/doc/redux.txt b/security/nss/lib/freebl/mpi/doc/redux.txt
new file mode 100644
index 000000000..d6eb7844f
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/doc/redux.txt
@@ -0,0 +1,121 @@
+Modular Reduction
+
+Usually, modular reduction is accomplished by long division, using the
+mp_div() or mp_mod() functions.  However, when performing modular
+exponentiation, you spend a lot of time reducing by the same modulus
+again and again.  For this purpose, doing a full division for each
+multiplication is quite inefficient.
+
+For this reason, the mp_exptmod() function does not perform modular
+reductions in the usual way, but instead takes advantage of an
+algorithm due to Barrett, as described by Menezes, Oorschot and
+VanStone in their book _Handbook of Applied Cryptography_, published
+by the CRC Press (see Chapter 14 for details).  This method reduces
+most of the computation of reduction to efficient shifting and masking
+operations, and avoids the multiple-precision division entirely.
+
+Here is a brief synopsis of Barrett reduction, as it is implemented in
+this library.
+
+Let b denote the radix of the computation (one more than the maximum
+value that can be denoted by an mp_digit).  Let m be the modulus, and
+let k be the number of significant digits of m.  Let x be the value to
+be reduced modulo m.  By the Division Theorem, there exist unique
+integers Q and R such that:
+
+	 x = Qm + R, 0 <= R < m
+
+Barrett reduction takes advantage of the fact that you can easily
+approximate Q to within two, given a value M such that:
+
+	                  2k
+	                 b
+	    M = floor( ----- )
+	                 m
+
+Computation of M requires a full-precision division step, so if you
+are only doing a single reduction by m, you gain no advantage.
+However, when multiple reductions by the same m are required, this
+division need only be done once, beforehand.  Using this, we can use
+the following equation to compute Q', an approximation of Q:
+
+                     x
+            floor( ------ ) M
+                      k-1
+                     b
+Q' = floor( ----------------- )
+                    k+1
+                   b
+
+The divisions by b^(k-1) and b^(k+1) and the floor() functions can be
+efficiently implemented with shifts and masks, leaving only a single
+multiplication to be performed to get this approximation.  It can be
+shown that Q - 2 <= Q' <= Q, so in the worst case, we can get out with
+two additional subtractions to bring the value into line with the
+actual value of Q.
+
+Once we've got Q', we basically multiply that by m and subtract from
+x, yielding:
+
+   x - Q'm = Qm + R - Q'm
+
+Since we know the constraint on Q', this is one of:
+
+      R
+      m + R
+      2m + R
+
+Since R < m by the Division Theorem, we can simply subtract off m
+until we get a value in the correct range, which will happen with no
+more than 2 subtractions:
+
+     v = x - Q'm
+
+     while(v >= m)
+       v = v - m
+     endwhile
+
+
+In random performance trials, modular exponentiation using this method
+of reduction gave around a 40% speedup over using the division for
+reduction.
+
+------------------------------------------------------------------
+***** BEGIN LICENSE BLOCK *****
+Version: MPL 1.1/GPL 2.0/LGPL 2.1
+
+The contents of this file are subject to the Mozilla Public License Version 
+1.1 (the "License"); you may not use this file except in compliance with 
+the License. You may obtain a copy of the License at 
+http://www.mozilla.org/MPL/
+
+Software distributed under the License is distributed on an "AS IS" basis,
+WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+for the specific language governing rights and limitations under the
+License.
+
+The Original Code is the MPI Arbitrary Precision Integer Arithmetic
+library.
+
+The Initial Developer of the Original Code is
+Michael J. Fromberger <sting@linguist.dartmouth.edu>
+Portions created by the Initial Developer are Copyright (C) 1998, 2000
+the Initial Developer. All Rights Reserved.
+
+Contributor(s):
+
+Alternatively, the contents of this file may be used under the terms of
+either the GNU General Public License Version 2 or later (the "GPL"), or
+the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+in which case the provisions of the GPL or the LGPL are applicable instead
+of those above. If you wish to allow use of your version of this file only
+under the terms of either the GPL or the LGPL, and not to allow others to
+use your version of this file under the terms of the MPL, indicate your
+decision by deleting the provisions above and replace them with the notice
+and other provisions required by the GPL or the LGPL. If you do not delete
+the provisions above, a recipient may use your version of this file under
+the terms of any one of the MPL, the GPL or the LGPL.
+
+***** END LICENSE BLOCK *****
+
+$Id$
diff --git a/security/nss/lib/freebl/mpi/doc/sqrt.txt b/security/nss/lib/freebl/mpi/doc/sqrt.txt
new file mode 100644
index 000000000..c709217a5
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/doc/sqrt.txt
@@ -0,0 +1,87 @@
+Square Root
+
+A simple iterative algorithm is used to compute the greatest integer
+less than or equal to the square root.  Essentially, this is Newton's
+linear approximation, computed by finding successive values of the
+equation:
+
+		    x[k]^2 - V
+x[k+1]	 =  x[k] - ------------
+	             2 x[k]
+
+...where V is the value for which the square root is being sought.  In
+essence, what is happening here is that we guess a value for the
+square root, then figure out how far off we were by squaring our guess
+and subtracting the target.  Using this value, we compute a linear
+approximation for the error, and adjust the "guess".  We keep doing
+this until the precision gets low enough that the above equation
+yields a quotient of zero.  At this point, our last guess is one
+greater than the square root we're seeking.
+
+The initial guess is computed by dividing V by 4, which is a heuristic
+I have found to be fairly good on average.  This also has the
+advantage of being very easy to compute efficiently, even for large
+values.
+
+So, the resulting algorithm works as follows:
+
+    x = V / 4   /* compute initial guess */
+    
+    loop
+	t = (x * x) - V   /* Compute absolute error  */
+	u = 2 * x         /* Adjust by tangent slope */
+	t = t / u
+
+	/* Loop is done if error is zero */
+	if(t == 0)
+	    break
+
+	/* Adjust guess by error term    */
+	x = x - t
+    end
+
+    x = x - 1
+
+The result of the computation is the value of x.
+
+------------------------------------------------------------------
+***** BEGIN LICENSE BLOCK *****
+Version: MPL 1.1/GPL 2.0/LGPL 2.1
+
+The contents of this file are subject to the Mozilla Public License Version 
+1.1 (the "License"); you may not use this file except in compliance with 
+the License. You may obtain a copy of the License at 
+http://www.mozilla.org/MPL/
+
+Software distributed under the License is distributed on an "AS IS" basis,
+WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+for the specific language governing rights and limitations under the
+License.
+
+The Original Code is the MPI Arbitrary Precision Integer Arithmetic
+library.
+
+The Initial Developer of the Original Code is
+Michael J. Fromberger <sting@linguist.dartmouth.edu>
+Portions created by the Initial Developer are Copyright (C) 1998, 2000
+the Initial Developer. All Rights Reserved.
+
+Contributor(s):
+
+Alternatively, the contents of this file may be used under the terms of
+either the GNU General Public License Version 2 or later (the "GPL"), or
+the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+in which case the provisions of the GPL or the LGPL are applicable instead
+of those above. If you wish to allow use of your version of this file only
+under the terms of either the GPL or the LGPL, and not to allow others to
+use your version of this file under the terms of the MPL, indicate your
+decision by deleting the provisions above and replace them with the notice
+and other provisions required by the GPL or the LGPL. If you do not delete
+the provisions above, a recipient may use your version of this file under
+the terms of any one of the MPL, the GPL or the LGPL.
+
+***** END LICENSE BLOCK *****
+
+$Id$
+
+
diff --git a/security/nss/lib/freebl/mpi/doc/square.txt b/security/nss/lib/freebl/mpi/doc/square.txt
new file mode 100644
index 000000000..319ea9657
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/doc/square.txt
@@ -0,0 +1,109 @@
+Squaring Algorithm
+
+When you are squaring a value, you can take advantage of the fact that
+half the multiplications performed by the more general multiplication
+algorithm (see 'mul.txt' for a description) are redundant when the
+multiplicand equals the multiplier.
+
+In particular, the modified algorithm is:
+
+k = 0
+for j <- 0 to (#a - 1)
+  w = c[2*j] + (a[j] ^ 2);
+  k = w div R
+
+  for i <- j+1 to (#a - 1)
+    w = (2 * a[j] * a[i]) + k + c[i+j]
+    c[i+j] = w mod R
+    k = w div R
+  endfor
+  c[i+j] = k;
+  k = 0;
+endfor
+
+On the surface, this looks identical to the multiplication algorithm;
+however, note the following differences:
+
+  - precomputation of the leading term in the outer loop
+
+  - i runs from j+1 instead of from zero
+
+  - doubling of a[i] * a[j] in the inner product
+
+Unfortunately, the construction of the inner product is such that we
+need more than two digits to represent the inner product, in some
+cases.  In a C implementation, this means that some gymnastics must be
+performed in order to handle overflow, for which C has no direct
+abstraction.  We do this by observing the following:
+
+If we have multiplied a[i] and a[j], and the product is more than half
+the maximum value expressible in two digits, then doubling this result
+will overflow into a third digit.  If this occurs, we take note of the
+overflow, and double it anyway -- C integer arithmetic ignores
+overflow, so the two digits we get back should still be valid, modulo
+the overflow.
+
+Having doubled this value, we now have to add in the remainders and
+the digits already computed by earlier steps.  If we did not overflow
+in the previous step, we might still cause an overflow here.  That
+will happen whenever the maximum value expressible in two digits, less
+the amount we have to add, is greater than the result of the previous
+step.  Thus, the overflow computation is:
+
+
+  u = 0
+  w = a[i] * a[j]
+
+  if(w > (R - 1)/ 2)
+    u = 1;
+
+  w = w * 2
+  v = c[i + j] + k
+
+  if(u == 0 && (R - 1 - v) < w)
+    u = 1
+
+If there is an overflow, u will be 1, otherwise u will be 0.  The rest
+of the parameters are the same as they are in the above description.
+
+------------------------------------------------------------------
+***** BEGIN LICENSE BLOCK *****
+Version: MPL 1.1/GPL 2.0/LGPL 2.1
+
+The contents of this file are subject to the Mozilla Public License Version 
+1.1 (the "License"); you may not use this file except in compliance with 
+the License. You may obtain a copy of the License at 
+http://www.mozilla.org/MPL/
+
+Software distributed under the License is distributed on an "AS IS" basis,
+WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+for the specific language governing rights and limitations under the
+License.
+
+The Original Code is the MPI Arbitrary Precision Integer Arithmetic
+library.
+
+The Initial Developer of the Original Code is
+Michael J. Fromberger <sting@linguist.dartmouth.edu>
+Portions created by the Initial Developer are Copyright (C) 1998, 2000
+the Initial Developer. All Rights Reserved.
+
+Contributor(s):
+
+Alternatively, the contents of this file may be used under the terms of
+either the GNU General Public License Version 2 or later (the "GPL"), or
+the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+in which case the provisions of the GPL or the LGPL are applicable instead
+of those above. If you wish to allow use of your version of this file only
+under the terms of either the GPL or the LGPL, and not to allow others to
+use your version of this file under the terms of the MPL, indicate your
+decision by deleting the provisions above and replace them with the notice
+and other provisions required by the GPL or the LGPL. If you do not delete
+the provisions above, a recipient may use your version of this file under
+the terms of any one of the MPL, the GPL or the LGPL.
+
+***** END LICENSE BLOCK *****
+
+$Id$
+
+
diff --git a/security/nss/lib/freebl/mpi/doc/timing.txt b/security/nss/lib/freebl/mpi/doc/timing.txt
new file mode 100644
index 000000000..4c77da79f
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/doc/timing.txt
@@ -0,0 +1,250 @@
+MPI Library Timing Tests
+
+Hardware/OS
+(A) SGI O2 1 x MIPS R10000 250MHz IRIX 6.5.3
+(B) IBM RS/6000 43P-240 1 x PowerPC 603e 223MHz AIX 4.3
+(C) Dell GX1/L+ 1 x Pentium III 550MHz Linux 2.2.12-20
+(D) PowerBook G3 1 x PowerPC 750 266MHz LinuxPPC 2.2.6-15apmac
+(E) PowerBook G3 1 x PowerPC 750 266MHz MacOS 8.5.1
+(F) PowerBook G3 1 x PowerPC 750 400MHz MacOS 9.0.2
+
+Compiler
+(1) MIPSpro C 7.2.1 -O3 optimizations
+(2) GCC 2.95.1 -O3 optimizations
+(3) IBM AIX xlc -O3 optimizations (version unknown)
+(4) EGCS 2.91.66 -O3 optimizations
+(5) Metrowerks CodeWarrior 5.0 C, all optimizations
+(6) MIPSpro C 7.30 -O3 optimizations
+(7) same as (6), with optimized libmalloc.so
+
+Timings are given in seconds, computed using the C library's clock()
+function.  The first column gives the hardware and compiler
+configuration used for the test. The second column indicates the
+number of tests that were aggregated to get the statistics for that
+size.  These were compiled using 16 bit digits.
+
+Source data were generated randomly using a fixed seed, so they should
+be internally consistent, but may vary on different systems depending
+on the C library.  Also, since the resolution of the timer accessed by
+clock() varies, there may be some variance in the precision of these
+measurements.
+
+Prime Generation (primegen)
+
+128 bits:
+A1      200     min=0.03, avg=0.19, max=0.72, sum=38.46
+A2      200     min=0.02, avg=0.16, max=0.62, sum=32.55
+B3      200     min=0.01, avg=0.07, max=0.22, sum=13.29
+C4      200     min=0.00, avg=0.03, max=0.20, sum=6.14
+D4      200     min=0.00, avg=0.05, max=0.33, sum=9.70
+A6      200     min=0.01, avg=0.09, max=0.36, sum=17.48
+A7      200     min=0.00, avg=0.05, max=0.24, sum=10.07
+
+192 bits:
+A1      200     min=0.05, avg=0.45, max=3.13, sum=89.96
+A2      200     min=0.04, avg=0.39, max=2.61, sum=77.55
+B3      200     min=0.02, avg=0.18, max=1.25, sum=36.97
+C4      200     min=0.01, avg=0.09, max=0.33, sum=18.24
+D4      200     min=0.02, avg=0.15, max=0.54, sum=29.63
+A6      200     min=0.02, avg=0.24, max=1.70, sum=47.84
+A7      200     min=0.01, avg=0.15, max=1.05, sum=30.88
+
+256 bits:
+A1      200     min=0.08, avg=0.92, max=6.13, sum=184.79
+A2      200     min=0.06, avg=0.76, max=5.03, sum=151.11
+B3      200     min=0.04, avg=0.41, max=2.68, sum=82.35
+C4      200     min=0.02, avg=0.19, max=0.69, sum=37.91
+D4      200     min=0.03, avg=0.31, max=1.15, sum=63.00
+A6      200     min=0.04, avg=0.48, max=3.13, sum=95.46
+A7      200     min=0.03, avg=0.37, max=2.36, sum=73.60
+
+320 bits:
+A1      200     min=0.11, avg=1.59, max=6.14, sum=318.81
+A2      200     min=0.09, avg=1.27, max=4.93, sum=254.03
+B3      200     min=0.07, avg=0.82, max=3.13, sum=163.80
+C4      200     min=0.04, avg=0.44, max=1.91, sum=87.59
+D4      200     min=0.06, avg=0.73, max=3.22, sum=146.73
+A6      200     min=0.07, avg=0.93, max=3.50, sum=185.01
+A7      200     min=0.05, avg=0.76, max=2.94, sum=151.78
+
+384 bits:
+A1      200     min=0.16, avg=2.69, max=11.41, sum=537.89
+A2      200     min=0.13, avg=2.15, max=9.03, sum=429.14
+B3      200     min=0.11, avg=1.54, max=6.49, sum=307.78
+C4      200     min=0.06, avg=0.81, max=4.84, sum=161.13
+D4      200     min=0.10, avg=1.38, max=8.31, sum=276.81
+A6      200     min=0.11, avg=1.73, max=7.36, sum=345.55
+A7      200     min=0.09, avg=1.46, max=6.12, sum=292.02
+
+448 bits:
+A1      200     min=0.23, avg=3.36, max=15.92, sum=672.63
+A2      200     min=0.17, avg=2.61, max=12.25, sum=522.86
+B3      200     min=0.16, avg=2.10, max=9.83, sum=420.86
+C4      200     min=0.09, avg=1.44, max=7.64, sum=288.36
+D4      200     min=0.16, avg=2.50, max=13.29, sum=500.17
+A6      200     min=0.15, avg=2.31, max=10.81, sum=461.58
+A7      200     min=0.14, avg=2.03, max=9.53, sum=405.16
+
+512 bits:
+A1      200     min=0.30, avg=6.12, max=22.18, sum=1223.35
+A2      200     min=0.25, avg=4.67, max=16.90, sum=933.18
+B3      200     min=0.23, avg=4.13, max=14.94, sum=825.45
+C4      200     min=0.13, avg=2.08, max=9.75, sum=415.22
+D4      200     min=0.24, avg=4.04, max=20.18, sum=808.11
+A6      200     min=0.22, avg=4.47, max=16.19, sum=893.83
+A7      200     min=0.20, avg=4.03, max=14.65, sum=806.02
+
+Modular Exponentation (metime)
+
+The following results are aggregated from 200 pseudo-randomly
+generated tests, based on a fixed seed. 
+
+                      base, exponent, and modulus size (bits)
+P/C       128   192   256   320   384   448   512   640   768   896  1024
+------- -----------------------------------------------------------------
+A1      0.015 0.027 0.047 0.069 0.098 0.133 0.176 0.294 0.458 0.680 1.040
+A2      0.013 0.024 0.037 0.053 0.077 0.102 0.133 0.214 0.326 0.476 0.668
+B3      0.005 0.011 0.021 0.036 0.056 0.084 0.121 0.222 0.370 0.573 0.840
+C4      0.002 0.006 0.011 0.020 0.032 0.048 0.069 0.129 0.223 0.344 0.507
+D4      0.004 0.010 0.019 0.034 0.056 0.085 0.123 0.232 0.390 0.609 0.899
+E5      0.007 0.015 0.031 0.055 0.088 0.133 0.183 0.342 0.574 0.893 1.317
+A6      0.008 0.016 0.038 0.042 0.064 0.093 0.133 0.239 0.393 0.604 0.880
+A7      0.005 0.011 0.020 0.036 0.056 0.083 0.121 0.223 0.374 0.583 0.855
+
+Multiplication and Squaring tests, (mulsqr)
+
+The following results are aggregated from 500000 pseudo-randomly
+generated tests, based on a per-run wall-clock seed.  Times are given
+in seconds, except where indicated in microseconds (us).
+
+(A1)
+
+bits    multiply    square  ad  percent time/mult   time/square
+64      9.33        9.15    >   1.9     18.7us      18.3us
+128     10.88       10.44   >   4.0     21.8us      20.9us
+192     13.30       11.89   >   10.6    26.7us      23.8us
+256     14.88       12.64   >   15.1    29.8us      25.3us
+320     18.64       15.01   >   19.5    37.3us      30.0us
+384     23.11       17.70   >   23.4    46.2us      35.4us
+448     28.28       20.88   >   26.2    56.6us      41.8us
+512     34.09       24.51   >   28.1    68.2us      49.0us
+640     47.86       33.25   >   30.5    95.7us      66.5us
+768     64.91       43.54   >   32.9    129.8us     87.1us
+896     84.49       55.48   >   34.3    169.0us     111.0us
+1024    107.25      69.21   >   35.5    214.5us     138.4us
+1536    227.97      141.91  >   37.8    456.0us     283.8us
+2048    394.05      242.15  >   38.5    788.1us     484.3us
+
+(A2)
+
+bits    multiply    square  ad  percent time/mult   time/square
+64      7.87        7.95    <   1.0     15.7us      15.9us
+128     9.40        9.19    >   2.2     18.8us      18.4us
+192     11.15       10.59   >   5.0     22.3us      21.2us
+256     12.02       11.16   >   7.2     24.0us      22.3us
+320     14.62       13.43   >   8.1     29.2us      26.9us
+384     17.72       15.80   >   10.8    35.4us      31.6us
+448     21.24       18.51   >   12.9    42.5us      37.0us
+512     25.36       21.78   >   14.1    50.7us      43.6us
+640     34.57       29.00   >   16.1    69.1us      58.0us
+768     46.10       37.60   >   18.4    92.2us      75.2us
+896     58.94       47.72   >   19.0    117.9us     95.4us
+1024    73.76       59.12   >   19.8    147.5us     118.2us
+1536    152.00      118.80  >   21.8    304.0us     237.6us
+2048    259.41      199.57  >   23.1    518.8us     399.1us
+
+(B3)
+
+bits    multiply    square  ad  percent time/mult   time/square
+64      2.60        2.47    >   5.0     5.20us      4.94us
+128     4.43        4.06    >   8.4     8.86us      8.12us
+192     7.03        6.10    >   13.2    14.1us      12.2us
+256     10.44       8.59    >   17.7    20.9us      17.2us
+320     14.44       11.64   >   19.4    28.9us      23.3us
+384     19.12       15.08   >   21.1    38.2us      30.2us
+448     24.55       19.09   >   22.2    49.1us      38.2us
+512     31.03       23.53   >   24.2    62.1us      47.1us
+640     45.05       33.80   >   25.0    90.1us      67.6us
+768     63.02       46.05   >   26.9    126.0us     92.1us
+896     83.74       60.29   >   28.0    167.5us     120.6us
+1024    106.73      76.65   >   28.2    213.5us     153.3us
+1536    228.94      160.98  >   29.7    457.9us     322.0us
+2048    398.08      275.93  >   30.7    796.2us     551.9us
+
+(C4)
+
+bits    multiply    square  ad  percent time/mult   time/square
+64      1.34        1.28    >   4.5     2.68us      2.56us
+128     2.76        2.59    >   6.2     5.52us      5.18us
+192     4.52        4.16    >   8.0     9.04us      8.32us
+256     6.64        5.99    >   9.8     13.3us      12.0us
+320     9.20        8.13    >   11.6    18.4us      16.3us
+384     12.01       10.58   >   11.9    24.0us      21.2us
+448     15.24       13.33   >   12.5    30.5us      26.7us
+512     19.02       16.46   >   13.5    38.0us      32.9us
+640     27.56       23.54   >   14.6    55.1us      47.1us
+768     37.89       31.78   >   16.1    75.8us      63.6us
+896     49.24       41.42   >   15.9    98.5us      82.8us
+1024    62.59       52.18   >   16.6    125.2us     104.3us
+1536    131.66      107.72  >   18.2    263.3us     215.4us
+2048    226.45      182.95  >   19.2    453.0us     365.9us
+
+(A7)
+
+bits    multiply    square  ad  percent time/mult   time/square
+64      1.74        1.71    >   1.7     3.48us      3.42us
+128     3.48        2.96    >   14.9    6.96us      5.92us
+192     5.74        4.60    >   19.9    11.5us      9.20us
+256     8.75        6.61    >   24.5    17.5us      13.2us
+320     12.5        8.99    >   28.1    25.0us      18.0us
+384     16.9        11.9    >   29.6    33.8us      23.8us
+448     22.2        15.2    >   31.7    44.4us      30.4us
+512     28.3        19.0    >   32.7    56.6us      38.0us
+640     42.4        28.0    >   34.0    84.8us      56.0us
+768     59.4        38.5    >   35.2    118.8us     77.0us
+896     79.5        51.2    >   35.6    159.0us     102.4us
+1024    102.6	    65.5    >	36.2	205.2us	    131.0us
+1536    224.3	    140.6   >	37.3	448.6us	    281.2us
+2048    393.4	    244.3   >	37.9	786.8us	    488.6us
+
+------------------------------------------------------------------
+***** BEGIN LICENSE BLOCK *****
+Version: MPL 1.1/GPL 2.0/LGPL 2.1
+
+The contents of this file are subject to the Mozilla Public License Version 
+1.1 (the "License"); you may not use this file except in compliance with 
+the License. You may obtain a copy of the License at 
+http://www.mozilla.org/MPL/
+
+Software distributed under the License is distributed on an "AS IS" basis,
+WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+for the specific language governing rights and limitations under the
+License.
+
+The Original Code is the MPI Arbitrary Precision Integer Arithmetic
+library.
+
+The Initial Developer of the Original Code is
+Michael J. Fromberger <sting@linguist.dartmouth.edu>
+Portions created by the Initial Developer are Copyright (C) 1998, 2000
+the Initial Developer. All Rights Reserved.
+
+Contributor(s):
+
+Alternatively, the contents of this file may be used under the terms of
+either the GNU General Public License Version 2 or later (the "GPL"), or
+the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+in which case the provisions of the GPL or the LGPL are applicable instead
+of those above. If you wish to allow use of your version of this file only
+under the terms of either the GPL or the LGPL, and not to allow others to
+use your version of this file under the terms of the MPL, indicate your
+decision by deleting the provisions above and replace them with the notice
+and other provisions required by the GPL or the LGPL. If you do not delete
+the provisions above, a recipient may use your version of this file under
+the terms of any one of the MPL, the GPL or the LGPL.
+
+***** END LICENSE BLOCK *****
+
+$Id$
+
+
diff --git a/security/nss/lib/freebl/mpi/hpma512.s b/security/nss/lib/freebl/mpi/hpma512.s
new file mode 100644
index 000000000..0d88608c1
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/hpma512.s
@@ -0,0 +1,646 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is multacc512 multiple-precision integer arithmetic.
+ *
+ * The Initial Developer of the Original Code is
+ * Hewlett-Packard Company.
+ * Portions created by the Initial Developer are Copyright (C) 1999
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   coded by:   Bill Worley, Hewlett-Packard labs
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/*
+ *
+ *  This PA-RISC 2.0 function computes the product of two unsigned integers,
+ *  and adds the result to a previously computed integer.  The multiplicand
+ *  is a 512-bit (64-byte, eight doubleword) unsigned integer, stored in
+ *  memory in little-double-wordian order.  The multiplier is an unsigned
+ *  64-bit integer.  The previously computed integer to which the product is
+ *  added is located in the result ("res") area, and is assumed to be a
+ *  576-bit (72-byte, nine doubleword) unsigned integer, stored in memory
+ *  in little-double-wordian order.  This value normally will be the result
+ *  of a previously computed nine doubleword result.  It is not necessary
+ *  to pad the multiplicand with an additional 64-bit zero doubleword.
+ *
+ *  Multiplicand, multiplier, and addend ideally should be aligned at
+ *  16-byte boundaries for best performance.  The code will function
+ *  correctly for alignment at eight-byte boundaries which are not 16-byte
+ *  boundaries, but the execution may be slightly slower due to even/odd
+ *  bank conflicts on PA-RISC 8000 processors.
+ *
+ *  This function is designed to accept the same calling sequence as Bill
+ *  Ackerman's "maxpy_little" function.  The carry from the ninth doubleword
+ *  of the result is written to the tenth word of the result, as is done by
+ *  Bill Ackerman's function.  The final carry also is returned as an
+ *  integer, which may be ignored.  The function prototype may be either
+ *  of the following:
+ *
+ *      void multacc512( int l, chunk* m, const chunk* a, chunk* res );
+ *          or
+ *      int multacc512( int l, chunk* m, const chunk* a, chunk* res );
+ *
+ *  where:  "l" originally denoted vector lengths.  This parameter is
+ *      ignored.  This function always assumes a multiplicand length of
+ *      512 bits (eight doublewords), and addend and result lengths of
+ *      576 bits (nine doublewords).
+ *
+ *      "m" is a pointer to the doubleword multiplier, ideally aligned
+ *      on a 16-byte boundary.
+ *
+ *      "a" is a pointer to the eight-doubleword multiplicand, stored
+ *      in little-double-wordian order, and ideally aligned on a 16-byte
+ *      boundary.
+ *
+ *      "res" is a pointer to the nine doubleword addend, and to the
+ *      nine-doubleword product computed by this function.  The result
+ *      also is stored in little-double-wordian order, and ideally is
+ *      aligned on a 16-byte boundary. It is expected that the alignment
+ *      of the "res" area may alternate between even/odd doubleword
+ *      boundaries for successive calls for 512-bit x 512-bit
+ *      multiplications.
+ *
+ *  The code for this function has been scheduled to use the parallelism
+ *  of the PA-RISC 8000 series microprocessors as well as the author was
+ *  able.  Comments and/or suggestions for improvement are welcomed.
+ *
+ *  The code is "64-bit safe".  This means it may be called in either
+ *  the 32ILP context or the 64LP context.  All 64-bits of registers are
+ *  saved and restored.
+ *
+ *  This code is self-contained.  It requires no other header files in order
+ *  to compile and to be linkable on a PA-RISC 2.0 machine.  Symbolic
+ *  definitions for registers and stack offsets are included within this
+ *  one source file.
+ *
+ *  This is a leaf routine.  As such, minimal use is made of the stack area.
+ *  Of the 192 bytes allocated, 64 bytes are used for saving/restoring eight
+ *  general registers, and 128 bytes are used to move intermediate products
+ *  from the floating-point registers to the general registers.  Stack
+ *  protocols assure proper alignment of these areas.
+ *
+ */
+
+
+/*  ====================================================================*/
+/*      symbolic definitions for PA-RISC registers      */
+/*      in the MIPS style, avoids lots of case shifts       */
+/*      assigments (except t4) preserve register number parity  */
+/*  ====================================================================*/
+
+#define zero    %r0         /* permanent zero */
+#define t5      %r1         /* temp register, altered by addil */
+
+#define rp      %r2         /* return pointer */
+
+#define s1      %r3         /* callee saves register*/
+#define s0      %r4         /* callee saves register*/
+#define s3      %r5         /* callee saves register*/
+#define s2      %r6         /* callee saves register*/
+#define s5      %r7         /* callee saves register*/
+#define s4      %r8         /* callee saves register*/
+#define s7      %r9         /* callee saves register*/
+#define s6      %r10        /* callee saves register*/
+
+#define t1      %r19        /* caller saves register*/
+#define t0      %r20        /* caller saves register*/
+#define t3      %r21        /* caller saves register*/
+#define t2      %r22        /* caller saves register*/
+
+#define a3      %r23        /* fourth argument register, high word */
+#define a2      %r24        /* third argument register, low word*/
+#define a1      %r25        /* second argument register, high word*/
+#define a0      %r26        /* first argument register, low word*/
+
+#define v0      %r28        /* high order return value*/
+#define v1      %r29        /* low order return value*/
+
+#define sp      %r30        /* stack pointer*/
+#define t4      %r31        /* temporary register   */
+
+#define fa0     %fr4        /* first argument register*/
+#define fa1     %fr5        /* second argument register*/
+#define fa2     %fr6        /* third argument register*/
+#define fa3     %fr7        /* fourth argument register*/
+
+#define fa0r    %fr4R       /* first argument register*/
+#define fa1r    %fr5R       /* second argument register*/
+#define fa2r    %fr6R       /* third argument register*/
+#define fa3r    %fr7R       /* fourth argument register*/
+
+#define ft0     %fr8        /* caller saves register*/
+#define ft1     %fr9        /* caller saves register*/
+#define ft2     %fr10       /* caller saves register*/
+#define ft3     %fr11       /* caller saves register*/
+
+#define ft0r    %fr8R       /* caller saves register*/
+#define ft1r    %fr9R       /* caller saves register*/
+#define ft2r    %fr10R      /* caller saves register*/
+#define ft3r    %fr11R      /* caller saves register*/
+
+#define ft4     %fr22       /* caller saves register*/
+#define ft5     %fr23       /* caller saves register*/
+#define ft6     %fr24       /* caller saves register*/
+#define ft7     %fr25       /* caller saves register*/
+#define ft8     %fr26       /* caller saves register*/
+#define ft9     %fr27       /* caller saves register*/
+#define ft10    %fr28       /* caller saves register*/
+#define ft11    %fr29       /* caller saves register*/
+#define ft12    %fr30       /* caller saves register*/
+#define ft13    %fr31       /* caller saves register*/
+
+#define ft4r    %fr22R      /* caller saves register*/
+#define ft5r    %fr23R      /* caller saves register*/
+#define ft6r    %fr24R      /* caller saves register*/
+#define ft7r    %fr25R      /* caller saves register*/
+#define ft8r    %fr26R      /* caller saves register*/
+#define ft9r    %fr27R      /* caller saves register*/
+#define ft10r   %fr28R      /* caller saves register*/
+#define ft11r   %fr29R      /* caller saves register*/
+#define ft12r   %fr30R      /* caller saves register*/
+#define ft13r   %fr31R      /* caller saves register*/
+
+
+
+/*  ================================================================== */
+/*      functional definitions for PA-RISC registers           */
+/*  ================================================================== */
+
+/*              general registers           */
+
+#define T1      a0          /* temp, (length parameter ignored)             */
+
+#define pM      a1          /* -> 64-bit multiplier                         */
+#define T2      a1          /* temp, (after fetching multiplier)            */
+
+#define pA      a2          /* -> multiplicand vector (8 64-bit words)      */
+#define T3      a2          /* temp, (after fetching multiplicand)          */
+
+#define pR      a3          /* -> addend vector (8 64-bit doublewords,
+                                  result vector (9 64-bit words)            */
+
+#define S0      s0          /* callee saves summand registers               */
+#define S1      s1
+#define S2      s2
+#define S3      s3
+#define S4      s4
+#define S5      s5
+#define S6      s6
+#define S7      s7
+
+#define S8      v0          /* caller saves summand registers               */
+#define S9      v1
+#define S10     t0
+#define S11     t1
+#define S12     t2
+#define S13     t3
+#define S14     t4
+#define S15     t5
+
+
+
+/*              floating-point registers                                    */
+
+#define M       fa0         /* multiplier double word                       */
+#define MR      fa0r        /* low order half of multiplier double word     */
+#define ML      fa0         /* high order half of multiplier double word    */
+
+#define A0      fa2         /* multiplicand double word 0                   */
+#define A0R     fa2r        /* low order half of multiplicand double word   */
+#define A0L     fa2         /* high order half of multiplicand double word  */
+
+#define A1      fa3         /* multiplicand double word 1                   */
+#define A1R     fa3r        /* low order half of multiplicand double word   */
+#define A1L     fa3         /* high order half of multiplicand double word  */
+
+#define A2      ft0         /* multiplicand double word 2                   */
+#define A2R     ft0r        /* low order half of multiplicand double word   */
+#define A2L     ft0         /* high order half of multiplicand double word  */
+
+#define A3      ft1         /* multiplicand double word 3                   */
+#define A3R     ft1r        /* low order half of multiplicand double word   */
+#define A3L     ft1         /* high order half of multiplicand double word  */
+
+#define A4      ft2         /* multiplicand double word 4                   */
+#define A4R     ft2r        /* low order half of multiplicand double word   */
+#define A4L     ft2         /* high order half of multiplicand double word  */
+
+#define A5      ft3         /* multiplicand double word 5                   */
+#define A5R     ft3r        /* low order half of multiplicand double word   */
+#define A5L     ft3         /* high order half of multiplicand double word  */
+
+#define A6      ft4         /* multiplicand double word 6                   */
+#define A6R     ft4r        /* low order half of multiplicand double word   */
+#define A6L     ft4         /* high order half of multiplicand double word  */
+
+#define A7      ft5         /* multiplicand double word 7                   */
+#define A7R     ft5r        /* low order half of multiplicand double word   */
+#define A7L     ft5         /* high order half of multiplicand double word  */
+
+#define P0      ft6         /* product word 0                               */
+#define P1      ft7         /* product word 0                               */
+#define P2      ft8         /* product word 0                               */
+#define P3      ft9         /* product word 0                               */
+#define P4      ft10        /* product word 0                               */
+#define P5      ft11        /* product word 0                               */
+#define P6      ft12        /* product word 0                               */
+#define P7      ft13        /* product word 0                               */
+
+
+
+
+/*  ======================================================================  */
+/*      symbolic definitions for HP-UX stack offsets                        */
+/*      symbolic definitions for memory NOPs                                */
+/*  ======================================================================  */
+
+#define ST_SZ       192         /* stack area total size                    */
+
+#define SV0         -192(sp)    /* general register save area               */
+#define SV1         -184(sp)
+#define SV2         -176(sp)
+#define SV3         -168(sp)
+#define SV4         -160(sp)
+#define SV5         -152(sp)
+#define SV6         -144(sp)
+#define SV7         -136(sp)
+
+#define XF0         -128(sp)    /* data transfer area                       */
+#define XF1         -120(sp)    /* for floating-pt to integer regs          */
+#define XF2         -112(sp)
+#define XF3         -104(sp)
+#define XF4         -96(sp)
+#define XF5         -88(sp)
+#define XF6         -80(sp)
+#define XF7         -72(sp)
+#define XF8         -64(sp)
+#define XF9         -56(sp)
+#define XF10        -48(sp)
+#define XF11        -40(sp)
+#define XF12        -32(sp)
+#define XF13        -24(sp)
+#define XF14        -16(sp)
+#define XF15        -8(sp)
+
+#define mnop    proberi (sp),3,zero     /* memory NOP                       */
+
+
+
+
+/*  ======================================================================  */
+/*      assembler formalities                                               */
+/*  ======================================================================  */
+
+#ifdef __LP64__
+                .level  2.0W
+#else
+                .level  2.0
+#endif
+                .space    $TEXT$
+                .subspa   $CODE$
+                .align    16
+
+/*  ======================================================================  */
+/*      here to compute 64-bit x 512-bit product + 512-bit addend           */
+/*  ======================================================================  */
+
+multacc512
+        .PROC
+        .CALLINFO
+        .ENTER
+    fldd    0(pM),M                 ; multiplier double word
+    ldo     ST_SZ(sp),sp            ; push stack
+
+    fldd    0(pA),A0                ; multiplicand double word 0
+    std     S1,SV1                  ; save s1
+
+    fldd    16(pA),A2               ; multiplicand double word 2
+    std     S3,SV3                  ; save s3
+
+    fldd    32(pA),A4               ; multiplicand double word 4
+    std     S5,SV5                  ; save s5
+
+    fldd    48(pA),A6               ; multiplicand double word 6
+    std     S7,SV7                  ; save s7
+
+
+    std     S0,SV0                  ; save s0
+    fldd    8(pA),A1                ; multiplicand double word 1
+    xmpyu   MR,A0L,P0               ; A0 cross 32-bit word products
+    xmpyu   ML,A0R,P2
+
+    std     S2,SV2                  ; save s2
+    fldd    24(pA),A3               ; multiplicand double word 3
+    xmpyu   MR,A2L,P4               ; A2 cross 32-bit word products
+    xmpyu   ML,A2R,P6
+
+    std     S4,SV4                  ; save s4
+    fldd    40(pA),A5               ; multiplicand double word 5
+
+    std     S6,SV6                  ; save s6
+    fldd    56(pA),A7               ; multiplicand double word 7
+
+
+    fstd    P0,XF0                  ; MR * A0L
+    xmpyu   MR,A0R,P0               ; A0 right 32-bit word product
+    xmpyu   MR,A1L,P1               ; A1 cross 32-bit word product
+
+    fstd    P2,XF2                  ; ML * A0R
+    xmpyu   ML,A0L,P2               ; A0 left 32-bit word product
+    xmpyu   ML,A1R,P3               ; A1 cross 32-bit word product
+
+    fstd    P4,XF4                  ; MR * A2L
+    xmpyu   MR,A2R,P4               ; A2 right 32-bit word product
+    xmpyu   MR,A3L,P5               ; A3 cross 32-bit word product
+
+    fstd    P6,XF6                  ; ML * A2R
+    xmpyu   ML,A2L,P6               ; A2 parallel 32-bit word product
+    xmpyu   ML,A3R,P7               ; A3 cross 32-bit word product
+
+
+    ldd     XF0,S0                  ; MR * A0L
+    fstd    P1,XF1                  ; MR * A1L
+
+    ldd     XF2,S2                  ; ML * A0R
+    fstd    P3,XF3                  ; ML * A1R
+
+    ldd     XF4,S4                  ; MR * A2L
+    fstd    P5,XF5                  ; MR * A3L
+    xmpyu   MR,A1R,P1               ; A1 parallel 32-bit word products
+    xmpyu   ML,A1L,P3
+
+    ldd     XF6,S6                  ; ML * A2R
+    fstd    P7,XF7                  ; ML * A3R
+    xmpyu   MR,A3R,P5               ; A3 parallel 32-bit word products
+    xmpyu   ML,A3L,P7
+
+
+    fstd    P0,XF0                  ; MR * A0R
+    ldd     XF1,S1                  ; MR * A1L
+    nop
+    add     S0,S2,T1                ; A0 cross product sum
+
+    fstd    P2,XF2                  ; ML * A0L
+    ldd     XF3,S3                  ; ML * A1R
+    add,dc  zero,zero,S0            ; A0 cross product sum carry
+    depd,z  T1,31,32,S2             ; A0 cross product sum << 32
+
+    fstd    P4,XF4                  ; MR * A2R
+    ldd     XF5,S5                  ; MR * A3L
+    shrpd   S0,T1,32,S0             ; A0 carry | cross product sum >> 32
+    add     S4,S6,T3                ; A2 cross product sum
+
+    fstd    P6,XF6                  ; ML * A2L
+    ldd     XF7,S7                  ; ML * A3R
+    add,dc  zero,zero,S4            ; A2 cross product sum carry
+    depd,z  T3,31,32,S6             ; A2 cross product sum << 32
+
+
+    ldd     XF0,S8                  ; MR * A0R
+    fstd    P1,XF1                  ; MR * A1R
+    xmpyu   MR,A4L,P0               ; A4 cross 32-bit word product
+    xmpyu   MR,A5L,P1               ; A5 cross 32-bit word product
+
+    ldd     XF2,S10                 ; ML * A0L
+    fstd    P3,XF3                  ; ML * A1L
+    xmpyu   ML,A4R,P2               ; A4 cross 32-bit word product
+    xmpyu   ML,A5R,P3               ; A5 cross 32-bit word product
+
+    ldd     XF4,S12                 ; MR * A2R
+    fstd    P5,XF5                  ; MR * A3L
+    xmpyu   MR,A6L,P4               ; A6 cross 32-bit word product
+    xmpyu   MR,A7L,P5               ; A7 cross 32-bit word product
+
+    ldd     XF6,S14                 ; ML * A2L
+    fstd    P7,XF7                  ; ML * A3L
+    xmpyu   ML,A6R,P6               ; A6 cross 32-bit word product
+    xmpyu   ML,A7R,P7               ; A7 cross 32-bit word product
+
+
+    fstd    P0,XF0                  ; MR * A4L
+    ldd     XF1,S9                  ; MR * A1R
+    shrpd   S4,T3,32,S4             ; A2 carry | cross product sum >> 32
+    add     S1,S3,T1                ; A1 cross product sum
+
+    fstd    P2,XF2                  ; ML * A4R
+    ldd     XF3,S11                 ; ML * A1L
+    add,dc  zero,zero,S1            ; A1 cross product sum carry
+    depd,z  T1,31,32,S3             ; A1 cross product sum << 32
+
+    fstd    P4,XF4                  ; MR * A6L
+    ldd     XF5,S13                 ; MR * A3R
+    shrpd   S1,T1,32,S1             ; A1 carry | cross product sum >> 32
+    add     S5,S7,T3                ; A3 cross product sum
+
+    fstd    P6,XF6                  ; ML * A6R
+    ldd     XF7,S15                 ; ML * A3L
+    add,dc  zero,zero,S5            ; A3 cross product sum carry
+    depd,z  T3,31,32,S7             ; A3 cross product sum << 32
+
+
+    shrpd   S5,T3,32,S5             ; A3 carry | cross product sum >> 32
+    add     S2,S8,S8                ; M * A0 right doubleword, P0 doubleword
+
+    add,dc  S0,S10,S10              ; M * A0 left doubleword
+    add     S3,S9,S9                ; M * A1 right doubleword
+
+    add,dc  S1,S11,S11              ; M * A1 left doubleword
+    add     S6,S12,S12              ; M * A2 right doubleword
+
+
+    ldd     24(pR),S3               ; Addend word 3
+    fstd    P1,XF1                  ; MR * A5L
+    add,dc  S4,S14,S14              ; M * A2 left doubleword
+    xmpyu   MR,A5R,P1               ; A5 right 32-bit word product
+
+    ldd     8(pR),S1                ; Addend word 1
+    fstd    P3,XF3                  ; ML * A5R
+    add     S7,S13,S13              ; M * A3 right doubleword
+    xmpyu   ML,A5L,P3               ; A5 left 32-bit word product
+
+    ldd     0(pR),S7                ; Addend word 0
+    fstd    P5,XF5                  ; MR * A7L
+    add,dc  S5,S15,S15              ; M * A3 left doubleword
+    xmpyu   MR,A7R,P5               ; A7 right 32-bit word product
+
+    ldd     16(pR),S5               ; Addend word 2
+    fstd    P7,XF7                  ; ML * A7R
+    add     S10,S9,S9               ; P1 doubleword
+    xmpyu   ML,A7L,P7               ; A7 left 32-bit word products
+
+
+    ldd     XF0,S0                  ; MR * A4L
+    fstd    P1,XF9                  ; MR * A5R
+    add,dc  S11,S12,S12             ; P2 doubleword
+    xmpyu   MR,A4R,P0               ; A4 right 32-bit word product
+
+    ldd     XF2,S2                  ; ML * A4R
+    fstd    P3,XF11                 ; ML * A5L
+    add,dc  S14,S13,S13             ; P3 doubleword
+    xmpyu   ML,A4L,P2               ; A4 left 32-bit word product
+
+    ldd     XF6,S6                  ; ML * A6R
+    fstd    P5,XF13                 ; MR * A7R
+    add,dc  zero,S15,T2             ; P4 partial doubleword
+    xmpyu   MR,A6R,P4               ; A6 right 32-bit word product
+
+    ldd     XF4,S4                  ; MR * A6L
+    fstd    P7,XF15                 ; ML * A7L
+    add     S7,S8,S8                ; R0 + P0, new R0 doubleword
+    xmpyu   ML,A6L,P6               ; A6 left 32-bit word product
+
+
+    fstd    P0,XF0                  ; MR * A4R
+    ldd     XF7,S7                  ; ML * A7R
+    add,dc  S1,S9,S9                ; c + R1 + P1, new R1 doubleword
+
+    fstd    P2,XF2                  ; ML * A4L
+    ldd     XF1,S1                  ; MR * A5L
+    add,dc  S5,S12,S12              ; c + R2 + P2, new R2 doubleword
+
+    fstd    P4,XF4                  ; MR * A6R
+    ldd     XF5,S5                  ; MR * A7L
+    add,dc  S3,S13,S13              ; c + R3 + P3, new R3 doubleword
+
+    fstd    P6,XF6                  ; ML * A6L
+    ldd     XF3,S3                  ; ML * A5R
+    add,dc  zero,T2,T2              ; c + partial P4
+    add     S0,S2,T1                ; A4 cross product sum
+
+
+    std     S8,0(pR)                ; save R0
+    add,dc  zero,zero,S0            ; A4 cross product sum carry
+    depd,z  T1,31,32,S2             ; A4 cross product sum << 32
+
+    std     S9,8(pR)                ; save R1
+    shrpd   S0,T1,32,S0             ; A4 carry | cross product sum >> 32
+    add     S4,S6,T3                ; A6 cross product sum
+
+    std     S12,16(pR)              ; save R2
+    add,dc  zero,zero,S4            ; A6 cross product sum carry
+    depd,z  T3,31,32,S6             ; A6 cross product sum << 32
+
+
+    std     S13,24(pR)              ; save R3
+    shrpd   S4,T3,32,S4             ; A6 carry | cross product sum >> 32
+    add     S1,S3,T1                ; A5 cross product sum
+
+    ldd     XF0,S8                  ; MR * A4R
+    add,dc  zero,zero,S1            ; A5 cross product sum carry
+    depd,z  T1,31,32,S3             ; A5 cross product sum << 32
+
+    ldd     XF2,S10                 ; ML * A4L
+    ldd     XF9,S9                  ; MR * A5R
+    shrpd   S1,T1,32,S1             ; A5 carry | cross product sum >> 32
+    add     S5,S7,T3                ; A7 cross product sum
+
+    ldd     XF4,S12                 ; MR * A6R
+    ldd     XF11,S11                ; ML * A5L
+    add,dc  zero,zero,S5            ; A7 cross product sum carry
+    depd,z  T3,31,32,S7             ; A7 cross product sum << 32
+
+    ldd     XF6,S14                 ; ML * A6L
+    ldd     XF13,S13                ; MR * A7R
+    shrpd   S5,T3,32,S5             ; A7 carry | cross product sum >> 32
+    add     S2,S8,S8                ; M * A4 right doubleword
+
+
+    ldd     XF15,S15                ; ML * A7L
+    add,dc  S0,S10,S10              ; M * A4 left doubleword
+    add     S3,S9,S9                ; M * A5 right doubleword
+
+    add,dc  S1,S11,S11              ; M * A5 left doubleword
+    add     S6,S12,S12              ; M * A6 right doubleword
+
+    ldd     32(pR),S0               ; Addend word 4
+    ldd     40(pR),S1               ; Addend word 5
+    add,dc  S4,S14,S14              ; M * A6 left doubleword
+    add     S7,S13,S13              ; M * A7 right doubleword
+
+    ldd     48(pR),S2               ; Addend word 6
+    ldd     56(pR),S3               ; Addend word 7
+    add,dc  S5,S15,S15              ; M * A7 left doubleword
+    add     S8,T2,S8                ; P4 doubleword
+
+    ldd     64(pR),S4               ; Addend word 8
+    ldd     SV5,s5                  ; restore s5
+    add,dc  S10,S9,S9               ; P5 doubleword
+    add,dc  S11,S12,S12             ; P6 doubleword
+
+
+    ldd     SV6,s6                  ; restore s6
+    ldd     SV7,s7                  ; restore s7
+    add,dc  S14,S13,S13             ; P7 doubleword
+    add,dc  zero,S15,S15            ; P8 doubleword
+
+    add     S0,S8,S8                ; new R4 doubleword
+
+    ldd     SV0,s0                  ; restore s0
+    std     S8,32(pR)               ; save R4
+    add,dc  S1,S9,S9                ; new R5 doubleword
+
+    ldd     SV1,s1                  ; restore s1
+    std     S9,40(pR)               ; save R5
+    add,dc  S2,S12,S12              ; new R6 doubleword
+
+    ldd     SV2,s2                  ; restore s2
+    std     S12,48(pR)              ; save R6
+    add,dc  S3,S13,S13              ; new R7 doubleword
+
+    ldd     SV3,s3                  ; restore s3
+    std     S13,56(pR)              ; save R7
+    add,dc  S4,S15,S15              ; new R8 doubleword
+
+    ldd     SV4,s4                  ; restore s4
+    std     S15,64(pR)              ; save result[8]
+    add,dc  zero,zero,v0            ; return carry from R8
+
+    CMPIB,*= 0,v0,$L0               ; if no overflow, exit
+    LDO     8(pR),pR
+
+$FINAL1                             ; Final carry propagation
+    LDD     64(pR),v0
+    LDO     8(pR),pR
+    ADDI    1,v0,v0
+    CMPIB,*= 0,v0,$FINAL1           ; Keep looping if there is a carry.
+    STD     v0,56(pR)
+$L0
+    bv      zero(rp)                ; -> caller
+    ldo     -ST_SZ(sp),sp           ; pop stack
+
+/*  ======================================================================  */
+/*      end of module                                                       */
+/*  ======================================================================  */
+
+                .LEAVE
+
+                .PROCEND
+                .SPACE         $TEXT$
+                .SUBSPA        $CODE$
+                .EXPORT        multacc512,ENTRY
+
+        .end
diff --git a/security/nss/lib/freebl/mpi/hppa20.s b/security/nss/lib/freebl/mpi/hppa20.s
new file mode 100644
index 000000000..4cabd249b
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/hppa20.s
@@ -0,0 +1,935 @@
+; ***** BEGIN LICENSE BLOCK *****
+; Version: MPL 1.1/GPL 2.0/LGPL 2.1
+;
+; The contents of this file are subject to the Mozilla Public License Version
+; 1.1 (the "License"); you may not use this file except in compliance with
+; the License. You may obtain a copy of the License at
+; http://www.mozilla.org/MPL/
+;
+; Software distributed under the License is distributed on an "AS IS" basis,
+; WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+; for the specific language governing rights and limitations under the
+; License.
+;
+; The Original Code is MAXPY multiple-precision integer arithmetic.
+;
+; The Initial Developer of the Original Code is
+; the Hewlett-Packard Company.
+; Portions created by the Initial Developer are Copyright (C) 1997
+; the Initial Developer. All Rights Reserved.
+;
+; Contributor(s):
+;   coded by:   William B. Ackerman
+;
+; Alternatively, the contents of this file may be used under the terms of
+; either the GNU General Public License Version 2 or later (the "GPL"), or
+; the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+; in which case the provisions of the GPL or the LGPL are applicable instead
+; of those above. If you wish to allow use of your version of this file only
+; under the terms of either the GPL or the LGPL, and not to allow others to
+; use your version of this file under the terms of the MPL, indicate your
+; decision by deleting the provisions above and replace them with the notice
+; and other provisions required by the GPL or the LGPL. If you do not delete
+; the provisions above, a recipient may use your version of this file under
+; the terms of any one of the MPL, the GPL or the LGPL.
+;
+; ***** END LICENSE BLOCK *****
+
+#ifdef __LP64__
+        .LEVEL   2.0W
+#else
+;       .LEVEL   1.1
+;       .ALLOW   2.0N
+        .LEVEL   2.0N
+#endif
+        .SPACE   $TEXT$,SORT=8
+        .SUBSPA  $CODE$,QUAD=0,ALIGN=4,ACCESS=0x2c,CODE_ONLY,SORT=24
+
+; ***************************************************************
+;
+;                 maxpy_[little/big]
+;
+; ***************************************************************
+
+; There is no default -- you must specify one or the other.
+#define LITTLE_WORDIAN 1
+
+#ifdef LITTLE_WORDIAN
+#define EIGHT 8
+#define SIXTEEN 16
+#define THIRTY_TWO 32
+#define UN_EIGHT -8
+#define UN_SIXTEEN -16
+#define UN_TWENTY_FOUR -24
+#endif
+
+#ifdef BIG_WORDIAN
+#define EIGHT -8
+#define SIXTEEN -16
+#define THIRTY_TWO -32
+#define UN_EIGHT 8
+#define UN_SIXTEEN 16
+#define UN_TWENTY_FOUR 24
+#endif
+
+; This performs a multiple-precision integer version of "daxpy",
+; Using the selected addressing direction.  "Little-wordian" means that
+; the least significant word of a number is stored at the lowest address.
+; "Big-wordian" means that the most significant word is at the lowest
+; address.  Either way, the incoming address of the vector is that
+; of the least significant word.  That means that, for little-wordian
+; addressing, we move the address upward as we propagate carries
+; from the least significant word to the most significant.  For
+; big-wordian we move the address downward.
+
+; We use the following registers:
+;
+;     r2   return PC, of course
+;     r26 = arg1 =  length
+;     r25 = arg2 =  address of scalar
+;     r24 = arg3 =  multiplicand vector
+;     r23 = arg4 =  result vector
+;
+;     fr9 = scalar loaded once only from r25
+
+; The cycle counts shown in the bodies below are simply the result of a
+; scheduling by hand.  The actual PCX-U hardware does it differently.
+; The intention is that the overall speed is the same.
+
+; The pipeline startup and shutdown code is constructed in the usual way,
+; by taking the loop bodies and removing unnecessary instructions.
+; We have left the comments describing cycle numbers in the code.
+; These are intended for reference when comparing with the main loop,
+; and have no particular relationship to actual cycle numbers.
+
+#ifdef LITTLE_WORDIAN
+maxpy_little
+#else
+maxpy_big
+#endif
+        .PROC
+        .CALLINFO FRAME=120,ENTRY_GR=%r4
+        .ENTER
+
+; Of course, real men don't use the sissy "enter" and "leave" commands.
+; They write their own stack manipulation stuff.  Unfortunately,
+; that doesn't generate complete unwind info, whereas "enter" and
+; "leave" (if the documentation is to be believed) do so.  Therefore,
+; we use the sissy commands.  We have verified (by real-man methods)
+; that the above command generates what we want:
+;       STW,MA  %r3,128(%sp)
+;       STW     %r4,-124(%sp)
+
+        ADDIB,< -1,%r26,$L0         ; If N = 0, exit immediately.
+        FLDD    0(%r25),%fr9        ; fr9 = scalar
+
+; First startup
+
+        FLDD    0(%r24),%fr24       ; Cycle 1
+        XMPYU   %fr9R,%fr24R,%fr27  ; Cycle 3
+        XMPYU   %fr9R,%fr24L,%fr25  ; Cycle 4
+        XMPYU   %fr9L,%fr24L,%fr26  ; Cycle 5
+        CMPIB,> 3,%r26,$N_IS_SMALL  ; Pick out cases N = 1, 2, or 3
+        XMPYU   %fr9L,%fr24R,%fr24  ; Cycle 6
+        FLDD    EIGHT(%r24),%fr28   ; Cycle 8
+        XMPYU   %fr9L,%fr28R,%fr31  ; Cycle 10
+        FSTD    %fr24,-96(%sp)
+        XMPYU   %fr9R,%fr28L,%fr30  ; Cycle 11
+        FSTD    %fr25,-80(%sp)
+        LDO     SIXTEEN(%r24),%r24  ; Cycle 12
+        FSTD    %fr31,-64(%sp)
+        XMPYU   %fr9R,%fr28R,%fr29  ; Cycle 13
+        FSTD    %fr27,-48(%sp)
+
+; Second startup
+
+        XMPYU   %fr9L,%fr28L,%fr28  ; Cycle 1
+        FSTD    %fr30,-56(%sp)
+        FLDD    0(%r24),%fr24
+
+        FSTD    %fr26,-88(%sp)      ; Cycle 2
+
+        XMPYU   %fr9R,%fr24R,%fr27  ; Cycle 3
+        FSTD    %fr28,-104(%sp)
+
+        XMPYU   %fr9R,%fr24L,%fr25  ; Cycle 4
+        LDD     -96(%sp),%r3
+        FSTD    %fr29,-72(%sp)
+
+        XMPYU   %fr9L,%fr24L,%fr26  ; Cycle 5
+        LDD     -64(%sp),%r19
+        LDD     -80(%sp),%r21
+
+        XMPYU   %fr9L,%fr24R,%fr24  ; Cycle 6
+        LDD     -56(%sp),%r20
+        ADD     %r21,%r3,%r3
+
+        ADD,DC  %r20,%r19,%r19      ; Cycle 7
+        LDD     -88(%sp),%r4
+        SHRPD   %r3,%r0,32,%r21
+        LDD     -48(%sp),%r1
+
+        FLDD    EIGHT(%r24),%fr28   ; Cycle 8
+        LDD     -104(%sp),%r31
+        ADD,DC  %r0,%r0,%r20
+        SHRPD   %r19,%r3,32,%r3
+
+        LDD     -72(%sp),%r29       ; Cycle 9
+        SHRPD   %r20,%r19,32,%r20
+        ADD     %r21,%r1,%r1
+
+        XMPYU   %fr9L,%fr28R,%fr31  ; Cycle 10
+        ADD,DC  %r3,%r4,%r4
+        FSTD    %fr24,-96(%sp)
+
+        XMPYU   %fr9R,%fr28L,%fr30  ; Cycle 11
+        ADD,DC  %r0,%r20,%r20
+        LDD     0(%r23),%r3
+        FSTD    %fr25,-80(%sp)
+
+        LDO     SIXTEEN(%r24),%r24  ; Cycle 12
+        FSTD    %fr31,-64(%sp)
+
+        XMPYU   %fr9R,%fr28R,%fr29  ; Cycle 13
+        ADD     %r0,%r0,%r0         ; clear the carry bit
+        ADDIB,<= -4,%r26,$ENDLOOP   ; actually happens in cycle 12
+        FSTD    %fr27,-48(%sp)
+;        MFCTL   %cr16,%r21         ; for timing
+;        STD     %r21,-112(%sp)
+
+; Here is the loop.
+
+$LOOP   XMPYU   %fr9L,%fr28L,%fr28  ; Cycle 1
+        ADD,DC  %r29,%r4,%r4
+        FSTD    %fr30,-56(%sp)
+        FLDD    0(%r24),%fr24
+
+        LDO     SIXTEEN(%r23),%r23  ; Cycle 2
+        ADD,DC  %r0,%r20,%r20
+        FSTD    %fr26,-88(%sp)
+
+        XMPYU   %fr9R,%fr24R,%fr27  ; Cycle 3
+        ADD     %r3,%r1,%r1
+        FSTD    %fr28,-104(%sp)
+        LDD     UN_EIGHT(%r23),%r21
+
+        XMPYU   %fr9R,%fr24L,%fr25  ; Cycle 4
+        ADD,DC  %r21,%r4,%r28
+        FSTD    %fr29,-72(%sp)    
+        LDD     -96(%sp),%r3
+
+        XMPYU   %fr9L,%fr24L,%fr26  ; Cycle 5
+        ADD,DC  %r20,%r31,%r22
+        LDD     -64(%sp),%r19
+        LDD     -80(%sp),%r21
+
+        XMPYU   %fr9L,%fr24R,%fr24  ; Cycle 6
+        ADD     %r21,%r3,%r3
+        LDD     -56(%sp),%r20
+        STD     %r1,UN_SIXTEEN(%r23)
+
+        ADD,DC  %r20,%r19,%r19      ; Cycle 7
+        SHRPD   %r3,%r0,32,%r21
+        LDD     -88(%sp),%r4
+        LDD     -48(%sp),%r1
+
+        ADD,DC  %r0,%r0,%r20        ; Cycle 8
+        SHRPD   %r19,%r3,32,%r3
+        FLDD    EIGHT(%r24),%fr28
+        LDD     -104(%sp),%r31
+
+        SHRPD   %r20,%r19,32,%r20   ; Cycle 9
+        ADD     %r21,%r1,%r1
+        STD     %r28,UN_EIGHT(%r23)
+        LDD     -72(%sp),%r29
+
+        XMPYU   %fr9L,%fr28R,%fr31  ; Cycle 10
+        ADD,DC  %r3,%r4,%r4
+        FSTD    %fr24,-96(%sp)
+
+        XMPYU   %fr9R,%fr28L,%fr30  ; Cycle 11
+        ADD,DC  %r0,%r20,%r20
+        FSTD    %fr25,-80(%sp)
+        LDD     0(%r23),%r3
+
+        LDO     SIXTEEN(%r24),%r24  ; Cycle 12
+        FSTD    %fr31,-64(%sp)
+
+        XMPYU   %fr9R,%fr28R,%fr29  ; Cycle 13
+        ADD     %r22,%r1,%r1
+        ADDIB,> -2,%r26,$LOOP       ; actually happens in cycle 12
+        FSTD    %fr27,-48(%sp)
+
+$ENDLOOP
+
+; Shutdown code, first stage.
+
+;        MFCTL   %cr16,%r21         ; for timing
+;        STD     %r21,UN_SIXTEEN(%r23)
+;        LDD     -112(%sp),%r21
+;        STD     %r21,UN_EIGHT(%r23)
+
+        XMPYU   %fr9L,%fr28L,%fr28  ; Cycle 1
+        ADD,DC  %r29,%r4,%r4
+        CMPIB,= 0,%r26,$ONEMORE
+        FSTD    %fr30,-56(%sp)
+
+        LDO     SIXTEEN(%r23),%r23  ; Cycle 2
+        ADD,DC  %r0,%r20,%r20
+        FSTD    %fr26,-88(%sp)
+
+        ADD     %r3,%r1,%r1         ; Cycle 3
+        FSTD    %fr28,-104(%sp)
+        LDD     UN_EIGHT(%r23),%r21
+
+        ADD,DC  %r21,%r4,%r28       ; Cycle 4
+        FSTD    %fr29,-72(%sp)    
+        STD     %r28,UN_EIGHT(%r23) ; moved up from cycle 9
+        LDD     -96(%sp),%r3
+
+        ADD,DC  %r20,%r31,%r22      ; Cycle 5
+        STD     %r1,UN_SIXTEEN(%r23)
+$JOIN4
+        LDD     -64(%sp),%r19
+        LDD     -80(%sp),%r21
+
+        ADD     %r21,%r3,%r3        ; Cycle 6
+        LDD     -56(%sp),%r20
+
+        ADD,DC  %r20,%r19,%r19      ; Cycle 7
+        SHRPD   %r3,%r0,32,%r21
+        LDD     -88(%sp),%r4
+        LDD     -48(%sp),%r1
+
+        ADD,DC  %r0,%r0,%r20        ; Cycle 8
+        SHRPD   %r19,%r3,32,%r3
+        LDD     -104(%sp),%r31
+
+        SHRPD   %r20,%r19,32,%r20   ; Cycle 9
+        ADD     %r21,%r1,%r1
+        LDD     -72(%sp),%r29
+
+        ADD,DC  %r3,%r4,%r4         ; Cycle 10
+
+        ADD,DC  %r0,%r20,%r20       ; Cycle 11
+        LDD     0(%r23),%r3
+
+        ADD     %r22,%r1,%r1        ; Cycle 13
+
+; Shutdown code, second stage.
+
+        ADD,DC  %r29,%r4,%r4        ; Cycle 1
+
+        LDO     SIXTEEN(%r23),%r23  ; Cycle 2
+        ADD,DC  %r0,%r20,%r20
+
+        LDD     UN_EIGHT(%r23),%r21 ; Cycle 3
+        ADD     %r3,%r1,%r1
+
+        ADD,DC  %r21,%r4,%r28       ; Cycle 4
+
+        ADD,DC  %r20,%r31,%r22      ; Cycle 5
+
+        STD     %r1,UN_SIXTEEN(%r23); Cycle 6
+
+        STD     %r28,UN_EIGHT(%r23) ; Cycle 9
+
+        LDD     0(%r23),%r3         ; Cycle 11
+
+; Shutdown code, third stage.
+
+        LDO     SIXTEEN(%r23),%r23
+        ADD     %r3,%r22,%r1
+$JOIN1  ADD,DC  %r0,%r0,%r21
+        CMPIB,*= 0,%r21,$L0         ; if no overflow, exit
+        STD     %r1,UN_SIXTEEN(%r23)
+
+; Final carry propagation
+
+$FINAL1 LDO     EIGHT(%r23),%r23
+        LDD     UN_SIXTEEN(%r23),%r21
+        ADDI    1,%r21,%r21
+        CMPIB,*= 0,%r21,$FINAL1     ; Keep looping if there is a carry.
+        STD     %r21,UN_SIXTEEN(%r23)
+        B       $L0
+        NOP
+
+; Here is the code that handles the difficult cases N=1, N=2, and N=3.
+; We do the usual trick -- branch out of the startup code at appropriate
+; points, and branch into the shutdown code.
+
+$N_IS_SMALL
+        CMPIB,= 0,%r26,$N_IS_ONE
+        FSTD    %fr24,-96(%sp)      ; Cycle 10
+        FLDD    EIGHT(%r24),%fr28   ; Cycle 8
+        XMPYU   %fr9L,%fr28R,%fr31  ; Cycle 10
+        XMPYU   %fr9R,%fr28L,%fr30  ; Cycle 11
+        FSTD    %fr25,-80(%sp)
+        FSTD    %fr31,-64(%sp)      ; Cycle 12
+        XMPYU   %fr9R,%fr28R,%fr29  ; Cycle 13
+        FSTD    %fr27,-48(%sp)
+        XMPYU   %fr9L,%fr28L,%fr28  ; Cycle 1
+        CMPIB,= 2,%r26,$N_IS_THREE
+        FSTD    %fr30,-56(%sp)
+
+; N = 2
+        FSTD    %fr26,-88(%sp)      ; Cycle 2
+        FSTD    %fr28,-104(%sp)     ; Cycle 3
+        LDD     -96(%sp),%r3        ; Cycle 4
+        FSTD    %fr29,-72(%sp)
+        B       $JOIN4
+        ADD     %r0,%r0,%r22
+
+$N_IS_THREE
+        FLDD    SIXTEEN(%r24),%fr24
+        FSTD    %fr26,-88(%sp)      ; Cycle 2
+        XMPYU   %fr9R,%fr24R,%fr27  ; Cycle 3
+        FSTD    %fr28,-104(%sp)
+        XMPYU   %fr9R,%fr24L,%fr25  ; Cycle 4
+        LDD     -96(%sp),%r3
+        FSTD    %fr29,-72(%sp)
+        XMPYU   %fr9L,%fr24L,%fr26  ; Cycle 5
+        LDD     -64(%sp),%r19
+        LDD     -80(%sp),%r21
+        B       $JOIN3
+        ADD     %r0,%r0,%r22
+
+$N_IS_ONE
+        FSTD    %fr25,-80(%sp)
+        FSTD    %fr27,-48(%sp)
+        FSTD    %fr26,-88(%sp)      ; Cycle 2
+        B       $JOIN5
+        ADD     %r0,%r0,%r22
+
+; We came out of the unrolled loop with wrong parity.  Do one more
+; single cycle.  This is quite tricky, because of the way the
+; carry chains and SHRPD chains have been chopped up.
+
+$ONEMORE
+
+        FLDD    0(%r24),%fr24
+
+        LDO     SIXTEEN(%r23),%r23  ; Cycle 2
+        ADD,DC  %r0,%r20,%r20
+        FSTD    %fr26,-88(%sp)
+
+        XMPYU   %fr9R,%fr24R,%fr27  ; Cycle 3
+        FSTD    %fr28,-104(%sp)
+        LDD     UN_EIGHT(%r23),%r21
+        ADD     %r3,%r1,%r1
+
+        XMPYU   %fr9R,%fr24L,%fr25  ; Cycle 4
+        ADD,DC  %r21,%r4,%r28
+        STD     %r28,UN_EIGHT(%r23) ; moved from cycle 9
+        LDD     -96(%sp),%r3
+        FSTD    %fr29,-72(%sp)    
+
+        XMPYU   %fr9L,%fr24L,%fr26  ; Cycle 5
+        ADD,DC  %r20,%r31,%r22
+        LDD     -64(%sp),%r19
+        LDD     -80(%sp),%r21
+
+        STD     %r1,UN_SIXTEEN(%r23); Cycle 6
+$JOIN3
+        XMPYU   %fr9L,%fr24R,%fr24
+        LDD     -56(%sp),%r20
+        ADD     %r21,%r3,%r3
+
+        ADD,DC  %r20,%r19,%r19      ; Cycle 7
+        LDD     -88(%sp),%r4
+        SHRPD   %r3,%r0,32,%r21
+        LDD     -48(%sp),%r1
+
+        LDD     -104(%sp),%r31      ; Cycle 8
+        ADD,DC  %r0,%r0,%r20
+        SHRPD   %r19,%r3,32,%r3
+
+        LDD     -72(%sp),%r29       ; Cycle 9
+        SHRPD   %r20,%r19,32,%r20
+        ADD     %r21,%r1,%r1
+
+        ADD,DC  %r3,%r4,%r4         ; Cycle 10
+        FSTD    %fr24,-96(%sp)
+
+        ADD,DC  %r0,%r20,%r20       ; Cycle 11
+        LDD     0(%r23),%r3
+        FSTD    %fr25,-80(%sp)
+
+        ADD     %r22,%r1,%r1        ; Cycle 13
+        FSTD    %fr27,-48(%sp)
+
+; Shutdown code, stage 1-1/2.
+
+        ADD,DC  %r29,%r4,%r4        ; Cycle 1
+
+        LDO     SIXTEEN(%r23),%r23  ; Cycle 2
+        ADD,DC  %r0,%r20,%r20     
+        FSTD    %fr26,-88(%sp)
+
+        LDD     UN_EIGHT(%r23),%r21 ; Cycle 3
+        ADD     %r3,%r1,%r1
+
+        ADD,DC  %r21,%r4,%r28       ; Cycle 4
+        STD     %r28,UN_EIGHT(%r23) ; moved from cycle 9
+
+        ADD,DC  %r20,%r31,%r22      ; Cycle 5
+        STD     %r1,UN_SIXTEEN(%r23)
+$JOIN5
+        LDD     -96(%sp),%r3        ; moved from cycle 4
+        LDD     -80(%sp),%r21
+        ADD     %r21,%r3,%r3        ; Cycle 6
+        ADD,DC  %r0,%r0,%r19        ; Cycle 7
+        LDD     -88(%sp),%r4
+        SHRPD   %r3,%r0,32,%r21
+        LDD     -48(%sp),%r1
+        SHRPD   %r19,%r3,32,%r3     ; Cycle 8
+        ADD     %r21,%r1,%r1        ; Cycle 9
+        ADD,DC  %r3,%r4,%r4         ; Cycle 10
+        LDD     0(%r23),%r3         ; Cycle 11
+        ADD     %r22,%r1,%r1        ; Cycle 13
+
+; Shutdown code, stage 2-1/2.
+
+        ADD,DC  %r0,%r4,%r4         ; Cycle 1
+        LDO     SIXTEEN(%r23),%r23  ; Cycle 2
+        LDD     UN_EIGHT(%r23),%r21 ; Cycle 3
+        ADD     %r3,%r1,%r1
+        STD     %r1,UN_SIXTEEN(%r23)
+        ADD,DC  %r21,%r4,%r1
+        B       $JOIN1
+        LDO     EIGHT(%r23),%r23
+
+; exit
+
+$L0
+        .LEAVE
+
+; We have verified that the above command generates what we want:
+;       LDW     -124(%sp),%r4
+;       BVE     (%r2)
+;       LDW,MB  -128(%sp),%r3
+
+        .PROCEND
+
+; ***************************************************************
+;
+;                 add_diag_[little/big]
+;
+; ***************************************************************
+
+; The arguments are as follows:
+;     r2   return PC, of course
+;     r26 = arg1 =  length
+;     r25 = arg2 =  vector to square
+;     r24 = arg3 =  result vector
+
+#ifdef LITTLE_WORDIAN
+add_diag_little
+#else
+add_diag_big
+#endif
+        .PROC
+        .CALLINFO FRAME=120,ENTRY_GR=%r4
+        .ENTER
+
+        ADDIB,< -1,%r26,$Z0         ; If N=0, exit immediately.
+        NOP
+
+; Startup code
+
+        FLDD    0(%r25),%fr7        ; Cycle 2 (alternate body)
+        XMPYU   %fr7R,%fr7R,%fr29   ; Cycle 4
+        XMPYU   %fr7L,%fr7R,%fr27   ; Cycle 5
+        XMPYU   %fr7L,%fr7L,%fr30
+        LDO     SIXTEEN(%r25),%r25  ; Cycle 6
+        FSTD    %fr29,-88(%sp)
+        FSTD    %fr27,-72(%sp)      ; Cycle 7
+        CMPIB,= 0,%r26,$DIAG_N_IS_ONE ; Cycle 1 (main body)
+        FSTD    %fr30,-96(%sp)
+        FLDD    UN_EIGHT(%r25),%fr7 ; Cycle 2
+        LDD     -88(%sp),%r22       ; Cycle 3
+        LDD     -72(%sp),%r31       ; Cycle 4
+        XMPYU   %fr7R,%fr7R,%fr28
+        XMPYU   %fr7L,%fr7R,%fr24   ; Cycle 5
+        XMPYU   %fr7L,%fr7L,%fr31
+        LDD     -96(%sp),%r20       ; Cycle 6
+        FSTD    %fr28,-80(%sp)
+        ADD     %r0,%r0,%r0         ; clear the carry bit
+        ADDIB,<= -2,%r26,$ENDDIAGLOOP ; Cycle 7
+        FSTD    %fr24,-64(%sp)
+
+; Here is the loop.  It is unrolled twice, modelled after the "alternate body" and then the "main body".
+
+$DIAGLOOP
+        SHRPD   %r31,%r0,31,%r3     ; Cycle 1 (alternate body)
+        LDO     SIXTEEN(%r25),%r25
+        LDD     0(%r24),%r1
+        FSTD    %fr31,-104(%sp)
+        SHRPD   %r0,%r31,31,%r4     ; Cycle 2
+        ADD,DC  %r22,%r3,%r3
+        FLDD    UN_SIXTEEN(%r25),%fr7   
+        ADD,DC  %r0,%r20,%r20       ; Cycle 3
+        ADD     %r1,%r3,%r3
+        XMPYU   %fr7R,%fr7R,%fr29   ; Cycle 4
+        LDD     -80(%sp),%r21
+        STD     %r3,0(%r24)
+        XMPYU   %fr7L,%fr7R,%fr27   ; Cycle 5
+        XMPYU   %fr7L,%fr7L,%fr30
+        LDD     -64(%sp),%r29       
+        LDD     EIGHT(%r24),%r1  
+        ADD,DC  %r4,%r20,%r20       ; Cycle 6
+        LDD     -104(%sp),%r19
+        FSTD    %fr29,-88(%sp)
+        ADD     %r20,%r1,%r1        ; Cycle 7
+        FSTD    %fr27,-72(%sp)
+        SHRPD   %r29,%r0,31,%r4     ; Cycle 1 (main body)
+        LDO     THIRTY_TWO(%r24),%r24
+        LDD     UN_SIXTEEN(%r24),%r28
+        FSTD    %fr30,-96(%sp)
+        SHRPD   %r0,%r29,31,%r3     ; Cycle 2
+        ADD,DC  %r21,%r4,%r4
+        FLDD    UN_EIGHT(%r25),%fr7
+        STD     %r1,UN_TWENTY_FOUR(%r24)
+        ADD,DC  %r0,%r19,%r19       ; Cycle 3
+        ADD     %r28,%r4,%r4
+        XMPYU   %fr7R,%fr7R,%fr28   ; Cycle 4
+        LDD     -88(%sp),%r22
+        STD     %r4,UN_SIXTEEN(%r24)
+        XMPYU   %fr7L,%fr7R,%fr24   ; Cycle 5
+        XMPYU   %fr7L,%fr7L,%fr31
+        LDD     -72(%sp),%r31
+        LDD     UN_EIGHT(%r24),%r28
+        ADD,DC  %r3,%r19,%r19       ; Cycle 6
+        LDD     -96(%sp),%r20
+        FSTD    %fr28,-80(%sp)
+        ADD     %r19,%r28,%r28      ; Cycle 7
+        FSTD    %fr24,-64(%sp)
+        ADDIB,> -2,%r26,$DIAGLOOP   ; Cycle 8
+        STD     %r28,UN_EIGHT(%r24)
+
+$ENDDIAGLOOP
+
+        ADD,DC  %r0,%r22,%r22    
+        CMPIB,= 0,%r26,$ONEMOREDIAG
+        SHRPD   %r31,%r0,31,%r3
+
+; Shutdown code, first stage.
+
+        FSTD    %fr31,-104(%sp)     ; Cycle 1 (alternate body)
+        LDD     0(%r24),%r28
+        SHRPD   %r0,%r31,31,%r4     ; Cycle 2
+        ADD     %r3,%r22,%r3
+        ADD,DC  %r0,%r20,%r20       ; Cycle 3
+        LDD     -80(%sp),%r21
+        ADD     %r3,%r28,%r3
+        LDD     -64(%sp),%r29       ; Cycle 4
+        STD     %r3,0(%r24)
+        LDD     EIGHT(%r24),%r1     ; Cycle 5
+        LDO     SIXTEEN(%r25),%r25  ; Cycle 6
+        LDD     -104(%sp),%r19
+        ADD,DC  %r4,%r20,%r20
+        ADD     %r20,%r1,%r1        ; Cycle 7
+        ADD,DC  %r0,%r21,%r21       ; Cycle 8
+        STD     %r1,EIGHT(%r24)
+
+; Shutdown code, second stage.
+
+        SHRPD   %r29,%r0,31,%r4     ; Cycle 1 (main body)
+        LDO     THIRTY_TWO(%r24),%r24
+        LDD     UN_SIXTEEN(%r24),%r1
+        SHRPD   %r0,%r29,31,%r3      ; Cycle 2
+        ADD     %r4,%r21,%r4
+        ADD,DC  %r0,%r19,%r19       ; Cycle 3
+        ADD     %r4,%r1,%r4
+        STD     %r4,UN_SIXTEEN(%r24); Cycle 4
+        LDD     UN_EIGHT(%r24),%r28 ; Cycle 5
+        ADD,DC  %r3,%r19,%r19       ; Cycle 6       
+        ADD     %r19,%r28,%r28      ; Cycle 7
+        ADD,DC  %r0,%r0,%r22        ; Cycle 8
+        CMPIB,*= 0,%r22,$Z0         ; if no overflow, exit
+        STD     %r28,UN_EIGHT(%r24)
+
+; Final carry propagation
+
+$FDIAG2
+        LDO     EIGHT(%r24),%r24
+        LDD     UN_EIGHT(%r24),%r26
+        ADDI    1,%r26,%r26
+        CMPIB,*= 0,%r26,$FDIAG2     ; Keep looping if there is a carry.
+        STD     %r26,UN_EIGHT(%r24)
+
+        B   $Z0
+        NOP
+
+; Here is the code that handles the difficult case N=1.
+; We do the usual trick -- branch out of the startup code at appropriate
+; points, and branch into the shutdown code.
+
+$DIAG_N_IS_ONE
+
+        LDD     -88(%sp),%r22
+        LDD     -72(%sp),%r31
+        B       $JOINDIAG
+        LDD     -96(%sp),%r20
+
+; We came out of the unrolled loop with wrong parity.  Do one more
+; single cycle.  This is the "alternate body".  It will, of course,
+; give us opposite registers from the other case, so we need
+; completely different shutdown code.
+
+$ONEMOREDIAG
+        FSTD    %fr31,-104(%sp)     ; Cycle 1 (alternate body)
+        LDD     0(%r24),%r28
+        FLDD    0(%r25),%fr7        ; Cycle 2
+        SHRPD   %r0,%r31,31,%r4
+        ADD     %r3,%r22,%r3
+        ADD,DC  %r0,%r20,%r20       ; Cycle 3
+        LDD     -80(%sp),%r21
+        ADD     %r3,%r28,%r3
+        LDD     -64(%sp),%r29       ; Cycle 4
+        STD     %r3,0(%r24)
+        XMPYU   %fr7R,%fr7R,%fr29
+        LDD     EIGHT(%r24),%r1     ; Cycle 5
+        XMPYU   %fr7L,%fr7R,%fr27
+        XMPYU   %fr7L,%fr7L,%fr30
+        LDD     -104(%sp),%r19      ; Cycle 6
+        FSTD    %fr29,-88(%sp)
+        ADD,DC  %r4,%r20,%r20
+        FSTD    %fr27,-72(%sp)      ; Cycle 7
+        ADD     %r20,%r1,%r1
+        ADD,DC  %r0,%r21,%r21       ; Cycle 8
+        STD     %r1,EIGHT(%r24)
+
+; Shutdown code, first stage.
+
+        SHRPD   %r29,%r0,31,%r4     ; Cycle 1 (main body)
+        LDO     THIRTY_TWO(%r24),%r24
+        FSTD    %fr30,-96(%sp)
+        LDD     UN_SIXTEEN(%r24),%r1
+        SHRPD   %r0,%r29,31,%r3     ; Cycle 2
+        ADD     %r4,%r21,%r4
+        ADD,DC  %r0,%r19,%r19       ; Cycle 3
+        LDD     -88(%sp),%r22
+        ADD     %r4,%r1,%r4
+        LDD     -72(%sp),%r31       ; Cycle 4
+        STD     %r4,UN_SIXTEEN(%r24)
+        LDD     UN_EIGHT(%r24),%r28 ; Cycle 5
+        LDD     -96(%sp),%r20       ; Cycle 6
+        ADD,DC  %r3,%r19,%r19
+        ADD     %r19,%r28,%r28      ; Cycle 7
+        ADD,DC  %r0,%r22,%r22       ; Cycle 8
+        STD     %r28,UN_EIGHT(%r24)
+
+; Shutdown code, second stage.
+
+$JOINDIAG
+        SHRPD   %r31,%r0,31,%r3     ; Cycle 1 (alternate body)
+        LDD     0(%r24),%r28        
+        SHRPD   %r0,%r31,31,%r4     ; Cycle 2
+        ADD     %r3,%r22,%r3
+        ADD,DC  %r0,%r20,%r20       ; Cycle 3
+        ADD     %r3,%r28,%r3
+        STD     %r3,0(%r24)         ; Cycle 4
+        LDD     EIGHT(%r24),%r1     ; Cycle 5
+        ADD,DC  %r4,%r20,%r20
+        ADD     %r20,%r1,%r1        ; Cycle 7
+        ADD,DC  %r0,%r0,%r21        ; Cycle 8
+        CMPIB,*= 0,%r21,$Z0         ; if no overflow, exit
+        STD     %r1,EIGHT(%r24)
+
+; Final carry propagation
+
+$FDIAG1
+        LDO     EIGHT(%r24),%r24
+        LDD     EIGHT(%r24),%r26
+        ADDI    1,%r26,%r26
+        CMPIB,*= 0,%r26,$FDIAG1    ; Keep looping if there is a carry.
+        STD     %r26,EIGHT(%r24)
+
+$Z0
+        .LEAVE
+        .PROCEND
+;	.ALLOW
+
+        .SPACE         $TEXT$
+        .SUBSPA        $CODE$
+#ifdef LITTLE_WORDIAN
+        .EXPORT        maxpy_little,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,LONG_RETURN
+        .EXPORT        add_diag_little,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,LONG_RETURN
+#else
+        .EXPORT        maxpy_big,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,LONG_RETURN
+        .EXPORT        add_diag_big,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,LONG_RETURN
+#endif
+        .END
+
+
+; How to use "maxpy_PA20_little" and "maxpy_PA20_big"
+; 
+; The routine "maxpy_PA20_little" or "maxpy_PA20_big"
+; performs a 64-bit x any-size multiply, and adds the
+; result to an area of memory.  That is, it performs
+; something like
+; 
+;      A B C D
+;    *       Z
+;   __________
+;    P Q R S T
+; 
+; and then adds the "PQRST" vector into an area of memory,
+; handling all carries.
+; 
+; Digression on nomenclature and endian-ness:
+; 
+; Each of the capital letters in the above represents a 64-bit
+; quantity.  That is, you could think of the discussion as
+; being in terms of radix-16-quintillion arithmetic.  The data
+; type being manipulated is "unsigned long long int".  This
+; requires the 64-bit extension of the HP-UX C compiler,
+; available at release 10.  You need these compiler flags to
+; enable these extensions:
+; 
+;       -Aa +e +DA2.0 +DS2.0
+; 
+; (The first specifies ANSI C, the second enables the
+; extensions, which are beyond ANSI C, and the third and
+; fourth tell the compiler to use whatever features of the
+; PA2.0 architecture it wishes, in order to made the code more
+; efficient.  Since the presence of the assembly code will
+; make the program unable to run on anything less than PA2.0,
+; you might as well gain the performance enhancements in the C
+; code as well.)
+; 
+; Questions of "endian-ness" often come up, usually in the
+; context of byte ordering in a word.  These routines have a
+; similar issue, that could be called "wordian-ness".
+; Independent of byte ordering (PA is always big-endian), one
+; can make two choices when representing extremely large
+; numbers as arrays of 64-bit doublewords in memory.
+; 
+; "Little-wordian" layout means that the least significant
+; word of a number is stored at the lowest address.
+; 
+;   MSW     LSW
+;    |       |
+;    V       V
+; 
+;    A B C D E
+; 
+;    ^     ^ ^
+;    |     | |____ address 0
+;    |     |
+;    |     |_______address 8
+;    |
+;    address 32
+; 
+; "Big-wordian" means that the most significant word is at the
+; lowest address.
+; 
+;   MSW     LSW
+;    |       |
+;    V       V
+; 
+;    A B C D E
+; 
+;    ^     ^ ^
+;    |     | |____ address 32
+;    |     |
+;    |     |_______address 24
+;    |
+;    address 0
+; 
+; When you compile the file, you must specify one or the other, with
+; a switch "-DLITTLE_WORDIAN" or "-DBIG_WORDIAN".
+; 
+;     Incidentally, you assemble this file as part of your
+;     project with the same C compiler as the rest of the program.
+;     My "makefile" for a superprecision arithmetic package has
+;     the following stuff:
+; 
+;     # definitions:
+;     CC = cc -Aa +e -z +DA2.0 +DS2.0 +w1
+;     CFLAGS = +O3
+;     LDFLAGS = -L /usr/lib -Wl,-aarchive
+; 
+;     # general build rule for ".s" files:
+;     .s.o:
+;             $(CC) $(CFLAGS) -c $< -DBIG_WORDIAN
+; 
+;     # Now any bind step that calls for pa20.o will assemble pa20.s
+; 
+; End of digression, back to arithmetic:
+; 
+; The way we multiply two huge numbers is, of course, to multiply
+; the "ABCD" vector by each of the "WXYZ" doublewords, adding
+; the result vectors with increasing offsets, the way we learned
+; in school, back before we all used calculators:
+; 
+;            A B C D
+;          * W X Y Z
+;         __________
+;          P Q R S T
+;        E F G H I
+;      M N O P Q
+;  + R S T U V
+;    _______________
+;    F I N A L S U M
+; 
+; So we call maxpy_PA20_big (in my case; my package is
+; big-wordian) repeatedly, giving the W, X, Y, and Z arguments
+; in turn as the "scalar", and giving the "ABCD" vector each
+; time.  We direct it to add its result into an area of memory
+; that we have cleared at the start.  We skew the exact
+; location into that area with each call.
+; 
+; The prototype for the function is
+; 
+; extern void maxpy_PA20_big(
+;    int length,        /* Number of doublewords in the multiplicand vector. */
+;    const long long int *scalaraddr,    /* Address to fetch the scalar. */
+;    const long long int *multiplicand,  /* The multiplicand vector. */
+;    long long int *result);             /* Where to accumulate the result. */
+; 
+; (You should place a copy of this prototype in an include file
+; or in your C file.)
+; 
+; Now, IN ALL CASES, the given address for the multiplicand or
+; the result is that of the LEAST SIGNIFICANT DOUBLEWORD.
+; That word is, of course, the word at which the routine
+; starts processing.  "maxpy_PA20_little" then increases the
+; addresses as it computes.  "maxpy_PA20_big" decreases them.
+; 
+; In our example above, "length" would be 4 in each case.
+; "multiplicand" would be the "ABCD" vector.  Specifically,
+; the address of the element "D".  "scalaraddr" would be the
+; address of "W", "X", "Y", or "Z" on the four calls that we
+; would make.  (The order doesn't matter, of course.)
+; "result" would be the appropriate address in the result
+; area.  When multiplying by "Z", that would be the least
+; significant word.  When multiplying by "Y", it would be the
+; next higher word (8 bytes higher if little-wordian; 8 bytes
+; lower if big-wordian), and so on.  The size of the result
+; area must be the the sum of the sizes of the multiplicand
+; and multiplier vectors, and must be initialized to zero
+; before we start.
+; 
+; Whenever the routine adds its partial product into the result
+; vector, it follows carry chains as far as they need to go.
+; 
+; Here is the super-precision multiply routine that I use for
+; my package.  The package is big-wordian.  I have taken out
+; handling of exponents (it's a floating point package):
+; 
+; static void mul_PA20(
+;   int size,
+;   const long long int *arg1,
+;   const long long int *arg2,
+;   long long int *result)
+; {
+;    int i;
+; 
+;    for (i=0 ; i<2*size ; i++) result[i] = 0ULL;
+; 
+;    for (i=0 ; i<size ; i++) {
+;       maxpy_PA20_big(size, &arg2[i], &arg1[size-1], &result[size+i]);
+;    }
+; }
diff --git a/security/nss/lib/freebl/mpi/hppatch.adb b/security/nss/lib/freebl/mpi/hppatch.adb
new file mode 100644
index 000000000..f07cc29f5
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/hppatch.adb
@@ -0,0 +1,54 @@
+#/bin/sh
+#
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is script to change the system id in an object file from PA-RISC 2.0 to 1.1.
+#
+# The Initial Developer of the Original Code is
+# Hewlett-Packard Company.
+# Portions created by the Initial Developer are Copyright (C) 1999
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#   wrapped by Dennis Handly on Tue Mar 23 15:23:43 1999
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+# script to change the system id in an object file from PA-RISC 2.0 to 1.1
+
+adb -w $1 << EOF
+?m 0 -1 0
+0x0?X
+0x0?W (@0x0&~0x40000)|(~@0x0&0x40000)
+
+0?"change checksum"
+0x7c?X
+0x7c?W (@0x7c&~0x40000)|(~@0x7c&0x40000)
+$q
+EOF
+
+exit 0
+
diff --git a/security/nss/lib/freebl/mpi/logtab.h b/security/nss/lib/freebl/mpi/logtab.h
new file mode 100644
index 000000000..636fd7245
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/logtab.h
@@ -0,0 +1,62 @@
+/*
+ *  logtab.h
+ *
+ *  Arbitrary precision integer arithmetic library
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+const float s_logv_2[] = {
+   0.000000000f, 0.000000000f, 1.000000000f, 0.630929754f,  /*  0  1  2  3 */
+   0.500000000f, 0.430676558f, 0.386852807f, 0.356207187f,  /*  4  5  6  7 */
+   0.333333333f, 0.315464877f, 0.301029996f, 0.289064826f,  /*  8  9 10 11 */
+   0.278942946f, 0.270238154f, 0.262649535f, 0.255958025f,  /* 12 13 14 15 */
+   0.250000000f, 0.244650542f, 0.239812467f, 0.235408913f,  /* 16 17 18 19 */
+   0.231378213f, 0.227670249f, 0.224243824f, 0.221064729f,  /* 20 21 22 23 */
+   0.218104292f, 0.215338279f, 0.212746054f, 0.210309918f,  /* 24 25 26 27 */
+   0.208014598f, 0.205846832f, 0.203795047f, 0.201849087f,  /* 28 29 30 31 */
+   0.200000000f, 0.198239863f, 0.196561632f, 0.194959022f,  /* 32 33 34 35 */
+   0.193426404f, 0.191958720f, 0.190551412f, 0.189200360f,  /* 36 37 38 39 */
+   0.187901825f, 0.186652411f, 0.185449023f, 0.184288833f,  /* 40 41 42 43 */
+   0.183169251f, 0.182087900f, 0.181042597f, 0.180031327f,  /* 44 45 46 47 */
+   0.179052232f, 0.178103594f, 0.177183820f, 0.176291434f,  /* 48 49 50 51 */
+   0.175425064f, 0.174583430f, 0.173765343f, 0.172969690f,  /* 52 53 54 55 */
+   0.172195434f, 0.171441601f, 0.170707280f, 0.169991616f,  /* 56 57 58 59 */
+   0.169293808f, 0.168613099f, 0.167948779f, 0.167300179f,  /* 60 61 62 63 */
+   0.166666667f
+};
+
diff --git a/security/nss/lib/freebl/mpi/make-logtab b/security/nss/lib/freebl/mpi/make-logtab
new file mode 100755
index 000000000..dc1ec575b
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/make-logtab
@@ -0,0 +1,64 @@
+#!/usr/linguist/bin/perl
+
+#
+# make-logtab
+#
+# Generate a table of logarithms of 2 in various bases, for use in
+# estimating the output sizes of various bases.
+
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the MPI Arbitrary Precision Integer Arithmetic
+# library.
+#
+# The Initial Developer of the Original Code is
+# Michael J. Fromberger <sting@linguist.dartmouth.edu>
+# Portions created by the Initial Developer are Copyright (C) 1998, 2000
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+# $Id$
+
+$ARRAYNAME = $ENV{'ARRAYNAME'} || "s_logv_2";
+$ARRAYTYPE = $ENV{'ARRAYTYPE'} || "float";
+
+printf("const %s %s[] = {\n   %0.9ff, %0.9ff, ", 
+       $ARRAYTYPE, $ARRAYNAME, 0, 0);
+$brk = 2;
+for($ix = 2; $ix < 64; $ix++) {
+    printf("%0.9ff, ", (log(2)/log($ix)));
+    $brk = ($brk + 1) & 3;
+    if(!$brk) {
+	printf(" /* %2d %2d %2d %2d */\n   ",
+	       $ix - 3, $ix - 2, $ix - 1, $ix);
+    }
+}
+printf("%0.9ff\n};\n\n", (log(2)/log($ix)));
+
+exit 0;
diff --git a/security/nss/lib/freebl/mpi/make-test-arrays b/security/nss/lib/freebl/mpi/make-test-arrays
new file mode 100755
index 000000000..8dd19fc4f
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/make-test-arrays
@@ -0,0 +1,133 @@
+#!/usr/linguist/bin/perl
+
+#
+# make-test-arrays
+#
+# Given a test-arrays file, which specifies the test suite names, the
+# names of the functions which perform those test suites, and
+# descriptive comments, this script generates C structures for the
+# mpi-test program.  The input consists of lines of the form:
+#
+# suite-name:function-name:comment
+#
+# The output is written to the standard output.  Blank lines are
+# ignored, and comments beginning with '#' are stripped.
+
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+#
+# The Initial Developer of the Original Code is
+# Michael J. Fromberger <sting@linguist.dartmouth.edu>.
+# Portions created by the Initial Developer are Copyright (C) 1998
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+# $Id$
+#
+
+# Read parameters from the environment, if available
+$NAMEVAR = $ENV{'NAMEVAR'} || "g_names";
+$COUNTVAR = $ENV{'COUNTVAR'} || "g_count";
+$FUNCVAR = $ENV{'FUNCVAR'} || "g_tests";
+$DESCVAR = $ENV{'DESCVAR'} || "g_descs";
+$FUNCLEN = 13;
+$NAMELEN = 18;
+$DESCLEN = 45;
+
+#------------------------------------------------------------------------
+# Suck in input from the files on the command line, or standard input
+while(<>) {
+    chomp;
+    s/\#.*$//;
+    next if /^\s*$/;
+
+    ($suite, $func, $desc) = split(/:/, $_);
+
+    $tmp = { "suite" => $suite,
+	     "func"  => $func,
+	     "desc"  => $desc };
+
+    push(@item, $tmp);
+}
+$count = scalar(@item);
+$last = pop(@item);
+
+#------------------------------------------------------------------------
+# Output the table of names
+print "/* Table mapping test suite names to index numbers */\n";
+printf("const int   %s = %d;\n", $COUNTVAR, $count);
+printf("const char *%s[] = {\n", $NAMEVAR);
+
+foreach $elt (@item) {
+    printf("   \"%s\",%s/* %s%s */\n", $elt->{"suite"},
+	   " " x ($NAMELEN - length($elt->{"suite"})),
+	   $elt->{"desc"},
+	   " " x ($DESCLEN - length($elt->{"desc"})));
+}
+printf("   \"%s\" %s/* %s%s */\n", $last->{"suite"},
+       " " x ($NAMELEN - length($last->{"suite"})),
+       $last->{"desc"},
+       " " x ($DESCLEN - length($last->{"desc"})));
+print "};\n\n";
+
+#------------------------------------------------------------------------
+# Output the driver function prototypes
+print "/* Test function prototypes */\n";
+foreach $elt (@item, $last) {
+    printf("int  %s(void);\n", $elt->{"func"});
+}
+print "\n";
+
+#------------------------------------------------------------------------
+# Output the table of functions
+print "/* Table mapping index numbers to functions */\n";
+printf("int (*%s[])(void)  = {\n   ", $FUNCVAR);
+$brk = 0;
+
+foreach $elt (@item) {
+    print($elt->{"func"}, ", ", 
+	  " " x ($FUNCLEN - length($elt->{"func"})));
+    $brk = ($brk + 1) & 3;
+    print "\n   " unless($brk);
+}
+print $last->{"func"}, "\n};\n\n";
+
+#------------------------------------------------------------------------
+# Output the table of descriptions
+print "/* Table mapping index numbers to descriptions */\n";
+printf("const char *%s[] = {\n", $DESCVAR);
+
+foreach $elt (@item) {
+    printf("   \"%s\",\n", $elt->{"desc"});
+}
+printf("   \"%s\"\n};\n\n", $last->{"desc"});
+
+exit 0;
+
diff --git a/security/nss/lib/freebl/mpi/mdxptest.c b/security/nss/lib/freebl/mpi/mdxptest.c
new file mode 100644
index 000000000..0377c5949
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mdxptest.c
@@ -0,0 +1,342 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <malloc.h>
+#include <time.h>
+#include "mpi.h"
+#include "mpi-priv.h"
+
+/* #define OLD_WAY 1  */
+
+/* This key is the 1024-bit test key used for speed testing of RSA private 
+** key ops.
+*/
+
+#define CONST const
+
+static CONST unsigned char default_n[128] = {
+0xc2,0xae,0x96,0x89,0xaf,0xce,0xd0,0x7b,0x3b,0x35,0xfd,0x0f,0xb1,0xf4,0x7a,0xd1,
+0x3c,0x7d,0xb5,0x86,0xf2,0x68,0x36,0xc9,0x97,0xe6,0x82,0x94,0x86,0xaa,0x05,0x39,
+0xec,0x11,0x51,0xcc,0x5c,0xa1,0x59,0xba,0x29,0x18,0xf3,0x28,0xf1,0x9d,0xe3,0xae,
+0x96,0x5d,0x6d,0x87,0x73,0xf6,0xf6,0x1f,0xd0,0x2d,0xfb,0x2f,0x7a,0x13,0x7f,0xc8,
+0x0c,0x7a,0xe9,0x85,0xfb,0xce,0x74,0x86,0xf8,0xef,0x2f,0x85,0x37,0x73,0x0f,0x62,
+0x4e,0x93,0x17,0xb7,0x7e,0x84,0x9a,0x94,0x11,0x05,0xca,0x0d,0x31,0x4b,0x2a,0xc8,
+0xdf,0xfe,0xe9,0x0c,0x13,0xc7,0xf2,0xad,0x19,0x64,0x28,0x3c,0xb5,0x6a,0xc8,0x4b,
+0x79,0xea,0x7c,0xce,0x75,0x92,0x45,0x3e,0xa3,0x9d,0x64,0x6f,0x04,0x69,0x19,0x17
+};
+
+static CONST unsigned char default_d[128] = {
+0x13,0xcb,0xbc,0xf2,0xf3,0x35,0x8c,0x6d,0x7b,0x6f,0xd9,0xf3,0xa6,0x9c,0xbd,0x80,
+0x59,0x2e,0x4f,0x2f,0x11,0xa7,0x17,0x2b,0x18,0x8f,0x0f,0xe8,0x1a,0x69,0x5f,0x6e,
+0xac,0x5a,0x76,0x7e,0xd9,0x4c,0x6e,0xdb,0x47,0x22,0x8a,0x57,0x37,0x7a,0x5e,0x94,
+0x7a,0x25,0xb5,0xe5,0x78,0x1d,0x3c,0x99,0xaf,0x89,0x7d,0x69,0x2e,0x78,0x9d,0x1d,
+0x84,0xc8,0xc1,0xd7,0x1a,0xb2,0x6d,0x2d,0x8a,0xd9,0xab,0x6b,0xce,0xae,0xb0,0xa0,
+0x58,0x55,0xad,0x5c,0x40,0x8a,0xd6,0x96,0x08,0x8a,0xe8,0x63,0xe6,0x3d,0x6c,0x20,
+0x49,0xc7,0xaf,0x0f,0x25,0x73,0xd3,0x69,0x43,0x3b,0xf2,0x32,0xf8,0x3d,0x5e,0xee,
+0x7a,0xca,0xd6,0x94,0x55,0xe5,0xbd,0x25,0x34,0x8d,0x63,0x40,0xb5,0x8a,0xc3,0x01
+};
+
+
+#define DEFAULT_ITERS 50
+
+typedef clock_t timetype;
+#define gettime(x) *(x) = clock()
+#define subtime(a, b) a -= b
+#define msec(x) ((clock_t)((double)x * 1000.0 / CLOCKS_PER_SEC))
+#define sec(x) (x / CLOCKS_PER_SEC)
+
+struct TimingContextStr {
+    timetype start;
+    timetype end;
+    timetype interval;
+
+    int   minutes;  
+    int   seconds;  
+    int   millisecs;
+};
+
+typedef struct TimingContextStr TimingContext;
+
+TimingContext *CreateTimingContext(void) 
+{
+    return (TimingContext *)malloc(sizeof(TimingContext));
+}
+
+void DestroyTimingContext(TimingContext *ctx) 
+{
+    free(ctx);
+}
+
+void TimingBegin(TimingContext *ctx) 
+{
+    gettime(&ctx->start);
+}
+
+static void timingUpdate(TimingContext *ctx) 
+{
+
+    ctx->millisecs = msec(ctx->interval) % 1000;
+    ctx->seconds   = sec(ctx->interval);
+    ctx->minutes   = ctx->seconds / 60;
+    ctx->seconds  %= 60;
+
+}
+
+void TimingEnd(TimingContext *ctx) 
+{
+    gettime(&ctx->end);
+    ctx->interval = ctx->end;
+    subtime(ctx->interval, ctx->start);
+    timingUpdate(ctx);
+}
+
+char *TimingGenerateString(TimingContext *ctx) 
+{
+    static char sBuf[4096];
+
+    sprintf(sBuf, "%d minutes, %d.%03d seconds", ctx->minutes,
+				ctx->seconds, ctx->millisecs);
+    return sBuf;
+}
+
+static void
+dumpBytes( unsigned char * b, int l)
+{
+    int i;
+    if (l <= 0)
+        return;
+    for (i = 0; i < l; ++i) {
+        if (i % 16 == 0)
+            printf("\t");
+        printf(" %02x", b[i]);
+        if (i % 16 == 15)
+            printf("\n");
+    }
+    if ((i % 16) != 0)
+        printf("\n");
+    printf("\n");
+}
+
+static mp_err
+testNewFuncs(const unsigned char * modulusBytes, int modulus_len)
+{
+    mp_err mperr	= MP_OKAY;
+    mp_int modulus;
+    unsigned char buf[512];
+
+    mperr = mp_init(&modulus);
+    mperr = mp_read_unsigned_octets(&modulus,  modulusBytes,  modulus_len );
+    mperr = mp_to_fixlen_octets(&modulus, buf, modulus_len);
+    mperr = mp_to_fixlen_octets(&modulus, buf, modulus_len+1);
+    mperr = mp_to_fixlen_octets(&modulus, buf, modulus_len+4);
+    mperr = mp_to_unsigned_octets(&modulus, buf, modulus_len);
+    mperr = mp_to_signed_octets(&modulus, buf, modulus_len + 1);
+    mp_clear(&modulus);
+    return mperr;
+}
+
+int
+testModExp( const unsigned char *      modulusBytes, 
+	    const unsigned int         expo,
+	    const unsigned char *      input, 
+	          unsigned char *      output,
+	          int                  modulus_len)
+{
+    mp_err mperr	= MP_OKAY;
+    mp_int modulus;
+    mp_int base;
+    mp_int exponent;
+    mp_int result;
+
+    mperr  = mp_init(&modulus);
+    mperr += mp_init(&base);
+    mperr += mp_init(&exponent);
+    mperr += mp_init(&result);
+    /* we initialize all mp_ints unconditionally, even if some fail.
+    ** This guarantees that the DIGITS pointer is valid (even if null).
+    ** So, mp_clear will do the right thing below. 
+    */
+    if (mperr == MP_OKAY) {
+      mperr  = mp_read_unsigned_octets(&modulus,  
+		modulusBytes + (sizeof default_n - modulus_len),  modulus_len );
+      mperr += mp_read_unsigned_octets(&base,     input,         modulus_len );
+      mp_set(&exponent, expo);
+      if (mperr == MP_OKAY) {
+#if OLD_WAY
+	mperr = s_mp_exptmod(&base, &exponent, &modulus, &result);
+#else
+	mperr = mp_exptmod(&base, &exponent, &modulus, &result);
+#endif
+	if (mperr == MP_OKAY) {
+	  mperr = mp_to_fixlen_octets(&result, output, modulus_len);
+	}
+      }
+    }
+    mp_clear(&base);
+    mp_clear(&result);
+
+    mp_clear(&modulus);
+    mp_clear(&exponent);
+
+    return (int)mperr;
+}
+
+int
+doModExp(   const unsigned char *      modulusBytes, 
+	    const unsigned char *      exponentBytes, 
+	    const unsigned char *      input, 
+	          unsigned char *      output,
+	          int                  modulus_len)
+{
+    mp_err mperr	= MP_OKAY;
+    mp_int modulus;
+    mp_int base;
+    mp_int exponent;
+    mp_int result;
+
+    mperr  = mp_init(&modulus);
+    mperr += mp_init(&base);
+    mperr += mp_init(&exponent);
+    mperr += mp_init(&result);
+    /* we initialize all mp_ints unconditionally, even if some fail.
+    ** This guarantees that the DIGITS pointer is valid (even if null).
+    ** So, mp_clear will do the right thing below. 
+    */
+    if (mperr == MP_OKAY) {
+      mperr  = mp_read_unsigned_octets(&modulus,  
+		modulusBytes + (sizeof default_n - modulus_len),  modulus_len );
+      mperr += mp_read_unsigned_octets(&exponent, exponentBytes, modulus_len );
+      mperr += mp_read_unsigned_octets(&base,     input,         modulus_len );
+      if (mperr == MP_OKAY) {
+#if OLD_WAY
+	mperr = s_mp_exptmod(&base, &exponent, &modulus, &result);
+#else
+	mperr = mp_exptmod(&base, &exponent, &modulus, &result);
+#endif
+	if (mperr == MP_OKAY) {
+	  mperr = mp_to_fixlen_octets(&result, output, modulus_len);
+	}
+      }
+    }
+    mp_clear(&base);
+    mp_clear(&result);
+
+    mp_clear(&modulus);
+    mp_clear(&exponent);
+
+    return (int)mperr;
+}
+
+int
+main(int argc, char **argv)
+{
+    TimingContext *	  timeCtx;
+    char *		  progName;
+    long 		  iters 	= DEFAULT_ITERS;
+    unsigned int 	  modulus_len;
+    int		 	  i;
+    int 		  rv;
+    unsigned char 	  buf [1024];
+    unsigned char 	  buf2[1024];
+
+    progName = strrchr(argv[0], '/');
+    if (!progName)
+	progName = strrchr(argv[0], '\\');
+    progName = progName ? progName+1 : argv[0];
+
+    if (argc >= 2) {
+	iters = atol(argv[1]);
+    }
+
+    if (argc >= 3) {
+	modulus_len = atol(argv[2]);
+    } else 
+	modulus_len = sizeof default_n;
+
+    /* no library init function !? */
+
+    memset(buf, 0x41, sizeof buf);
+
+  if (iters < 2) {
+    testNewFuncs( default_n, modulus_len);
+    testNewFuncs( default_n+1, modulus_len - 1);
+    testNewFuncs( default_n+2, modulus_len - 2);
+    testNewFuncs( default_n+3, modulus_len - 3);
+
+    printf("%lu allocations, %lu frees, %lu copies\n", mp_allocs, mp_frees, mp_copies);
+    rv = testModExp(default_n, 0, buf, buf2, modulus_len);
+    dumpBytes((unsigned char *)buf2, modulus_len);
+
+    printf("%lu allocations, %lu frees, %lu copies\n", mp_allocs, mp_frees, mp_copies);
+    rv = testModExp(default_n, 1, buf, buf2, modulus_len);
+    dumpBytes((unsigned char *)buf2, modulus_len);
+
+    printf("%lu allocations, %lu frees, %lu copies\n", mp_allocs, mp_frees, mp_copies);
+    rv = testModExp(default_n, 2, buf, buf2, modulus_len);
+    dumpBytes((unsigned char *)buf2, modulus_len);
+
+    printf("%lu allocations, %lu frees, %lu copies\n", mp_allocs, mp_frees, mp_copies);
+    rv = testModExp(default_n, 3, buf, buf2, modulus_len);
+    dumpBytes((unsigned char *)buf2, modulus_len);
+  }
+    printf("%lu allocations, %lu frees, %lu copies\n", mp_allocs, mp_frees, mp_copies);
+    rv = doModExp(default_n, default_d, buf, buf2, modulus_len);
+    if (rv != 0) {
+	fprintf(stderr, "Error in modexp operation:\n");
+	exit(1);
+    }
+    dumpBytes((unsigned char *)buf2, modulus_len);
+    printf("%lu allocations, %lu frees, %lu copies\n", mp_allocs, mp_frees, mp_copies);
+
+    timeCtx = CreateTimingContext();
+    TimingBegin(timeCtx);
+    i = iters;
+    while (i--) {
+	rv = doModExp(default_n, default_d, buf, buf2, modulus_len);
+	if (rv != 0) {
+	    fprintf(stderr, "Error in modexp operation\n");
+	    exit(1);
+	}
+    }
+    TimingEnd(timeCtx);
+    printf("%ld iterations in %s\n", iters, TimingGenerateString(timeCtx));
+    printf("%lu allocations, %lu frees, %lu copies\n", mp_allocs, mp_frees, mp_copies);
+
+    return 0;
+}
diff --git a/security/nss/lib/freebl/mpi/montmulf.c b/security/nss/lib/freebl/mpi/montmulf.c
new file mode 100644
index 000000000..a1fe939a8
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/montmulf.c
@@ -0,0 +1,329 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is SPARC optimized Montgomery multiply functions.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems Inc.
+ * Portions created by the Initial Developer are Copyright (C) 1999-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Netscape Communications Corporation
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#ifdef SOLARIS
+#define RF_INLINE_MACROS 1
+#endif
+
+static const double TwoTo16=65536.0;
+static const double TwoToMinus16=1.0/65536.0;
+static const double Zero=0.0;
+static const double TwoTo32=65536.0*65536.0;
+static const double TwoToMinus32=1.0/(65536.0*65536.0);
+
+#ifdef RF_INLINE_MACROS
+
+double upper32(double);
+double lower32(double, double);
+double mod(double, double, double);
+
+void i16_to_d16_and_d32x4(const double * /*1/(2^16)*/, 
+			  const double * /* 2^16*/,
+			  const double * /* 0 */,
+			  double *       /*result16*/, 
+			  double *       /* result32 */,
+			  float *  /*source - should be unsigned int*
+		          	       converted to float* */);
+
+#else
+#ifdef MP_USE_FLOOR
+#include <math.h>
+#else
+#define floor(d) ((double)((unsigned long long)(d)))
+#endif
+
+static double upper32(double x)
+{
+  return floor(x*TwoToMinus32);
+}
+
+static double lower32(double x, double y)
+{
+  return x-TwoTo32*floor(x*TwoToMinus32);
+}
+
+static double mod(double x, double oneoverm, double m)
+{
+  return x-m*floor(x*oneoverm);
+}
+
+#endif
+
+
+static void cleanup(double *dt, int from, int tlen)
+{
+ int i;
+ double tmp,tmp1,x,x1;
+
+ tmp=tmp1=Zero;
+ /* original code **
+ for(i=2*from;i<2*tlen-2;i++)
+   {
+     x=dt[i];
+     dt[i]=lower32(x,Zero)+tmp1;
+     tmp1=tmp;
+     tmp=upper32(x);
+   }
+ dt[tlen-2]+=tmp1;
+ dt[tlen-1]+=tmp;
+ **end original code ***/
+ /* new code ***/
+ for(i=2*from;i<2*tlen;i+=2)
+   {
+     x=dt[i];
+     x1=dt[i+1];
+     dt[i]=lower32(x,Zero)+tmp;
+     dt[i+1]=lower32(x1,Zero)+tmp1;
+     tmp=upper32(x);
+     tmp1=upper32(x1);
+   }
+  /** end new code **/
+}
+
+
+void conv_d16_to_i32(unsigned int *i32, double *d16, long long *tmp, int ilen)
+{
+int i;
+long long t, t1, a, b, c, d;
+
+ t1=0;
+ a=(long long)d16[0];
+ b=(long long)d16[1];
+ for(i=0; i<ilen-1; i++)
+   {
+     c=(long long)d16[2*i+2];
+     t1+=(unsigned int)a;
+     t=(a>>32);
+     d=(long long)d16[2*i+3];
+     t1+=(b&0xffff)<<16;
+     t+=(b>>16)+(t1>>32);
+     i32[i]=(unsigned int)t1;
+     t1=t;
+     a=c;
+     b=d;
+   }
+ t1+=(unsigned int)a;
+ t=(a>>32);
+ t1+=(b&0xffff)<<16;
+ i32[i]=(unsigned int)t1;
+}
+
+void conv_i32_to_d32(double *d32, unsigned int *i32, int len)
+{
+int i;
+
+#pragma pipeloop(0)
+ for(i=0;i<len;i++) d32[i]=(double)(i32[i]);
+}
+
+
+void conv_i32_to_d16(double *d16, unsigned int *i32, int len)
+{
+int i;
+unsigned int a;
+
+#pragma pipeloop(0)
+ for(i=0;i<len;i++)
+   {
+     a=i32[i];
+     d16[2*i]=(double)(a&0xffff);
+     d16[2*i+1]=(double)(a>>16);
+   }
+}
+
+
+void conv_i32_to_d32_and_d16(double *d32, double *d16, 
+			     unsigned int *i32, int len)
+{
+int i = 0;
+unsigned int a;
+
+#pragma pipeloop(0)
+#ifdef RF_INLINE_MACROS
+ for(;i<len-3;i+=4)
+   {
+     i16_to_d16_and_d32x4(&TwoToMinus16, &TwoTo16, &Zero,
+			  &(d16[2*i]), &(d32[i]), (float *)(&(i32[i])));
+   }
+#endif
+ for(;i<len;i++)
+   {
+     a=i32[i];
+     d32[i]=(double)(i32[i]);
+     d16[2*i]=(double)(a&0xffff);
+     d16[2*i+1]=(double)(a>>16);
+   }
+}
+
+
+void adjust_montf_result(unsigned int *i32, unsigned int *nint, int len)
+{
+long long acc;
+int i;
+
+ if(i32[len]>0) i=-1;
+ else
+   {
+     for(i=len-1; i>=0; i--)
+       {
+	 if(i32[i]!=nint[i]) break;
+       }
+   }
+ if((i<0)||(i32[i]>nint[i]))
+   {
+     acc=0;
+     for(i=0;i<len;i++)
+       {
+	 acc=acc+(unsigned long long)(i32[i])-(unsigned long long)(nint[i]);
+	 i32[i]=(unsigned int)acc;
+	 acc=acc>>32;
+       }
+   }
+}
+
+
+
+
+/*
+** the lengths of the input arrays should be at least the following:
+** result[nlen+1], dm1[nlen], dm2[2*nlen+1], dt[4*nlen+2], dn[nlen], nint[nlen]
+** all of them should be different from one another
+**
+*/
+void mont_mulf_noconv(unsigned int *result,
+		     double *dm1, double *dm2, double *dt,
+		     double *dn, unsigned int *nint,
+		     int nlen, double dn0)
+{
+ int i, j, jj;
+ int tmp;
+ double digit, m2j, nextm2j, a, b;
+ double *dptmp, *pdm1, *pdm2, *pdn, *pdtj, pdn_0, pdm1_0;
+
+ pdm1=&(dm1[0]);
+ pdm2=&(dm2[0]);
+ pdn=&(dn[0]);
+ pdm2[2*nlen]=Zero;
+
+ if (nlen!=16)
+   {
+     for(i=0;i<4*nlen+2;i++) dt[i]=Zero;
+
+     a=dt[0]=pdm1[0]*pdm2[0];
+     digit=mod(lower32(a,Zero)*dn0,TwoToMinus16,TwoTo16);
+
+     pdtj=&(dt[0]);
+     for(j=jj=0;j<2*nlen;j++,jj++,pdtj++)
+       {
+	 m2j=pdm2[j];
+	 a=pdtj[0]+pdn[0]*digit;
+	 b=pdtj[1]+pdm1[0]*pdm2[j+1]+a*TwoToMinus16;
+	 pdtj[1]=b;
+
+#pragma pipeloop(0)
+	 for(i=1;i<nlen;i++)
+	   {
+	     pdtj[2*i]+=pdm1[i]*m2j+pdn[i]*digit;
+	   }
+ 	 if((jj==30)) {cleanup(dt,j/2+1,2*nlen+1); jj=0;}
+	 
+	 digit=mod(lower32(b,Zero)*dn0,TwoToMinus16,TwoTo16);
+       }
+   }
+ else
+   {
+     a=dt[0]=pdm1[0]*pdm2[0];
+
+     dt[65]=     dt[64]=     dt[63]=     dt[62]=     dt[61]=     dt[60]=
+     dt[59]=     dt[58]=     dt[57]=     dt[56]=     dt[55]=     dt[54]=
+     dt[53]=     dt[52]=     dt[51]=     dt[50]=     dt[49]=     dt[48]=
+     dt[47]=     dt[46]=     dt[45]=     dt[44]=     dt[43]=     dt[42]=
+     dt[41]=     dt[40]=     dt[39]=     dt[38]=     dt[37]=     dt[36]=
+     dt[35]=     dt[34]=     dt[33]=     dt[32]=     dt[31]=     dt[30]=
+     dt[29]=     dt[28]=     dt[27]=     dt[26]=     dt[25]=     dt[24]=
+     dt[23]=     dt[22]=     dt[21]=     dt[20]=     dt[19]=     dt[18]=
+     dt[17]=     dt[16]=     dt[15]=     dt[14]=     dt[13]=     dt[12]=
+     dt[11]=     dt[10]=     dt[ 9]=     dt[ 8]=     dt[ 7]=     dt[ 6]=
+     dt[ 5]=     dt[ 4]=     dt[ 3]=     dt[ 2]=     dt[ 1]=Zero;
+
+     pdn_0=pdn[0];
+     pdm1_0=pdm1[0];
+
+     digit=mod(lower32(a,Zero)*dn0,TwoToMinus16,TwoTo16);
+     pdtj=&(dt[0]);
+
+     for(j=0;j<32;j++,pdtj++)
+       {
+
+	 m2j=pdm2[j];
+	 a=pdtj[0]+pdn_0*digit;
+	 b=pdtj[1]+pdm1_0*pdm2[j+1]+a*TwoToMinus16;
+	 pdtj[1]=b;
+
+	 /**** this loop will be fully unrolled:
+	 for(i=1;i<16;i++)
+	   {
+	     pdtj[2*i]+=pdm1[i]*m2j+pdn[i]*digit;
+	   }
+	 *************************************/
+	     pdtj[2]+=pdm1[1]*m2j+pdn[1]*digit;
+	     pdtj[4]+=pdm1[2]*m2j+pdn[2]*digit;
+	     pdtj[6]+=pdm1[3]*m2j+pdn[3]*digit;
+	     pdtj[8]+=pdm1[4]*m2j+pdn[4]*digit;
+	     pdtj[10]+=pdm1[5]*m2j+pdn[5]*digit;
+	     pdtj[12]+=pdm1[6]*m2j+pdn[6]*digit;
+	     pdtj[14]+=pdm1[7]*m2j+pdn[7]*digit;
+	     pdtj[16]+=pdm1[8]*m2j+pdn[8]*digit;
+	     pdtj[18]+=pdm1[9]*m2j+pdn[9]*digit;
+	     pdtj[20]+=pdm1[10]*m2j+pdn[10]*digit;
+	     pdtj[22]+=pdm1[11]*m2j+pdn[11]*digit;
+	     pdtj[24]+=pdm1[12]*m2j+pdn[12]*digit;
+	     pdtj[26]+=pdm1[13]*m2j+pdn[13]*digit;
+	     pdtj[28]+=pdm1[14]*m2j+pdn[14]*digit;
+	     pdtj[30]+=pdm1[15]*m2j+pdn[15]*digit;
+	 /* no need for cleenup, cannot overflow */
+	 digit=mod(lower32(b,Zero)*dn0,TwoToMinus16,TwoTo16);
+       }
+   }
+
+ conv_d16_to_i32(result,dt+2*nlen,(long long *)dt,nlen+1);
+
+ adjust_montf_result(result,nint,nlen); 
+ 
+}
+
diff --git a/security/nss/lib/freebl/mpi/montmulf.h b/security/nss/lib/freebl/mpi/montmulf.h
new file mode 100644
index 000000000..9bd0f72f8
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/montmulf.h
@@ -0,0 +1,103 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is interface file for SPARC Montgomery multiply functions.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems Inc.
+ * Portions created by the Initial Developer are Copyright (C) 1999-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Netscape Communications Corporation
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+/*  The functions that are to be called from outside of the .s file have the
+ *  following interfaces and array size requirements:
+ */
+
+
+void conv_i32_to_d32(double *d32, unsigned int *i32, int len);
+
+/*  Converts an array of int's to an array of doubles, so that each double
+ *  corresponds to an int.  len is the number of items converted.
+ *  Does not allocate the output array.
+ *  The pointers d32 and i32 should point to arrays of size at least  len
+ *  (doubles and unsigned ints, respectively)
+ */
+
+
+void conv_i32_to_d16(double *d16, unsigned int *i32, int len);
+
+/*  Converts an array of int's to an array of doubles so that each element
+ *  of the int array is converted to a pair of doubles, the first one
+ *  corresponding to the lower (least significant) 16 bits of the int and
+ *  the second one corresponding to the upper (most significant) 16 bits of
+ *  the 32-bit int. len is the number of ints converted.
+ *  Does not allocate the output array.
+ *  The pointer d16 should point to an array of doubles of size at least
+ *  2*len and i32 should point an array of ints of size at least  len
+ */
+
+
+void conv_i32_to_d32_and_d16(double *d32, double *d16, 
+			     unsigned int *i32, int len);
+
+/*  Does the above two conversions together, it is much faster than doing
+ *  both of those in succession
+ */
+
+
+void mont_mulf_noconv(unsigned int *result,
+		     double *dm1, double *dm2, double *dt,
+		     double *dn, unsigned int *nint,
+		     int nlen, double dn0);
+
+/*  Does the Montgomery multiplication of the numbers stored in the arrays
+ *  pointed to by dm1 and dm2, writing the result to the array pointed to by
+ *  result. It uses the array pointed to by dt as a temporary work area.
+ *  nint should point to the modulus in the array-of-integers representation, 
+ *  dn should point to its array-of-doubles as obtained as a result of the
+ *  function call   conv_i32_to_d32(dn, nint, nlen);
+ *  nlen is the length of the array containing the modulus.
+ *  The representation used for dm1 is the one that is a result of the function
+ *  call   conv_i32_to_d32(dm1, m1, nlen), the representation for dm2 is the
+ *  result of the function call   conv_i32_to_d16(dm2, m2, nlen).
+ *  Note that m1 and m2 should both be of length nlen, so they should be
+ *  padded with 0's if necessary before the conversion. The result comes in 
+ *  this form (int representation, padded with 0's).
+ *  dn0 is the value of the 16 least significant bits of n0'.
+ *  The function does not allocate memory for any of the arrays, so the 
+ *  pointers should point to arrays with the following minimal sizes:
+ *  result - nlen+1
+ *  dm1    - nlen
+ *  dm2    - 2*nlen+1  ( the +1 is necessary for technical reasons )
+ *  dt     - 4*nlen+2
+ *  dn     - nlen
+ *  nint   - nlen
+ *  No two arrays should point to overlapping areas of memory.
+ */  
diff --git a/security/nss/lib/freebl/mpi/montmulf.il b/security/nss/lib/freebl/mpi/montmulf.il
new file mode 100644
index 000000000..27ce26a77
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/montmulf.il
@@ -0,0 +1,141 @@
+!  
+! ***** BEGIN LICENSE BLOCK *****
+! Version: MPL 1.1/GPL 2.0/LGPL 2.1
+!
+! The contents of this file are subject to the Mozilla Public License Version
+! 1.1 (the "License"); you may not use this file except in compliance with
+! the License. You may obtain a copy of the License at
+! http://www.mozilla.org/MPL/
+!
+! Software distributed under the License is distributed on an "AS IS" basis,
+! WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+! for the specific language governing rights and limitations under the
+! License.
+!
+! The Original Code is inline macros for SPARC Montgomery multiply functions.
+!
+! The Initial Developer of the Original Code is
+! Sun Microsystems Inc.
+! Portions created by the Initial Developer are Copyright (C) 1999-2000
+! the Initial Developer. All Rights Reserved.
+!
+! Contributor(s):
+!
+! Alternatively, the contents of this file may be used under the terms of
+! either the GNU General Public License Version 2 or later (the "GPL"), or
+! the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+! in which case the provisions of the GPL or the LGPL are applicable instead
+! of those above. If you wish to allow use of your version of this file only
+! under the terms of either the GPL or the LGPL, and not to allow others to
+! use your version of this file under the terms of the MPL, indicate your
+! decision by deleting the provisions above and replace them with the notice
+! and other provisions required by the GPL or the LGPL. If you do not delete
+! the provisions above, a recipient may use your version of this file under
+! the terms of any one of the MPL, the GPL or the LGPL.
+!
+! ***** END LICENSE BLOCK *****
+! $Id$
+
+!
+! double upper32(double /*frs1*/);
+!
+        .inline upper32,8
+        std     %o0,[%sp+0x48]
+        ldd     [%sp+0x48],%f10
+
+	fdtox	%f10,%f10
+	fitod	%f10,%f0
+        .end
+
+!
+! double lower32(double /*frs1*/, double /* Zero */);
+!
+        .inline lower32,8
+        std     %o0,[%sp+0x48]
+        ldd     [%sp+0x48],%f10
+        std     %o2,[%sp+0x48]
+        ldd     [%sp+0x48],%f12
+
+	fdtox	%f10,%f10
+	fmovs	%f12,%f10
+	fxtod	%f10,%f0
+        .end
+
+!
+! double mod(double /*x*/, double /*1/m*/, double /*m*/);
+!
+        .inline mod,12
+        std     %o0,[%sp+0x48]
+        ldd     [%sp+0x48],%f2
+        std     %o2,[%sp+0x48]
+        ldd     [%sp+0x48],%f4
+        std     %o4,[%sp+0x48]
+        ldd     [%sp+0x48],%f6
+
+	fmuld	%f2,%f4,%f4
+	fdtox	%f4,%f4
+	fxtod	%f4,%f4
+	fmuld	%f4,%f6,%f4
+	fsubd	%f2,%f4,%f0
+        .end
+
+
+!
+! void i16_to_d16_and_d32x4(double * /*1/(2^16)*/, double * /* 2^16*/,
+!			    double * /* 0 */,
+!			    double * /*result16*/, double * /* result32 */
+!			    float *  /*source - should be unsigned int*
+!		            	       converted to float* */);
+!
+        .inline i16_to_d16_and_d32x4,24
+        ldd     [%o0],%f2  ! 1/(2^16)
+        ldd     [%o1],%f4  ! 2^16
+	ldd	[%o2],%f22
+
+	fmovd	%f22,%f6
+	ld	[%o5],%f7
+	fmovd	%f22,%f10
+	ld	[%o5+4],%f11
+	fmovd	%f22,%f14
+	ld	[%o5+8],%f15
+	fmovd	%f22,%f18
+	ld	[%o5+12],%f19
+	fxtod	%f6,%f6
+	std	%f6,[%o4]
+	fxtod	%f10,%f10
+	std	%f10,[%o4+8]
+	fxtod	%f14,%f14
+	std	%f14,[%o4+16]
+	fxtod	%f18,%f18
+	std	%f18,[%o4+24]
+	fmuld	%f2,%f6,%f8
+	fmuld	%f2,%f10,%f12
+	fmuld	%f2,%f14,%f16
+	fmuld	%f2,%f18,%f20
+	fdtox	%f8,%f8
+	fdtox	%f12,%f12
+	fdtox	%f16,%f16
+	fdtox	%f20,%f20
+	fxtod	%f8,%f8
+	std	%f8,[%o3+8]
+	fxtod	%f12,%f12
+	std	%f12,[%o3+24]
+	fxtod	%f16,%f16
+	std	%f16,[%o3+40]
+	fxtod	%f20,%f20
+	std	%f20,[%o3+56]
+	fmuld	%f8,%f4,%f8
+	fmuld	%f12,%f4,%f12
+	fmuld	%f16,%f4,%f16
+	fmuld	%f20,%f4,%f20
+	fsubd	%f6,%f8,%f8
+	std	%f8,[%o3]
+	fsubd	%f10,%f12,%f12
+	std	%f12,[%o3+16]
+	fsubd	%f14,%f16,%f16
+	std	%f16,[%o3+32]
+	fsubd	%f18,%f20,%f20
+	std	%f20,[%o3+48]
+        .end
+
+
diff --git a/security/nss/lib/freebl/mpi/montmulf.s b/security/nss/lib/freebl/mpi/montmulf.s
new file mode 100644
index 000000000..372d961c6
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/montmulf.s
@@ -0,0 +1,1970 @@
+!  
+! ***** BEGIN LICENSE BLOCK *****
+! Version: MPL 1.1/GPL 2.0/LGPL 2.1
+!
+! The contents of this file are subject to the Mozilla Public License Version
+! 1.1 (the "License"); you may not use this file except in compliance with
+! the License. You may obtain a copy of the License at
+! http://www.mozilla.org/MPL/
+!
+! Software distributed under the License is distributed on an "AS IS" basis,
+! WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+! for the specific language governing rights and limitations under the
+! License.
+!
+! The Original Code is SPARC hand-optimized Montgomery multiply functions.
+!
+! The Initial Developer of the Original Code is
+! Sun Microsystems Inc.
+! Portions created by the Initial Developer are Copyright (C) 1999-2000
+! the Initial Developer. All Rights Reserved.
+!
+! Contributor(s):
+!
+! Alternatively, the contents of this file may be used under the terms of
+! either the GNU General Public License Version 2 or later (the "GPL"), or
+! the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+! in which case the provisions of the GPL or the LGPL are applicable instead
+! of those above. If you wish to allow use of your version of this file only
+! under the terms of either the GPL or the LGPL, and not to allow others to
+! use your version of this file under the terms of the MPL, indicate your
+! decision by deleting the provisions above and replace them with the notice
+! and other provisions required by the GPL or the LGPL. If you do not delete
+! the provisions above, a recipient may use your version of this file under
+! the terms of any one of the MPL, the GPL or the LGPL.
+!
+! ***** END LICENSE BLOCK *****
+
+	.section	".text",#alloc,#execinstr
+	.file	"montmulf.c"
+
+	.section	".data",#alloc,#write
+	.align	8
+TwoTo16:		/* frequency 1.0 confidence 0.0 */
+	.word	1089470464
+	.word	0
+	.type	TwoTo16,#object
+	.size	TwoTo16,8
+TwoToMinus16:		/* frequency 1.0 confidence 0.0 */
+	.word	1055916032
+	.word	0
+	.type	TwoToMinus16,#object
+	.size	TwoToMinus16,8
+Zero:		/* frequency 1.0 confidence 0.0 */
+	.word	0
+	.word	0
+	.type	Zero,#object
+	.size	Zero,8
+TwoTo32:		/* frequency 1.0 confidence 0.0 */
+	.word	1106247680
+	.word	0
+	.type	TwoTo32,#object
+	.size	TwoTo32,8
+TwoToMinus32:		/* frequency 1.0 confidence 0.0 */
+	.word	1039138816
+	.word	0
+	.type	TwoToMinus32,#object
+	.size	TwoToMinus32,8
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 ( 0  0) */		.align	4
+!
+! SUBROUTINE cleanup
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION	(ISSUE TIME)	(COMPLETION TIME)
+
+                                   	.global cleanup
+                                   cleanup:		/* frequency 1.0 confidence 0.0 */
+! FILE montmulf.c
+
+!    1		                    !#define RF_INLINE_MACROS
+!    3		                    !static double TwoTo16=65536.0;
+!    4		                    !static double TwoToMinus16=1.0/65536.0;
+!    5		                    !static double Zero=0.0;
+!    6		                    !static double TwoTo32=65536.0*65536.0;
+!    7		                    !static double TwoToMinus32=1.0/(65536.0*65536.0);
+!    9		                    !#ifdef RF_INLINE_MACROS
+!   11		                    !double upper32(double);
+!   12		                    !double lower32(double, double);
+!   13		                    !double mod(double, double, double);
+!   15		                    !#else
+!   17		                    !static double upper32(double x)
+!   18		                    !{
+!   19		                    !  return floor(x*TwoToMinus32);
+!   20		                    !}
+!   22		                    !static double lower32(double x, double y)
+!   23		                    !{
+!   24		                    !  return x-TwoTo32*floor(x*TwoToMinus32);
+!   25		                    !}
+!   27		                    !static double mod(double x, double oneoverm, double m)
+!   28		                    !{
+!   29		                    !  return x-m*floor(x*oneoverm);
+!   30		                    !}
+!   32		                    !#endif
+!   35		                    !void cleanup(double *dt, int from, int tlen)
+!   36		                    !{
+!   37		                    ! int i;
+!   38		                    ! double tmp,tmp1,x,x1;
+!   40		                    ! tmp=tmp1=Zero;
+
+/* 000000	  40 ( 0  1) */		sethi	%hi(Zero),%g2
+
+!   41		                    ! /* original code **
+!   42		                    ! for(i=2*from;i<2*tlen-2;i++)
+!   43		                    !   {
+!   44		                    !     x=dt[i];
+!   45		                    !     dt[i]=lower32(x,Zero)+tmp1;
+!   46		                    !     tmp1=tmp;
+!   47		                    !     tmp=upper32(x);
+!   48		                    !   }
+!   49		                    ! dt[tlen-2]+=tmp1;
+!   50		                    ! dt[tlen-1]+=tmp;
+!   51		                    ! **end original code ***/
+!   52		                    ! /* new code ***/
+!   53		                    ! for(i=2*from;i<2*tlen;i+=2)
+
+/* 0x0004	  53 ( 1  2) */		sll	%o2,1,%g3
+/* 0x0008	  40 ( 1  4) */		ldd	[%g2+%lo(Zero)],%f0
+/* 0x000c	     ( 1  2) */		add	%g2,%lo(Zero),%g2
+/* 0x0010	  53 ( 2  3) */		sll	%o1,1,%g4
+/* 0x0014	  36 ( 3  4) */		sll	%o1,4,%g1
+/* 0x0018	  40 ( 3  4) */		fmovd	%f0,%f4
+/* 0x001c	  53 ( 3  4) */		cmp	%g4,%g3
+/* 0x0020	     ( 3  4) */		bge,pt	%icc,.L77000116	! tprob=0.56
+/* 0x0024	     ( 4  5) */		fmovd	%f0,%f2
+/* 0x0028	  36 ( 4  5) */		add	%o0,%g1,%g1
+/* 0x002c	     ( 4  5) */		sub	%g3,1,%g3
+
+!   54		                    !   {
+!   55		                    !     x=dt[i];
+
+/* 0x0030	  55 ( 5  8) */		ldd	[%g1],%f8
+                                   .L900000114:		/* frequency 6.4 confidence 0.0 */
+/* 0x0034	     ( 0  3) */		fdtox	%f8,%f6
+
+!   56		                    !     x1=dt[i+1];
+
+/* 0x0038	  56 ( 0  3) */		ldd	[%g1+8],%f10
+
+!   57		                    !     dt[i]=lower32(x,Zero)+tmp;
+!   58		                    !     dt[i+1]=lower32(x1,Zero)+tmp1;
+!   59		                    !     tmp=upper32(x);
+!   60		                    !     tmp1=upper32(x1);
+
+/* 0x003c	  60 ( 0  1) */		add	%g4,2,%g4
+/* 0x0040	     ( 1  4) */		fdtox	%f8,%f8
+/* 0x0044	     ( 1  2) */		cmp	%g4,%g3
+/* 0x0048	     ( 5  6) */		fmovs	%f0,%f6
+/* 0x004c	     ( 7 10) */		fxtod	%f6,%f6
+/* 0x0050	     ( 8 11) */		fdtox	%f10,%f0
+/* 0x0054	  57 (10 13) */		faddd	%f6,%f2,%f2
+/* 0x0058	     (10 11) */		std	%f2,[%g1]
+/* 0x005c	     (12 15) */		ldd	[%g2],%f2
+/* 0x0060	     (14 15) */		fmovs	%f2,%f0
+/* 0x0064	     (16 19) */		fxtod	%f0,%f6
+/* 0x0068	     (17 20) */		fdtox	%f10,%f0
+/* 0x006c	     (18 21) */		fitod	%f8,%f2
+/* 0x0070	  58 (19 22) */		faddd	%f6,%f4,%f4
+/* 0x0074	     (19 20) */		std	%f4,[%g1+8]
+/* 0x0078	  60 (19 20) */		add	%g1,16,%g1
+/* 0x007c	     (20 23) */		fitod	%f0,%f4
+/* 0x0080	     (20 23) */		ldd	[%g2],%f0
+/* 0x0084	     (20 21) */		ble,a,pt	%icc,.L900000114	! tprob=0.86
+/* 0x0088	     (21 24) */		ldd	[%g1],%f8
+                                   .L77000116:		/* frequency 1.0 confidence 0.0 */
+/* 0x008c	     ( 0  2) */		retl	! Result = 
+/* 0x0090	     ( 1  2) */		nop
+/* 0x0094	   0 ( 0  0) */		.type	cleanup,2
+/* 0x0094	     ( 0  0) */		.size	cleanup,(.-cleanup)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 ( 0  0) */		.align	4
+!
+! SUBROUTINE conv_d16_to_i32
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION	(ISSUE TIME)	(COMPLETION TIME)
+
+                                   	.global conv_d16_to_i32
+                                   conv_d16_to_i32:		/* frequency 1.0 confidence 0.0 */
+/* 000000	     ( 0  1) */		save	%sp,-136,%sp
+
+!   61		                    !   }
+!   62		                    !  /** end new code **/
+!   63		                    !}
+!   66		                    !void conv_d16_to_i32(unsigned int *i32, double *d16, long long *tmp, int ilen)
+!   67		                    !{
+!   68		                    !int i;
+!   69		                    !long long t, t1, a, b, c, d;
+!   71		                    ! t1=0;
+!   72		                    ! a=(long long)d16[0];
+
+/* 0x0004	  72 ( 1  4) */		ldd	[%i1],%f0
+
+!   73		                    ! b=(long long)d16[1];
+!   74		                    ! for(i=0; i<ilen-1; i++)
+
+/* 0x0008	  74 ( 1  2) */		sub	%i3,1,%g2
+/* 0x000c	  67 ( 1  2) */		or	%g0,%i0,%g5
+/* 0x0010	  74 ( 2  3) */		cmp	%g2,0
+/* 0x0014	  71 ( 2  3) */		or	%g0,0,%o4
+/* 0x0018	  72 ( 3  6) */		fdtox	%f0,%f0
+/* 0x001c	     ( 3  4) */		std	%f0,[%sp+120]
+/* 0x0020	  74 ( 3  4) */		or	%g0,0,%o7
+/* 0x0024	  67 ( 4  5) */		or	%g0,%i3,%o0
+/* 0x0028	     ( 4  5) */		sub	%i3,2,%o2
+/* 0x002c	  73 ( 5  8) */		ldd	[%i1+8],%f0
+/* 0x0030	  67 ( 5  6) */		sethi	%hi(0xfc00),%o0
+/* 0x0034	     ( 5  6) */		add	%o2,1,%g3
+/* 0x0038	     ( 6  7) */		add	%o0,1023,%o1
+/* 0x003c	     ( 6  7) */		or	%g0,%g5,%o5
+/* 0x0040	  73 ( 7 10) */		fdtox	%f0,%f0
+/* 0x0044	     ( 7  8) */		std	%f0,[%sp+112]
+/* 0x0048	  72 (11 13) */		ldx	[%sp+120],%g4
+/* 0x004c	  73 (12 14) */		ldx	[%sp+112],%g1
+/* 0x0050	  74 (12 13) */		ble,pt	%icc,.L900000214	! tprob=0.56
+/* 0x0054	     (12 13) */		sethi	%hi(0xfc00),%g2
+/* 0x0058	  67 (13 14) */		or	%g0,-1,%g2
+/* 0x005c	  74 (13 14) */		cmp	%g3,3
+/* 0x0060	  67 (14 15) */		srl	%g2,0,%o3
+/* 0x0064	     (14 15) */		or	%g0,%i1,%g2
+/* 0x0068	  74 (14 15) */		bl,pn	%icc,.L77000134	! tprob=0.44
+/* 0x006c	     (15 18) */		ldd	[%g2+16],%f0
+
+!   75		                    !   {
+!   76		                    !     c=(long long)d16[2*i+2];
+!   77		                    !     t1+=a&0xffffffff;
+!   78		                    !     t=(a>>32);
+!   79		                    !     d=(long long)d16[2*i+3];
+!   80		                    !     t1+=(b&0xffff)<<16;
+
+/* 0x0070	  80 (15 16) */		and	%g1,%o1,%o0
+
+!   81		                    !     t+=(b>>16)+(t1>>32);
+!   82		                    !     i32[i]=t1&0xffffffff;
+!   83		                    !     t1=t;
+!   84		                    !     a=c;
+!   85		                    !     b=d;
+
+/* 0x0074	  85 (15 16) */		add	%g2,16,%g2
+/* 0x0078	  80 (16 17) */		sllx	%o0,16,%g3
+/* 0x007c	  77 (16 17) */		and	%g4,%o3,%o0
+/* 0x0080	  76 (17 20) */		fdtox	%f0,%f0
+/* 0x0084	     (17 18) */		std	%f0,[%sp+104]
+/* 0x0088	  74 (17 18) */		add	%o0,%g3,%o4
+/* 0x008c	  79 (18 21) */		ldd	[%g2+8],%f2
+/* 0x0090	  81 (18 19) */		srax	%g1,16,%o0
+/* 0x0094	  82 (18 19) */		and	%o4,%o3,%o7
+/* 0x0098	  81 (19 20) */		stx	%o0,[%sp+112]
+/* 0x009c	     (19 20) */		srax	%o4,32,%o0
+/* 0x00a0	  85 (19 20) */		add	%g5,4,%o5
+/* 0x00a4	  81 (20 21) */		stx	%o0,[%sp+120]
+/* 0x00a8	  78 (20 21) */		srax	%g4,32,%o4
+/* 0x00ac	  79 (20 23) */		fdtox	%f2,%f0
+/* 0x00b0	     (21 22) */		std	%f0,[%sp+96]
+/* 0x00b4	  81 (22 24) */		ldx	[%sp+112],%o0
+/* 0x00b8	     (23 25) */		ldx	[%sp+120],%g4
+/* 0x00bc	  76 (25 27) */		ldx	[%sp+104],%g3
+/* 0x00c0	  81 (25 26) */		add	%o0,%g4,%g4
+/* 0x00c4	  79 (26 28) */		ldx	[%sp+96],%g1
+/* 0x00c8	  81 (26 27) */		add	%o4,%g4,%o4
+/* 0x00cc	  82 (27 28) */		st	%o7,[%g5]
+/* 0x00d0	     (27 28) */		or	%g0,1,%o7
+/* 0x00d4	  84 (27 28) */		or	%g0,%g3,%g4
+                                   .L900000209:		/* frequency 64.0 confidence 0.0 */
+/* 0x00d8	  76 (17 19) */		ldd	[%g2+16],%f0
+/* 0x00dc	  85 (17 18) */		add	%o7,1,%o7
+/* 0x00e0	     (17 18) */		add	%o5,4,%o5
+/* 0x00e4	     (18 18) */		cmp	%o7,%o2
+/* 0x00e8	     (18 19) */		add	%g2,16,%g2
+/* 0x00ec	  76 (19 22) */		fdtox	%f0,%f0
+/* 0x00f0	     (20 21) */		std	%f0,[%sp+104]
+/* 0x00f4	  79 (21 23) */		ldd	[%g2+8],%f0
+/* 0x00f8	     (23 26) */		fdtox	%f0,%f0
+/* 0x00fc	     (24 25) */		std	%f0,[%sp+96]
+/* 0x0100	  80 (25 26) */		and	%g1,%o1,%g3
+/* 0x0104	     (26 27) */		sllx	%g3,16,%g3
+/* 0x0108	     ( 0  0) */		stx	%g3,[%sp+120]
+/* 0x010c	  77 (26 27) */		and	%g4,%o3,%g3
+/* 0x0110	  74 ( 0  0) */		stx	%o7,[%sp+128]
+/* 0x0114	     ( 0  0) */		ldx	[%sp+120],%o7
+/* 0x0118	     (27 27) */		add	%g3,%o7,%g3
+/* 0x011c	     ( 0  0) */		ldx	[%sp+128],%o7
+/* 0x0120	  81 (28 29) */		srax	%g1,16,%g1
+/* 0x0124	  74 (28 28) */		add	%g3,%o4,%g3
+/* 0x0128	  81 (29 30) */		srax	%g3,32,%o4
+/* 0x012c	     ( 0  0) */		stx	%o4,[%sp+112]
+/* 0x0130	  78 (30 31) */		srax	%g4,32,%o4
+/* 0x0134	  81 ( 0  0) */		ldx	[%sp+112],%g4
+/* 0x0138	     (30 31) */		add	%g1,%g4,%g4
+/* 0x013c	  79 (31 33) */		ldx	[%sp+96],%g1
+/* 0x0140	  81 (31 32) */		add	%o4,%g4,%o4
+/* 0x0144	  82 (32 33) */		and	%g3,%o3,%g3
+/* 0x0148	  84 ( 0  0) */		ldx	[%sp+104],%g4
+/* 0x014c	  85 (33 34) */		ble,pt	%icc,.L900000209	! tprob=0.50
+/* 0x0150	     (33 34) */		st	%g3,[%o5-4]
+                                   .L900000212:		/* frequency 8.0 confidence 0.0 */
+/* 0x0154	  85 ( 0  1) */		ba	.L900000214	! tprob=1.00
+/* 0x0158	     ( 0  1) */		sethi	%hi(0xfc00),%g2
+                                   .L77000134:		/* frequency 0.7 confidence 0.0 */
+                                   .L900000213:		/* frequency 6.4 confidence 0.0 */
+/* 0x015c	  77 ( 0  1) */		and	%g4,%o3,%o0
+/* 0x0160	  80 ( 0  1) */		and	%g1,%o1,%g3
+/* 0x0164	  76 ( 0  3) */		fdtox	%f0,%f0
+/* 0x0168	  77 ( 1  2) */		add	%o4,%o0,%o0
+/* 0x016c	  76 ( 1  2) */		std	%f0,[%sp+104]
+/* 0x0170	  85 ( 1  2) */		add	%o7,1,%o7
+/* 0x0174	  80 ( 2  3) */		sllx	%g3,16,%o4
+/* 0x0178	  79 ( 2  5) */		ldd	[%g2+24],%f2
+/* 0x017c	  85 ( 2  3) */		add	%g2,16,%g2
+/* 0x0180	  80 ( 3  4) */		add	%o0,%o4,%o4
+/* 0x0184	  81 ( 3  4) */		stx	%o7,[%sp+128]
+/* 0x0188	     ( 4  5) */		srax	%g1,16,%o0
+/* 0x018c	     ( 4  5) */		stx	%o0,[%sp+112]
+/* 0x0190	  82 ( 4  5) */		and	%o4,%o3,%g3
+/* 0x0194	  81 ( 5  6) */		srax	%o4,32,%o0
+/* 0x0198	     ( 5  6) */		stx	%o0,[%sp+120]
+/* 0x019c	  79 ( 5  8) */		fdtox	%f2,%f0
+/* 0x01a0	     ( 6  7) */		std	%f0,[%sp+96]
+/* 0x01a4	  78 ( 6  7) */		srax	%g4,32,%o4
+/* 0x01a8	  81 ( 7  9) */		ldx	[%sp+120],%o7
+/* 0x01ac	     ( 8 10) */		ldx	[%sp+112],%g4
+/* 0x01b0	  76 (10 12) */		ldx	[%sp+104],%g1
+/* 0x01b4	  81 (10 11) */		add	%g4,%o7,%g4
+/* 0x01b8	     (11 13) */		ldx	[%sp+128],%o7
+/* 0x01bc	     (11 12) */		add	%o4,%g4,%o4
+/* 0x01c0	  79 (12 14) */		ldx	[%sp+96],%o0
+/* 0x01c4	  84 (12 13) */		or	%g0,%g1,%g4
+/* 0x01c8	  82 (13 14) */		st	%g3,[%o5]
+/* 0x01cc	  85 (13 14) */		add	%o5,4,%o5
+/* 0x01d0	     (13 14) */		cmp	%o7,%o2
+/* 0x01d4	     (14 15) */		or	%g0,%o0,%g1
+/* 0x01d8	     (14 15) */		ble,a,pt	%icc,.L900000213	! tprob=0.86
+/* 0x01dc	     (14 17) */		ldd	[%g2+16],%f0
+                                   .L77000127:		/* frequency 1.0 confidence 0.0 */
+
+!   86		                    !   }
+!   87		                    !     t1+=a&0xffffffff;
+!   88		                    !     t=(a>>32);
+!   89		                    !     t1+=(b&0xffff)<<16;
+!   90		                    !     i32[i]=t1&0xffffffff;
+
+/* 0x01e0	  90 ( 0  1) */		sethi	%hi(0xfc00),%g2
+                                   .L900000214:		/* frequency 1.0 confidence 0.0 */
+/* 0x01e4	  90 ( 0  1) */		or	%g0,-1,%g3
+/* 0x01e8	     ( 0  1) */		add	%g2,1023,%g2
+/* 0x01ec	     ( 1  2) */		srl	%g3,0,%g3
+/* 0x01f0	     ( 1  2) */		and	%g1,%g2,%g2
+/* 0x01f4	     ( 2  3) */		and	%g4,%g3,%g4
+/* 0x01f8	     ( 3  4) */		sllx	%g2,16,%g2
+/* 0x01fc	     ( 3  4) */		add	%o4,%g4,%g4
+/* 0x0200	     ( 4  5) */		add	%g4,%g2,%g2
+/* 0x0204	     ( 5  6) */		sll	%o7,2,%g4
+/* 0x0208	     ( 5  6) */		and	%g2,%g3,%g2
+/* 0x020c	     ( 6  7) */		st	%g2,[%g5+%g4]
+/* 0x0210	     ( 7  9) */		ret	! Result = 
+/* 0x0214	     ( 9 10) */		restore	%g0,%g0,%g0
+/* 0x0218	   0 ( 0  0) */		.type	conv_d16_to_i32,2
+/* 0x0218	     ( 0  0) */		.size	conv_d16_to_i32,(.-conv_d16_to_i32)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 ( 0  0) */		.align	8
+!
+! CONSTANT POOL
+!
+                                   .L_const_seg_900000301:		/* frequency 1.0 confidence 0.0 */
+/* 000000	   0 ( 0  0) */		.word	1127219200,0
+/* 0x0008	   0 ( 0  0) */		.align	4
+!
+! SUBROUTINE conv_i32_to_d32
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION	(ISSUE TIME)	(COMPLETION TIME)
+
+                                   	.global conv_i32_to_d32
+                                   conv_i32_to_d32:		/* frequency 1.0 confidence 0.0 */
+/* 000000	     ( 0  1) */		orcc	%g0,%o2,%g1
+
+!   92		                    !}
+!   94		                    !void conv_i32_to_d32(double *d32, unsigned int *i32, int len)
+!   95		                    !{
+!   96		                    !int i;
+!   98		                    !#pragma pipeloop(0)
+!   99		                    ! for(i=0;i<len;i++) d32[i]=(double)(i32[i]);
+
+/* 0x0004	  99 ( 0  1) */		ble,pt	%icc,.L77000140	! tprob=0.56
+/* 0x0008	     ( 0  1) */		nop
+/* 0x000c	     ( 1  2) */		sethi	%hi(.L_const_seg_900000301),%g2
+/* 0x0010	  95 ( 1  2) */		or	%g0,%o1,%g4
+/* 0x0014	  99 ( 2  3) */		add	%g2,%lo(.L_const_seg_900000301),%g2
+/* 0x0018	     ( 2  3) */		or	%g0,0,%o5
+/* 0x001c	  95 ( 3  4) */		or	%g0,%o0,%g5
+/* 0x0020	  99 ( 3  4) */		sub	%o2,1,%g3
+/* 0x0024	     ( 4  5) */		cmp	%o2,9
+/* 0x0028	     ( 4  5) */		bl,pn	%icc,.L77000144	! tprob=0.44
+/* 0x002c	     ( 4  7) */		ldd	[%g2],%f8
+/* 0x0030	     ( 5  8) */		ld	[%o1],%f7
+/* 0x0034	     ( 5  6) */		add	%o1,16,%g4
+/* 0x0038	     ( 5  6) */		sub	%o2,5,%g1
+/* 0x003c	     ( 6  9) */		ld	[%o1+4],%f5
+/* 0x0040	     ( 6  7) */		or	%g0,4,%o5
+/* 0x0044	     ( 7 10) */		ld	[%o1+8],%f3
+/* 0x0048	     ( 7  8) */		fmovs	%f8,%f6
+/* 0x004c	     ( 8 11) */		ld	[%o1+12],%f1
+                                   .L900000305:		/* frequency 64.0 confidence 0.0 */
+/* 0x0050	     ( 8 16) */		ld	[%g4],%f11
+/* 0x0054	     ( 8  9) */		add	%o5,5,%o5
+/* 0x0058	     ( 8  9) */		add	%g4,20,%g4
+/* 0x005c	     ( 8 11) */		fsubd	%f6,%f8,%f6
+/* 0x0060	     ( 9 10) */		std	%f6,[%g5]
+/* 0x0064	     ( 9  9) */		cmp	%o5,%g1
+/* 0x0068	     ( 9 10) */		add	%g5,40,%g5
+/* 0x006c	     ( 0  0) */		fmovs	%f8,%f4
+/* 0x0070	     (10 18) */		ld	[%g4-16],%f7
+/* 0x0074	     (10 13) */		fsubd	%f4,%f8,%f12
+/* 0x0078	     ( 0  0) */		fmovs	%f8,%f2
+/* 0x007c	     (11 12) */		std	%f12,[%g5-32]
+/* 0x0080	     (12 20) */		ld	[%g4-12],%f5
+/* 0x0084	     (12 15) */		fsubd	%f2,%f8,%f12
+/* 0x0088	     ( 0  0) */		fmovs	%f8,%f0
+/* 0x008c	     (13 14) */		std	%f12,[%g5-24]
+/* 0x0090	     (14 22) */		ld	[%g4-8],%f3
+/* 0x0094	     (14 17) */		fsubd	%f0,%f8,%f12
+/* 0x0098	     ( 0  0) */		fmovs	%f8,%f10
+/* 0x009c	     (15 16) */		std	%f12,[%g5-16]
+/* 0x00a0	     (16 24) */		ld	[%g4-4],%f1
+/* 0x00a4	     (16 19) */		fsubd	%f10,%f8,%f10
+/* 0x00a8	     ( 0  0) */		fmovs	%f8,%f6
+/* 0x00ac	     (17 18) */		ble,pt	%icc,.L900000305	! tprob=0.50
+/* 0x00b0	     (17 18) */		std	%f10,[%g5-8]
+                                   .L900000308:		/* frequency 8.0 confidence 0.0 */
+/* 0x00b4	     ( 0  1) */		fmovs	%f8,%f4
+/* 0x00b8	     ( 0  1) */		add	%g5,32,%g5
+/* 0x00bc	     ( 0  1) */		cmp	%o5,%g3
+/* 0x00c0	     ( 1  2) */		fmovs	%f8,%f2
+/* 0x00c4	     ( 2  3) */		fmovs	%f8,%f0
+/* 0x00c8	     ( 4  7) */		fsubd	%f6,%f8,%f6
+/* 0x00cc	     ( 4  5) */		std	%f6,[%g5-32]
+/* 0x00d0	     ( 5  8) */		fsubd	%f4,%f8,%f4
+/* 0x00d4	     ( 5  6) */		std	%f4,[%g5-24]
+/* 0x00d8	     ( 6  9) */		fsubd	%f2,%f8,%f2
+/* 0x00dc	     ( 6  7) */		std	%f2,[%g5-16]
+/* 0x00e0	     ( 7 10) */		fsubd	%f0,%f8,%f0
+/* 0x00e4	     ( 7  8) */		bg,pn	%icc,.L77000140	! tprob=0.14
+/* 0x00e8	     ( 7  8) */		std	%f0,[%g5-8]
+                                   .L77000144:		/* frequency 0.7 confidence 0.0 */
+/* 0x00ec	     ( 0  3) */		ld	[%g4],%f1
+                                   .L900000309:		/* frequency 6.4 confidence 0.0 */
+/* 0x00f0	     ( 0  3) */		ldd	[%g2],%f8
+/* 0x00f4	     ( 0  1) */		add	%o5,1,%o5
+/* 0x00f8	     ( 0  1) */		add	%g4,4,%g4
+/* 0x00fc	     ( 1  2) */		cmp	%o5,%g3
+/* 0x0100	     ( 2  3) */		fmovs	%f8,%f0
+/* 0x0104	     ( 4  7) */		fsubd	%f0,%f8,%f0
+/* 0x0108	     ( 4  5) */		std	%f0,[%g5]
+/* 0x010c	     ( 4  5) */		add	%g5,8,%g5
+/* 0x0110	     ( 4  5) */		ble,a,pt	%icc,.L900000309	! tprob=0.86
+/* 0x0114	     ( 6  9) */		ld	[%g4],%f1
+                                   .L77000140:		/* frequency 1.0 confidence 0.0 */
+/* 0x0118	     ( 0  2) */		retl	! Result = 
+/* 0x011c	     ( 1  2) */		nop
+/* 0x0120	   0 ( 0  0) */		.type	conv_i32_to_d32,2
+/* 0x0120	     ( 0  0) */		.size	conv_i32_to_d32,(.-conv_i32_to_d32)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 ( 0  0) */		.align	8
+!
+! CONSTANT POOL
+!
+                                   .L_const_seg_900000401:		/* frequency 1.0 confidence 0.0 */
+/* 000000	   0 ( 0  0) */		.word	1127219200,0
+/* 0x0008	   0 ( 0  0) */		.align	4
+!
+! SUBROUTINE conv_i32_to_d16
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION	(ISSUE TIME)	(COMPLETION TIME)
+
+                                   	.global conv_i32_to_d16
+                                   conv_i32_to_d16:		/* frequency 1.0 confidence 0.0 */
+/* 000000	     ( 0  1) */		save	%sp,-104,%sp
+/* 0x0004	     ( 1  2) */		orcc	%g0,%i2,%o0
+
+!  100		                    !}
+!  103		                    !void conv_i32_to_d16(double *d16, unsigned int *i32, int len)
+!  104		                    !{
+!  105		                    !int i;
+!  106		                    !unsigned int a;
+!  108		                    !#pragma pipeloop(0)
+!  109		                    ! for(i=0;i<len;i++)
+
+/* 0x0008	 109 ( 1  2) */		ble,pt	%icc,.L77000150	! tprob=0.56
+/* 0x000c	     ( 1  2) */		nop
+/* 0x0010	     ( 2  3) */		sub	%o0,1,%o5
+/* 0x0014	     ( 2  3) */		sethi	%hi(0xfc00),%g2
+
+!  110		                    !   {
+!  111		                    !     a=i32[i];
+!  112		                    !     d16[2*i]=(double)(a&0xffff);
+!  113		                    !     d16[2*i+1]=(double)(a>>16);
+
+/* 0x0018	 113 ( 3  4) */		sethi	%hi(.L_const_seg_900000401),%o0
+/* 0x001c	     ( 3  4) */		add	%o5,1,%g3
+/* 0x0020	     ( 4  5) */		add	%g2,1023,%o4
+/* 0x0024	 109 ( 4  5) */		or	%g0,0,%g1
+/* 0x0028	     ( 5  6) */		cmp	%g3,3
+/* 0x002c	     ( 5  6) */		or	%g0,%i1,%o7
+/* 0x0030	     ( 6  7) */		add	%o0,%lo(.L_const_seg_900000401),%o3
+/* 0x0034	     ( 6  7) */		or	%g0,%i0,%g2
+/* 0x0038	     ( 6  7) */		bl,pn	%icc,.L77000154	! tprob=0.44
+/* 0x003c	     ( 7  8) */		add	%o7,4,%o0
+/* 0x0040	 112 ( 7 10) */		ldd	[%o3],%f0
+/* 0x0044	 113 ( 7  8) */		or	%g0,1,%g1
+/* 0x0048	 111 ( 8 11) */		ld	[%o0-4],%o1
+/* 0x004c	   0 ( 8  9) */		or	%g0,%o0,%o7
+/* 0x0050	 112 (10 11) */		and	%o1,%o4,%o0
+                                   .L900000406:		/* frequency 64.0 confidence 0.0 */
+/* 0x0054	 112 (22 23) */		st	%o0,[%sp+96]
+/* 0x0058	 113 (22 23) */		add	%g1,1,%g1
+/* 0x005c	     (22 23) */		add	%g2,16,%g2
+/* 0x0060	     (23 23) */		cmp	%g1,%o5
+/* 0x0064	     (23 24) */		add	%o7,4,%o7
+/* 0x0068	 112 (29 31) */		ld	[%sp+96],%f3
+/* 0x006c	     ( 0  0) */		fmovs	%f0,%f2
+/* 0x0070	     (31 34) */		fsubd	%f2,%f0,%f2
+/* 0x0074	 113 (32 33) */		srl	%o1,16,%o0
+/* 0x0078	 112 (32 33) */		std	%f2,[%g2-16]
+/* 0x007c	 113 (33 34) */		st	%o0,[%sp+92]
+/* 0x0080	     (40 42) */		ld	[%sp+92],%f3
+/* 0x0084	 111 (41 43) */		ld	[%o7-4],%o1
+/* 0x0088	 113 ( 0  0) */		fmovs	%f0,%f2
+/* 0x008c	     (42 45) */		fsubd	%f2,%f0,%f2
+/* 0x0090	 112 (43 44) */		and	%o1,%o4,%o0
+/* 0x0094	 113 (43 44) */		ble,pt	%icc,.L900000406	! tprob=0.50
+/* 0x0098	     (43 44) */		std	%f2,[%g2-8]
+                                   .L900000409:		/* frequency 8.0 confidence 0.0 */
+/* 0x009c	 112 ( 0  1) */		st	%o0,[%sp+96]
+/* 0x00a0	     ( 0  1) */		fmovs	%f0,%f2
+/* 0x00a4	 113 ( 0  1) */		add	%g2,16,%g2
+/* 0x00a8	     ( 1  2) */		srl	%o1,16,%o0
+/* 0x00ac	 112 ( 4  7) */		ld	[%sp+96],%f3
+/* 0x00b0	     ( 6  9) */		fsubd	%f2,%f0,%f2
+/* 0x00b4	     ( 6  7) */		std	%f2,[%g2-16]
+/* 0x00b8	 113 ( 7  8) */		st	%o0,[%sp+92]
+/* 0x00bc	     (10 11) */		fmovs	%f0,%f2
+/* 0x00c0	     (11 14) */		ld	[%sp+92],%f3
+/* 0x00c4	     (13 16) */		fsubd	%f2,%f0,%f0
+/* 0x00c8	     (13 14) */		std	%f0,[%g2-8]
+/* 0x00cc	     (14 16) */		ret	! Result = 
+/* 0x00d0	     (16 17) */		restore	%g0,%g0,%g0
+                                   .L77000154:		/* frequency 0.7 confidence 0.0 */
+/* 0x00d4	 111 ( 0  3) */		ld	[%o7],%o0
+                                   .L900000410:		/* frequency 6.4 confidence 0.0 */
+/* 0x00d8	 112 ( 0  1) */		and	%o0,%o4,%o1
+/* 0x00dc	     ( 0  1) */		st	%o1,[%sp+96]
+/* 0x00e0	 113 ( 0  1) */		add	%g1,1,%g1
+/* 0x00e4	 112 ( 1  4) */		ldd	[%o3],%f0
+/* 0x00e8	 113 ( 1  2) */		srl	%o0,16,%o0
+/* 0x00ec	     ( 1  2) */		add	%o7,4,%o7
+/* 0x00f0	     ( 2  3) */		cmp	%g1,%o5
+/* 0x00f4	 112 ( 3  4) */		fmovs	%f0,%f2
+/* 0x00f8	     ( 4  7) */		ld	[%sp+96],%f3
+/* 0x00fc	     ( 6  9) */		fsubd	%f2,%f0,%f2
+/* 0x0100	     ( 6  7) */		std	%f2,[%g2]
+/* 0x0104	 113 ( 7  8) */		st	%o0,[%sp+92]
+/* 0x0108	     (10 11) */		fmovs	%f0,%f2
+/* 0x010c	     (11 14) */		ld	[%sp+92],%f3
+/* 0x0110	     (13 16) */		fsubd	%f2,%f0,%f0
+/* 0x0114	     (13 14) */		std	%f0,[%g2+8]
+/* 0x0118	     (13 14) */		add	%g2,16,%g2
+/* 0x011c	     (13 14) */		ble,a,pt	%icc,.L900000410	! tprob=0.86
+/* 0x0120	     (14 17) */		ld	[%o7],%o0
+                                   .L77000150:		/* frequency 1.0 confidence 0.0 */
+/* 0x0124	     ( 0  2) */		ret	! Result = 
+/* 0x0128	     ( 2  3) */		restore	%g0,%g0,%g0
+/* 0x012c	   0 ( 0  0) */		.type	conv_i32_to_d16,2
+/* 0x012c	     ( 0  0) */		.size	conv_i32_to_d16,(.-conv_i32_to_d16)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 ( 0  0) */		.align	8
+!
+! CONSTANT POOL
+!
+                                   .L_const_seg_900000501:		/* frequency 1.0 confidence 0.0 */
+/* 000000	   0 ( 0  0) */		.word	1127219200,0
+/* 0x0008	   0 ( 0  0) */		.align	4
+!
+! SUBROUTINE conv_i32_to_d32_and_d16
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION	(ISSUE TIME)	(COMPLETION TIME)
+
+                                   	.global conv_i32_to_d32_and_d16
+                                   conv_i32_to_d32_and_d16:		/* frequency 1.0 confidence 0.0 */
+/* 000000	     ( 0  1) */		save	%sp,-104,%sp
+/* 0x0004	     ( 1  2) */		or	%g0,%i3,%i4
+/* 0x0008	     ( 1  2) */		or	%g0,%i2,%g1
+
+!  114		                    !   }
+!  115		                    !}
+!  118		                    !void i16_to_d16_and_d32x4(double * /*1/(2^16)*/, double * /* 2^16*/,
+!  119		                    !			  double * /* 0 */,
+!  120		                    !			  double * /*result16*/, double * /* result32 */,
+!  121		                    !			  float *  /*source - should be unsigned int*
+!  122		                    !		          	       converted to float* */);
+!  126		                    !void conv_i32_to_d32_and_d16(double *d32, double *d16, 
+!  127		                    !			     unsigned int *i32, int len)
+!  128		                    !{
+!  129		                    !int i;
+!  130		                    !unsigned int a;
+!  132		                    !#pragma pipeloop(0)
+!  133		                    ! for(i=0;i<len-3;i+=4)
+
+/* 0x000c	 133 ( 2  3) */		sub	%i4,3,%g2
+/* 0x0010	     ( 2  3) */		or	%g0,0,%o7
+/* 0x0014	     ( 3  4) */		cmp	%g2,0
+/* 0x0018	 128 ( 3  4) */		or	%g0,%i0,%i3
+/* 0x001c	 133 ( 3  4) */		ble,pt	%icc,.L900000515	! tprob=0.56
+/* 0x0020	     ( 4  5) */		cmp	%o7,%i4
+
+!  134		                    !   {
+!  135		                    !     i16_to_d16_and_d32x4(&TwoToMinus16, &TwoTo16, &Zero,
+!  136		                    !			  &(d16[2*i]), &(d32[i]), (float *)(&(i32[i])));
+
+/* 0x0024	 136 ( 4  5) */		sethi	%hi(Zero),%g2
+/* 0x0028	 133 ( 5  6) */		or	%g0,%g1,%o3
+/* 0x002c	     ( 5  6) */		sub	%i4,4,%o2
+/* 0x0030	 136 ( 6  7) */		add	%g2,%lo(Zero),%o1
+/* 0x0034	 133 ( 6  7) */		or	%g0,0,%o5
+/* 0x0038	     ( 7  8) */		or	%g0,0,%o4
+/* 0x003c	 136 ( 7  8) */		or	%g0,%o3,%g4
+                                   .L900000514:		/* frequency 6.4 confidence 0.0 */
+/* 0x0040	     ( 0  3) */		ldd	[%o1],%f2
+/* 0x0044	 136 ( 0  1) */		add	%i3,%o5,%g2
+/* 0x0048	     ( 0  1) */		add	%i1,%o4,%g3
+/* 0x004c	     ( 1  4) */		ldd	[%o1-8],%f0
+/* 0x0050	     ( 1  2) */		add	%o7,4,%o7
+/* 0x0054	     ( 1  2) */		add	%o3,16,%o3
+/* 0x0058	     ( 2  3) */		fmovd	%f2,%f14
+/* 0x005c	     ( 2  5) */		ld	[%g4],%f15
+/* 0x0060	     ( 2  3) */		cmp	%o7,%o2
+/* 0x0064	     ( 3  4) */		fmovd	%f2,%f10
+/* 0x0068	     ( 3  6) */		ld	[%g4+4],%f11
+/* 0x006c	     ( 4  5) */		fmovd	%f2,%f6
+/* 0x0070	     ( 4  7) */		ld	[%g4+8],%f7
+/* 0x0074	     ( 5  8) */		ld	[%g4+12],%f3
+/* 0x0078	     ( 5  8) */		fxtod	%f14,%f14
+/* 0x007c	     ( 6  9) */		fxtod	%f10,%f10
+/* 0x0080	     ( 6  9) */		ldd	[%o1-16],%f16
+/* 0x0084	     ( 7 10) */		fxtod	%f6,%f6
+/* 0x0088	     ( 7  8) */		std	%f14,[%i3+%o5]
+/* 0x008c	     ( 7  8) */		add	%o5,32,%o5
+/* 0x0090	     ( 8 11) */		fxtod	%f2,%f2
+/* 0x0094	     ( 8 11) */		fmuld	%f0,%f14,%f12
+/* 0x0098	     ( 8  9) */		std	%f10,[%g2+8]
+/* 0x009c	     ( 9 12) */		fmuld	%f0,%f10,%f8
+/* 0x00a0	     ( 9 10) */		std	%f6,[%g2+16]
+/* 0x00a4	     (10 13) */		fmuld	%f0,%f6,%f4
+/* 0x00a8	     (10 11) */		std	%f2,[%g2+24]
+/* 0x00ac	     (11 14) */		fmuld	%f0,%f2,%f0
+/* 0x00b0	     (11 14) */		fdtox	%f12,%f12
+/* 0x00b4	     (12 15) */		fdtox	%f8,%f8
+/* 0x00b8	     (13 16) */		fdtox	%f4,%f4
+/* 0x00bc	     (14 17) */		fdtox	%f0,%f0
+/* 0x00c0	     (15 18) */		fxtod	%f12,%f12
+/* 0x00c4	     (15 16) */		std	%f12,[%g3+8]
+/* 0x00c8	     (16 19) */		fxtod	%f8,%f8
+/* 0x00cc	     (16 17) */		std	%f8,[%g3+24]
+/* 0x00d0	     (17 20) */		fxtod	%f4,%f4
+/* 0x00d4	     (17 18) */		std	%f4,[%g3+40]
+/* 0x00d8	     (18 21) */		fxtod	%f0,%f0
+/* 0x00dc	     (18 21) */		fmuld	%f12,%f16,%f12
+/* 0x00e0	     (18 19) */		std	%f0,[%g3+56]
+/* 0x00e4	     (19 22) */		fmuld	%f8,%f16,%f8
+/* 0x00e8	     (20 23) */		fmuld	%f4,%f16,%f4
+/* 0x00ec	     (21 24) */		fmuld	%f0,%f16,%f0
+/* 0x00f0	     (21 24) */		fsubd	%f14,%f12,%f12
+/* 0x00f4	     (21 22) */		std	%f12,[%i1+%o4]
+/* 0x00f8	     (22 25) */		fsubd	%f10,%f8,%f8
+/* 0x00fc	     (22 23) */		std	%f8,[%g3+16]
+/* 0x0100	     (22 23) */		add	%o4,64,%o4
+/* 0x0104	     (23 26) */		fsubd	%f6,%f4,%f4
+/* 0x0108	     (23 24) */		std	%f4,[%g3+32]
+/* 0x010c	     (24 27) */		fsubd	%f2,%f0,%f0
+/* 0x0110	     (24 25) */		std	%f0,[%g3+48]
+/* 0x0114	     (24 25) */		ble,pt	%icc,.L900000514	! tprob=0.86
+/* 0x0118	     (25 26) */		or	%g0,%o3,%g4
+                                   .L77000159:		/* frequency 1.0 confidence 0.0 */
+
+!  137		                    !   }
+!  138		                    ! for(;i<len;i++)
+
+/* 0x011c	 138 ( 0  1) */		cmp	%o7,%i4
+                                   .L900000515:		/* frequency 1.0 confidence 0.0 */
+/* 0x0120	 138 ( 0  1) */		bge,pt	%icc,.L77000164	! tprob=0.56
+/* 0x0124	     ( 0  1) */		nop
+
+!  139		                    !   {
+!  140		                    !     a=i32[i];
+!  141		                    !     d32[i]=(double)(i32[i]);
+!  142		                    !     d16[2*i]=(double)(a&0xffff);
+!  143		                    !     d16[2*i+1]=(double)(a>>16);
+
+/* 0x0128	 143 ( 0  1) */		sethi	%hi(.L_const_seg_900000501),%o1
+/* 0x012c	 138 ( 1  2) */		sethi	%hi(0xfc00),%o0
+/* 0x0130	 141 ( 1  4) */		ldd	[%o1+%lo(.L_const_seg_900000501)],%f0
+/* 0x0134	 138 ( 1  2) */		sub	%i4,%o7,%g3
+/* 0x0138	     ( 2  3) */		sll	%o7,2,%g2
+/* 0x013c	     ( 2  3) */		add	%o0,1023,%o3
+/* 0x0140	     ( 3  4) */		sll	%o7,3,%g4
+/* 0x0144	     ( 3  4) */		cmp	%g3,3
+/* 0x0148	     ( 4  5) */		add	%g1,%g2,%o0
+/* 0x014c	     ( 4  5) */		add	%o1,%lo(.L_const_seg_900000501),%o2
+/* 0x0150	     ( 5  6) */		add	%i3,%g4,%o4
+/* 0x0154	     ( 5  6) */		sub	%i4,1,%o1
+/* 0x0158	     ( 6  7) */		sll	%o7,4,%g5
+/* 0x015c	     ( 6  7) */		bl,pn	%icc,.L77000161	! tprob=0.44
+/* 0x0160	     ( 7  8) */		add	%i1,%g5,%o5
+/* 0x0164	 141 ( 7 10) */		ld	[%g1+%g2],%f3
+/* 0x0168	 143 ( 7  8) */		add	%o4,8,%o4
+/* 0x016c	 140 ( 8 11) */		ld	[%g1+%g2],%g1
+/* 0x0170	 143 ( 8  9) */		add	%o5,16,%o5
+/* 0x0174	     ( 8  9) */		add	%o7,1,%o7
+/* 0x0178	 141 ( 9 10) */		fmovs	%f0,%f2
+/* 0x017c	 143 ( 9 10) */		add	%o0,4,%o0
+/* 0x0180	 142 (10 11) */		and	%g1,%o3,%g2
+/* 0x0184	 141 (11 14) */		fsubd	%f2,%f0,%f2
+/* 0x0188	     (11 12) */		std	%f2,[%o4-8]
+/* 0x018c	 143 (11 12) */		srl	%g1,16,%g1
+/* 0x0190	 142 (12 13) */		st	%g2,[%sp+96]
+/* 0x0194	     (15 16) */		fmovs	%f0,%f2
+/* 0x0198	     (16 19) */		ld	[%sp+96],%f3
+/* 0x019c	     (18 21) */		fsubd	%f2,%f0,%f2
+/* 0x01a0	     (18 19) */		std	%f2,[%o5-16]
+/* 0x01a4	 143 (19 20) */		st	%g1,[%sp+92]
+/* 0x01a8	     (22 23) */		fmovs	%f0,%f2
+/* 0x01ac	     (23 26) */		ld	[%sp+92],%f3
+/* 0x01b0	     (25 28) */		fsubd	%f2,%f0,%f2
+/* 0x01b4	     (25 26) */		std	%f2,[%o5-8]
+                                   .L900000509:		/* frequency 64.0 confidence 0.0 */
+/* 0x01b8	 141 (26 28) */		ld	[%o0],%f3
+/* 0x01bc	 143 (26 27) */		add	%o7,2,%o7
+/* 0x01c0	     (26 27) */		add	%o5,32,%o5
+/* 0x01c4	 140 (27 29) */		ld	[%o0],%g1
+/* 0x01c8	 143 (27 27) */		cmp	%o7,%o1
+/* 0x01cc	     (27 28) */		add	%o4,16,%o4
+/* 0x01d0	 141 ( 0  0) */		fmovs	%f0,%f2
+/* 0x01d4	     (28 31) */		fsubd	%f2,%f0,%f2
+/* 0x01d8	     (29 30) */		std	%f2,[%o4-16]
+/* 0x01dc	 142 (29 30) */		and	%g1,%o3,%g2
+/* 0x01e0	     (30 31) */		st	%g2,[%sp+96]
+/* 0x01e4	     (37 39) */		ld	[%sp+96],%f3
+/* 0x01e8	     ( 0  0) */		fmovs	%f0,%f2
+/* 0x01ec	     (39 42) */		fsubd	%f2,%f0,%f2
+/* 0x01f0	 143 (40 41) */		srl	%g1,16,%g1
+/* 0x01f4	 142 (40 41) */		std	%f2,[%o5-32]
+/* 0x01f8	 143 (41 42) */		st	%g1,[%sp+92]
+/* 0x01fc	     (48 50) */		ld	[%sp+92],%f3
+/* 0x0200	     ( 0  0) */		fmovs	%f0,%f2
+/* 0x0204	     (50 53) */		fsubd	%f2,%f0,%f2
+/* 0x0208	     (51 52) */		std	%f2,[%o5-24]
+/* 0x020c	     (51 52) */		add	%o0,4,%o0
+/* 0x0210	 141 (52 54) */		ld	[%o0],%f3
+/* 0x0214	 140 (53 55) */		ld	[%o0],%g1
+/* 0x0218	 141 ( 0  0) */		fmovs	%f0,%f2
+/* 0x021c	     (54 57) */		fsubd	%f2,%f0,%f2
+/* 0x0220	     (55 56) */		std	%f2,[%o4-8]
+/* 0x0224	 142 (55 56) */		and	%g1,%o3,%g2
+/* 0x0228	     (56 57) */		st	%g2,[%sp+96]
+/* 0x022c	     (63 65) */		ld	[%sp+96],%f3
+/* 0x0230	     ( 0  0) */		fmovs	%f0,%f2
+/* 0x0234	     (65 68) */		fsubd	%f2,%f0,%f2
+/* 0x0238	 143 (66 67) */		srl	%g1,16,%g1
+/* 0x023c	 142 (66 67) */		std	%f2,[%o5-16]
+/* 0x0240	 143 (67 68) */		st	%g1,[%sp+92]
+/* 0x0244	     (74 76) */		ld	[%sp+92],%f3
+/* 0x0248	     ( 0  0) */		fmovs	%f0,%f2
+/* 0x024c	     (76 79) */		fsubd	%f2,%f0,%f2
+/* 0x0250	     (77 78) */		std	%f2,[%o5-8]
+/* 0x0254	     (77 78) */		bl,pt	%icc,.L900000509	! tprob=0.50
+/* 0x0258	     (77 78) */		add	%o0,4,%o0
+                                   .L900000512:		/* frequency 8.0 confidence 0.0 */
+/* 0x025c	 143 ( 0  1) */		cmp	%o7,%i4
+/* 0x0260	     ( 0  1) */		bge,pn	%icc,.L77000164	! tprob=0.14
+/* 0x0264	     ( 0  1) */		nop
+                                   .L77000161:		/* frequency 0.7 confidence 0.0 */
+/* 0x0268	 141 ( 0  3) */		ld	[%o0],%f3
+                                   .L900000513:		/* frequency 6.4 confidence 0.0 */
+/* 0x026c	 141 ( 0  3) */		ldd	[%o2],%f0
+/* 0x0270	 143 ( 0  1) */		add	%o7,1,%o7
+/* 0x0274	 140 ( 1  4) */		ld	[%o0],%o1
+/* 0x0278	 143 ( 1  2) */		add	%o0,4,%o0
+/* 0x027c	     ( 1  2) */		cmp	%o7,%i4
+/* 0x0280	 141 ( 2  3) */		fmovs	%f0,%f2
+/* 0x0284	 142 ( 3  4) */		and	%o1,%o3,%g1
+/* 0x0288	 141 ( 4  7) */		fsubd	%f2,%f0,%f2
+/* 0x028c	     ( 4  5) */		std	%f2,[%o4]
+/* 0x0290	 143 ( 4  5) */		srl	%o1,16,%o1
+/* 0x0294	 142 ( 5  6) */		st	%g1,[%sp+96]
+/* 0x0298	 143 ( 5  6) */		add	%o4,8,%o4
+/* 0x029c	 142 ( 8  9) */		fmovs	%f0,%f2
+/* 0x02a0	     ( 9 12) */		ld	[%sp+96],%f3
+/* 0x02a4	     (11 14) */		fsubd	%f2,%f0,%f2
+/* 0x02a8	     (11 12) */		std	%f2,[%o5]
+/* 0x02ac	 143 (12 13) */		st	%o1,[%sp+92]
+/* 0x02b0	     (15 16) */		fmovs	%f0,%f2
+/* 0x02b4	     (16 19) */		ld	[%sp+92],%f3
+/* 0x02b8	     (18 21) */		fsubd	%f2,%f0,%f0
+/* 0x02bc	     (18 19) */		std	%f0,[%o5+8]
+/* 0x02c0	     (18 19) */		add	%o5,16,%o5
+/* 0x02c4	     (18 19) */		bl,a,pt	%icc,.L900000513	! tprob=0.86
+/* 0x02c8	     (19 22) */		ld	[%o0],%f3
+                                   .L77000164:		/* frequency 1.0 confidence 0.0 */
+/* 0x02cc	     ( 0  2) */		ret	! Result = 
+/* 0x02d0	     ( 2  3) */		restore	%g0,%g0,%g0
+/* 0x02d4	   0 ( 0  0) */		.type	conv_i32_to_d32_and_d16,2
+/* 0x02d4	     ( 0  0) */		.size	conv_i32_to_d32_and_d16,(.-conv_i32_to_d32_and_d16)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 ( 0  0) */		.align	4
+!
+! SUBROUTINE adjust_montf_result
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION	(ISSUE TIME)	(COMPLETION TIME)
+
+                                   	.global adjust_montf_result
+                                   adjust_montf_result:		/* frequency 1.0 confidence 0.0 */
+
+!  144		                    !   }
+!  145		                    !}
+!  148		                    !void adjust_montf_result(unsigned int *i32, unsigned int *nint, int len)
+!  149		                    !{
+!  150		                    !long long acc;
+!  151		                    !int i;
+!  153		                    ! if(i32[len]>0) i=-1;
+
+/* 000000	 153 ( 0  1) */		sll	%o2,2,%g1
+/* 0x0004	     ( 0  1) */		or	%g0,-1,%g3
+/* 0x0008	     ( 1  4) */		ld	[%o0+%g1],%g1
+/* 0x000c	     ( 3  4) */		cmp	%g1,0
+/* 0x0010	     ( 3  4) */		bleu,pn	%icc,.L77000175	! tprob=0.50
+/* 0x0014	     ( 3  4) */		or	%g0,%o1,%o3
+/* 0x0018	     ( 4  5) */		ba	.L900000611	! tprob=1.00
+/* 0x001c	     ( 4  5) */		cmp	%g3,0
+                                   .L77000175:		/* frequency 0.8 confidence 0.0 */
+
+!  154		                    ! else
+!  155		                    !   {
+!  156		                    !     for(i=len-1; i>=0; i++)
+
+/* 0x0020	 156 ( 0  1) */		subcc	%o2,1,%g3
+/* 0x0024	     ( 0  1) */		bneg,pt	%icc,.L900000611	! tprob=0.60
+/* 0x0028	     ( 1  2) */		cmp	%g3,0
+/* 0x002c	     ( 1  2) */		sll	%g3,2,%g1
+/* 0x0030	     ( 2  3) */		add	%o0,%g1,%g2
+/* 0x0034	     ( 2  3) */		add	%o1,%g1,%g1
+
+!  157		                    !       {
+!  158		                    !	 if(i32[i]!=nint[i]) break;
+
+/* 0x0038	 158 ( 3  6) */		ld	[%g1],%g5
+                                   .L900000610:		/* frequency 5.3 confidence 0.0 */
+/* 0x003c	 158 ( 0  3) */		ld	[%g2],%o5
+/* 0x0040	     ( 0  1) */		add	%g1,4,%g1
+/* 0x0044	     ( 0  1) */		add	%g2,4,%g2
+/* 0x0048	     ( 2  3) */		cmp	%o5,%g5
+/* 0x004c	     ( 2  3) */		bne,pn	%icc,.L77000182	! tprob=0.16
+/* 0x0050	     ( 2  3) */		nop
+/* 0x0054	     ( 3  4) */		addcc	%g3,1,%g3
+/* 0x0058	     ( 3  4) */		bpos,a,pt	%icc,.L900000610	! tprob=0.84
+/* 0x005c	     ( 3  6) */		ld	[%g1],%g5
+                                   .L77000182:		/* frequency 1.0 confidence 0.0 */
+
+!  159		                    !       }
+!  160		                    !   }
+!  161		                    ! if((i<0)||(i32[i]>nint[i]))
+
+/* 0x0060	 161 ( 0  1) */		cmp	%g3,0
+                                   .L900000611:		/* frequency 1.0 confidence 0.0 */
+/* 0x0064	 161 ( 0  1) */		bl,pn	%icc,.L77000198	! tprob=0.50
+/* 0x0068	     ( 0  1) */		sll	%g3,2,%g2
+/* 0x006c	     ( 1  4) */		ld	[%o1+%g2],%g1
+/* 0x0070	     ( 2  5) */		ld	[%o0+%g2],%g2
+/* 0x0074	     ( 4  5) */		cmp	%g2,%g1
+/* 0x0078	     ( 4  5) */		bleu,pt	%icc,.L77000191	! tprob=0.56
+/* 0x007c	     ( 4  5) */		nop
+                                   .L77000198:		/* frequency 0.8 confidence 0.0 */
+
+!  162		                    !   {
+!  163		                    !     acc=0;
+!  164		                    !     for(i=0;i<len;i++)
+
+/* 0x0080	 164 ( 0  1) */		cmp	%o2,0
+/* 0x0084	     ( 0  1) */		ble,pt	%icc,.L77000191	! tprob=0.60
+/* 0x0088	     ( 0  1) */		nop
+/* 0x008c	 161 ( 1  2) */		or	%g0,-1,%g2
+/* 0x0090	     ( 1  2) */		sub	%o2,1,%g4
+/* 0x0094	     ( 2  3) */		srl	%g2,0,%g3
+/* 0x0098	 163 ( 2  3) */		or	%g0,0,%g5
+/* 0x009c	 164 ( 3  4) */		or	%g0,0,%o5
+/* 0x00a0	 161 ( 3  4) */		or	%g0,%o0,%o4
+/* 0x00a4	     ( 4  5) */		cmp	%o2,3
+/* 0x00a8	     ( 4  5) */		add	%o1,4,%g2
+/* 0x00ac	 164 ( 4  5) */		bl,pn	%icc,.L77000199	! tprob=0.40
+/* 0x00b0	     ( 5  6) */		add	%o0,8,%g1
+
+!  165		                    !       {
+!  166		                    !	 acc=acc+(unsigned long long)(i32[i])-(unsigned long long)(nint[i]);
+
+/* 0x00b4	 166 ( 5  8) */		ld	[%o0],%o2
+/* 0x00b8	   0 ( 5  6) */		or	%g0,%g2,%o3
+/* 0x00bc	 166 ( 6  9) */		ld	[%o1],%o1
+/* 0x00c0	   0 ( 6  7) */		or	%g0,%g1,%o4
+
+!  167		                    !	 i32[i]=acc&0xffffffff;
+!  168		                    !	 acc=acc>>32;
+
+/* 0x00c4	 168 ( 6  7) */		or	%g0,2,%o5
+/* 0x00c8	 166 ( 7 10) */		ld	[%o0+4],%g1
+/* 0x00cc	 164 ( 8  9) */		sub	%o2,%o1,%o2
+/* 0x00d0	     ( 9 10) */		or	%g0,%o2,%g5
+/* 0x00d4	 167 ( 9 10) */		and	%o2,%g3,%o2
+/* 0x00d8	     ( 9 10) */		st	%o2,[%o0]
+/* 0x00dc	 168 (10 11) */		srax	%g5,32,%g5
+                                   .L900000605:		/* frequency 64.0 confidence 0.0 */
+/* 0x00e0	 166 (12 20) */		ld	[%o3],%o2
+/* 0x00e4	 168 (12 13) */		add	%o5,1,%o5
+/* 0x00e8	     (12 13) */		add	%o3,4,%o3
+/* 0x00ec	     (13 13) */		cmp	%o5,%g4
+/* 0x00f0	     (13 14) */		add	%o4,4,%o4
+/* 0x00f4	 164 (14 14) */		sub	%g1,%o2,%g1
+/* 0x00f8	     (15 15) */		add	%g1,%g5,%g5
+/* 0x00fc	 167 (16 17) */		and	%g5,%g3,%o2
+/* 0x0100	 166 (16 24) */		ld	[%o4-4],%g1
+/* 0x0104	 167 (17 18) */		st	%o2,[%o4-8]
+/* 0x0108	 168 (17 18) */		ble,pt	%icc,.L900000605	! tprob=0.50
+/* 0x010c	     (17 18) */		srax	%g5,32,%g5
+                                   .L900000608:		/* frequency 8.0 confidence 0.0 */
+/* 0x0110	 166 ( 0  3) */		ld	[%o3],%g2
+/* 0x0114	 164 ( 2  3) */		sub	%g1,%g2,%g1
+/* 0x0118	     ( 3  4) */		add	%g1,%g5,%g1
+/* 0x011c	 167 ( 4  5) */		and	%g1,%g3,%g2
+/* 0x0120	     ( 5  7) */		retl	! Result = 
+/* 0x0124	     ( 6  7) */		st	%g2,[%o4-4]
+                                   .L77000199:		/* frequency 0.6 confidence 0.0 */
+/* 0x0128	 166 ( 0  3) */		ld	[%o4],%g1
+                                   .L900000609:		/* frequency 5.3 confidence 0.0 */
+/* 0x012c	 166 ( 0  3) */		ld	[%o3],%g2
+/* 0x0130	     ( 0  1) */		add	%g5,%g1,%g1
+/* 0x0134	 168 ( 0  1) */		add	%o5,1,%o5
+/* 0x0138	     ( 1  2) */		add	%o3,4,%o3
+/* 0x013c	     ( 1  2) */		cmp	%o5,%g4
+/* 0x0140	 166 ( 2  3) */		sub	%g1,%g2,%g1
+/* 0x0144	 167 ( 3  4) */		and	%g1,%g3,%g2
+/* 0x0148	     ( 3  4) */		st	%g2,[%o4]
+/* 0x014c	 168 ( 3  4) */		add	%o4,4,%o4
+/* 0x0150	     ( 4  5) */		srax	%g1,32,%g5
+/* 0x0154	     ( 4  5) */		ble,a,pt	%icc,.L900000609	! tprob=0.84
+/* 0x0158	     ( 4  7) */		ld	[%o4],%g1
+                                   .L77000191:		/* frequency 1.0 confidence 0.0 */
+/* 0x015c	     ( 0  2) */		retl	! Result = 
+/* 0x0160	     ( 1  2) */		nop
+/* 0x0164	   0 ( 0  0) */		.type	adjust_montf_result,2
+/* 0x0164	     ( 0  0) */		.size	adjust_montf_result,(.-adjust_montf_result)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 ( 0  0) */		.align	32
+!
+! SUBROUTINE mont_mulf_noconv
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION	(ISSUE TIME)	(COMPLETION TIME)
+
+                                   	.global mont_mulf_noconv
+                                   mont_mulf_noconv:		/* frequency 1.0 confidence 0.0 */
+/* 000000	     ( 0  1) */		save	%sp,-144,%sp
+/* 0x0004	     ( 1  2) */		st	%i0,[%fp+68]
+
+!  169		                    !       }
+!  170		                    !   }
+!  171		                    !}
+!  175		                    !void cleanup(double *dt, int from, int tlen);
+!  177		                    !/*
+!  178		                    !** the lengths of the input arrays should be at least the following:
+!  179		                    !** result[nlen+1], dm1[nlen], dm2[2*nlen+1], dt[4*nlen+2], dn[nlen], nint[nlen]
+!  180		                    !** all of them should be different from one another
+!  181		                    !**
+!  182		                    !*/
+!  183		                    !void mont_mulf_noconv(unsigned int *result,
+!  184		                    !		     double *dm1, double *dm2, double *dt,
+!  185		                    !		     double *dn, unsigned int *nint,
+!  186		                    !		     int nlen, double dn0)
+!  187		                    !{
+!  188		                    ! int i, j, jj;
+!  189		                    ! int tmp;
+!  190		                    ! double digit, m2j, nextm2j, a, b;
+!  191		                    ! double *dptmp, *pdm1, *pdm2, *pdn, *pdtj, pdn_0, pdm1_0;
+!  193		                    ! pdm1=&(dm1[0]);
+!  194		                    ! pdm2=&(dm2[0]);
+!  195		                    ! pdn=&(dn[0]);
+!  196		                    ! pdm2[2*nlen]=Zero;
+
+/* 0x0008	 196 ( 1  2) */		sethi	%hi(Zero),%g2
+/* 0x000c	 187 ( 1  2) */		or	%g0,%i2,%o1
+/* 0x0010	     ( 2  3) */		st	%i5,[%fp+88]
+/* 0x0014	     ( 2  3) */		or	%g0,%i3,%o2
+/* 0x0018	 196 ( 2  3) */		add	%g2,%lo(Zero),%g4
+/* 0x001c	     ( 3  6) */		ldd	[%g2+%lo(Zero)],%f2
+/* 0x0020	 187 ( 3  4) */		or	%g0,%o2,%g5
+/* 0x0024	 196 ( 3  4) */		or	%g0,%o1,%i0
+/* 0x0028	 187 ( 4  5) */		or	%g0,%i4,%i2
+
+!  198		                    ! if (nlen!=16)
+!  199		                    !   {
+!  200		                    !     for(i=0;i<4*nlen+2;i++) dt[i]=Zero;
+!  202		                    !     a=dt[0]=pdm1[0]*pdm2[0];
+!  203		                    !     digit=mod(lower32(a,Zero)*dn0,TwoToMinus16,TwoTo16);
+!  205		                    !     pdtj=&(dt[0]);
+!  206		                    !     for(j=jj=0;j<2*nlen;j++,jj++,pdtj++)
+!  207		                    !       {
+!  208		                    !	 m2j=pdm2[j];
+!  209		                    !	 a=pdtj[0]+pdn[0]*digit;
+!  210		                    !	 b=pdtj[1]+pdm1[0]*pdm2[j+1]+a*TwoToMinus16;
+!  211		                    !	 pdtj[1]=b;
+!  213		                    !#pragma pipeloop(0)
+!  214		                    !	 for(i=1;i<nlen;i++)
+!  215		                    !	   {
+!  216		                    !	     pdtj[2*i]+=pdm1[i]*m2j+pdn[i]*digit;
+!  217		                    !	   }
+!  218		                    ! 	 if((jj==30)) {cleanup(dt,j/2+1,2*nlen+1); jj=0;}
+!  219		                    !	 
+!  220		                    !	 digit=mod(lower32(b,Zero)*dn0,TwoToMinus16,TwoTo16);
+!  221		                    !       }
+!  222		                    !   }
+!  223		                    ! else
+!  224		                    !   {
+!  225		                    !     a=dt[0]=pdm1[0]*pdm2[0];
+!  227		                    !     dt[65]=     dt[64]=     dt[63]=     dt[62]=     dt[61]=     dt[60]=
+!  228		                    !     dt[59]=     dt[58]=     dt[57]=     dt[56]=     dt[55]=     dt[54]=
+!  229		                    !     dt[53]=     dt[52]=     dt[51]=     dt[50]=     dt[49]=     dt[48]=
+!  230		                    !     dt[47]=     dt[46]=     dt[45]=     dt[44]=     dt[43]=     dt[42]=
+!  231		                    !     dt[41]=     dt[40]=     dt[39]=     dt[38]=     dt[37]=     dt[36]=
+!  232		                    !     dt[35]=     dt[34]=     dt[33]=     dt[32]=     dt[31]=     dt[30]=
+!  233		                    !     dt[29]=     dt[28]=     dt[27]=     dt[26]=     dt[25]=     dt[24]=
+!  234		                    !     dt[23]=     dt[22]=     dt[21]=     dt[20]=     dt[19]=     dt[18]=
+!  235		                    !     dt[17]=     dt[16]=     dt[15]=     dt[14]=     dt[13]=     dt[12]=
+!  236		                    !     dt[11]=     dt[10]=     dt[ 9]=     dt[ 8]=     dt[ 7]=     dt[ 6]=
+!  237		                    !     dt[ 5]=     dt[ 4]=     dt[ 3]=     dt[ 2]=     dt[ 1]=Zero;
+!  239		                    !     pdn_0=pdn[0];
+!  240		                    !     pdm1_0=pdm1[0];
+!  242		                    !     digit=mod(lower32(a,Zero)*dn0,TwoToMinus16,TwoTo16);
+!  243		                    !     pdtj=&(dt[0]);
+!  245		                    !     for(j=0;j<32;j++,pdtj++)
+!  246		                    !       {
+!  248		                    !	 m2j=pdm2[j];
+!  249		                    !	 a=pdtj[0]+pdn_0*digit;
+!  250		                    !	 b=pdtj[1]+pdm1_0*pdm2[j+1]+a*TwoToMinus16;
+!  251		                    !	 pdtj[1]=b;
+!  253		                    !	 /**** this loop will be fully unrolled:
+!  254		                    !	 for(i=1;i<16;i++)
+!  255		                    !	   {
+!  256		                    !	     pdtj[2*i]+=pdm1[i]*m2j+pdn[i]*digit;
+!  257		                    !	   }
+!  258		                    !	 *************************************/
+!  259		                    !	     pdtj[2]+=pdm1[1]*m2j+pdn[1]*digit;
+!  260		                    !	     pdtj[4]+=pdm1[2]*m2j+pdn[2]*digit;
+!  261		                    !	     pdtj[6]+=pdm1[3]*m2j+pdn[3]*digit;
+!  262		                    !	     pdtj[8]+=pdm1[4]*m2j+pdn[4]*digit;
+!  263		                    !	     pdtj[10]+=pdm1[5]*m2j+pdn[5]*digit;
+!  264		                    !	     pdtj[12]+=pdm1[6]*m2j+pdn[6]*digit;
+!  265		                    !	     pdtj[14]+=pdm1[7]*m2j+pdn[7]*digit;
+!  266		                    !	     pdtj[16]+=pdm1[8]*m2j+pdn[8]*digit;
+!  267		                    !	     pdtj[18]+=pdm1[9]*m2j+pdn[9]*digit;
+!  268		                    !	     pdtj[20]+=pdm1[10]*m2j+pdn[10]*digit;
+!  269		                    !	     pdtj[22]+=pdm1[11]*m2j+pdn[11]*digit;
+!  270		                    !	     pdtj[24]+=pdm1[12]*m2j+pdn[12]*digit;
+!  271		                    !	     pdtj[26]+=pdm1[13]*m2j+pdn[13]*digit;
+!  272		                    !	     pdtj[28]+=pdm1[14]*m2j+pdn[14]*digit;
+!  273		                    !	     pdtj[30]+=pdm1[15]*m2j+pdn[15]*digit;
+!  274		                    !	 /* no need for cleenup, cannot overflow */
+!  275		                    !	 digit=mod(lower32(b,Zero)*dn0,TwoToMinus16,TwoTo16);
+!  276		                    !       }
+!  277		                    !   }
+!  279		                    ! conv_d16_to_i32(result,dt+2*nlen,(long long *)dt,nlen+1);
+!  281		                    ! adjust_montf_result(result,nint,nlen); 
+
+/* 0x002c	 281 ( 4  5) */		or	%g0,1,%o4
+/* 0x0030	 187 ( 6  9) */		ldd	[%fp+96],%f0
+/* 0x0034	 196 ( 7 10) */		ld	[%fp+92],%o0
+/* 0x0038	 187 ( 8  9) */		fmovd	%f0,%f16
+/* 0x003c	 196 ( 9 10) */		sll	%o0,4,%g2
+/* 0x0040	     ( 9 10) */		or	%g0,%o0,%g1
+/* 0x0044	 198 (10 11) */		cmp	%o0,16
+/* 0x0048	     (10 11) */		be,pn	%icc,.L77000289	! tprob=0.50
+/* 0x004c	     (10 11) */		std	%f2,[%o1+%g2]
+/* 0x0050	 200 (11 12) */		sll	%o0,2,%g2
+/* 0x0054	     (11 14) */		ldd	[%g4],%f2
+/* 0x0058	     (12 13) */		add	%g2,2,%o1
+/* 0x005c	     (12 13) */		add	%g2,1,%o3
+/* 0x0060	 196 (13 14) */		sll	%o0,1,%o7
+/* 0x0064	 200 (13 14) */		cmp	%o1,0
+/* 0x0068	     (13 14) */		ble,a,pt	%icc,.L900000755	! tprob=0.55
+/* 0x006c	     (14 17) */		ldd	[%i1],%f0
+/* 0x0070	     (14 15) */		cmp	%o1,3
+/* 0x0074	 281 (14 15) */		or	%g0,1,%o1
+/* 0x0078	     (14 15) */		bl,pn	%icc,.L77000279	! tprob=0.40
+/* 0x007c	     (15 16) */		add	%o2,8,%o0
+/* 0x0080	     (15 16) */		std	%f2,[%g5]
+/* 0x0084	   0 (16 17) */		or	%g0,%o0,%o2
+                                   .L900000726:		/* frequency 64.0 confidence 0.0 */
+/* 0x0088	     ( 3  5) */		ldd	[%g4],%f0
+/* 0x008c	     ( 3  4) */		add	%o4,1,%o4
+/* 0x0090	     ( 3  4) */		add	%o2,8,%o2
+/* 0x0094	     ( 4  4) */		cmp	%o4,%o3
+/* 0x0098	     ( 5  6) */		ble,pt	%icc,.L900000726	! tprob=0.50
+/* 0x009c	     ( 5  6) */		std	%f0,[%o2-8]
+                                   .L900000729:		/* frequency 8.0 confidence 0.0 */
+/* 0x00a0	     ( 0  1) */		ba	.L900000755	! tprob=1.00
+/* 0x00a4	     ( 0  3) */		ldd	[%i1],%f0
+                                   .L77000279:		/* frequency 0.6 confidence 0.0 */
+/* 0x00a8	     ( 0  1) */		std	%f2,[%o2]
+                                   .L900000754:		/* frequency 5.3 confidence 0.0 */
+/* 0x00ac	     ( 0  3) */		ldd	[%g4],%f2
+/* 0x00b0	     ( 0  1) */		cmp	%o1,%o3
+/* 0x00b4	     ( 0  1) */		add	%o2,8,%o2
+/* 0x00b8	     ( 1  2) */		add	%o1,1,%o1
+/* 0x00bc	     ( 1  2) */		ble,a,pt	%icc,.L900000754	! tprob=0.87
+/* 0x00c0	     ( 3  4) */		std	%f2,[%o2]
+                                   .L77000284:		/* frequency 0.8 confidence 0.0 */
+/* 0x00c4	 202 ( 0  3) */		ldd	[%i1],%f0
+                                   .L900000755:		/* frequency 0.8 confidence 0.0 */
+/* 0x00c8	 202 ( 0  3) */		ldd	[%i0],%f2
+/* 0x00cc	     ( 0  1) */		add	%o7,1,%o2
+/* 0x00d0	 206 ( 0  1) */		cmp	%o7,0
+/* 0x00d4	     ( 1  2) */		sll	%o2,1,%o0
+/* 0x00d8	     ( 1  2) */		sub	%o7,1,%o1
+/* 0x00dc	 202 ( 2  5) */		fmuld	%f0,%f2,%f0
+/* 0x00e0	     ( 2  3) */		std	%f0,[%g5]
+/* 0x00e4	     ( 2  3) */		sub	%g1,1,%o7
+/* 0x00e8	     ( 3  6) */		ldd	[%g4],%f6
+/* 0x00ec	   0 ( 3  4) */		or	%g0,%o7,%g3
+/* 0x00f0	     ( 3  4) */		or	%g0,0,%l0
+/* 0x00f4	     ( 4  7) */		ldd	[%g4-8],%f2
+/* 0x00f8	     ( 4  5) */		or	%g0,0,%i5
+/* 0x00fc	     ( 4  5) */		or	%g0,%o1,%o5
+/* 0x0100	     ( 5  8) */		fdtox	%f0,%f0
+/* 0x0104	     ( 5  8) */		ldd	[%g4-16],%f4
+/* 0x0108	     ( 5  6) */		or	%g0,%o0,%o3
+/* 0x010c	 210 ( 6  7) */		add	%i0,8,%o4
+/* 0x0110	     ( 6  7) */		or	%g0,0,%i4
+/* 0x0114	     ( 9 10) */		fmovs	%f6,%f0
+/* 0x0118	     (11 14) */		fxtod	%f0,%f0
+/* 0x011c	 203 (14 17) */		fmuld	%f0,%f16,%f0
+/* 0x0120	     (17 20) */		fmuld	%f0,%f2,%f2
+/* 0x0124	     (20 23) */		fdtox	%f2,%f2
+/* 0x0128	     (23 26) */		fxtod	%f2,%f2
+/* 0x012c	     (26 29) */		fmuld	%f2,%f4,%f2
+/* 0x0130	     (29 32) */		fsubd	%f0,%f2,%f22
+/* 0x0134	 206 (29 30) */		ble,pt	%icc,.L900000748	! tprob=0.60
+/* 0x0138	     (29 30) */		sll	%g1,4,%g2
+/* 0x013c	 210 (30 33) */		ldd	[%i2],%f0
+                                   .L900000749:		/* frequency 5.3 confidence 0.0 */
+/* 0x0140	 210 ( 0  3) */		fmuld	%f0,%f22,%f8
+/* 0x0144	     ( 0  3) */		ldd	[%i1],%f0
+/* 0x0148	 214 ( 0  1) */		cmp	%g1,1
+/* 0x014c	 210 ( 1  4) */		ldd	[%o4+%i4],%f6
+/* 0x0150	     ( 1  2) */		add	%i1,8,%o0
+/* 0x0154	 214 ( 1  2) */		or	%g0,1,%o1
+/* 0x0158	 210 ( 2  5) */		ldd	[%i3],%f2
+/* 0x015c	     ( 2  3) */		add	%i3,16,%l1
+/* 0x0160	     ( 3  6) */		fmuld	%f0,%f6,%f6
+/* 0x0164	     ( 3  6) */		ldd	[%g4-8],%f4
+/* 0x0168	     ( 4  7) */		faddd	%f2,%f8,%f2
+/* 0x016c	     ( 4  7) */		ldd	[%i3+8],%f0
+/* 0x0170	 208 ( 5  8) */		ldd	[%i0+%i4],%f20
+/* 0x0174	 210 ( 6  9) */		faddd	%f0,%f6,%f0
+/* 0x0178	     ( 7 10) */		fmuld	%f2,%f4,%f2
+/* 0x017c	     (10 13) */		faddd	%f0,%f2,%f18
+/* 0x0180	 211 (10 11) */		std	%f18,[%i3+8]
+/* 0x0184	 214 (10 11) */		ble,pt	%icc,.L900000753	! tprob=0.54
+/* 0x0188	     (11 12) */		srl	%i5,31,%g2
+/* 0x018c	     (11 12) */		cmp	%g3,7
+/* 0x0190	 210 (12 13) */		add	%i2,8,%g2
+/* 0x0194	 214 (12 13) */		bl,pn	%icc,.L77000281	! tprob=0.36
+/* 0x0198	     (13 14) */		add	%g2,24,%o2
+/* 0x019c	 216 (13 16) */		ldd	[%o0+16],%f14
+/* 0x01a0	     (13 14) */		add	%i3,48,%l1
+/* 0x01a4	     (14 17) */		ldd	[%o0+24],%f12
+/* 0x01a8	   0 (14 15) */		or	%g0,%o2,%g2
+/* 0x01ac	 214 (14 15) */		sub	%g1,3,%o2
+/* 0x01b0	 216 (15 18) */		ldd	[%o0],%f2
+/* 0x01b4	     (15 16) */		or	%g0,5,%o1
+/* 0x01b8	     (16 19) */		ldd	[%g2-24],%f0
+/* 0x01bc	     (17 20) */		ldd	[%o0+8],%f6
+/* 0x01c0	     (17 20) */		fmuld	%f2,%f20,%f2
+/* 0x01c4	     (17 18) */		add	%o0,32,%o0
+/* 0x01c8	     (18 21) */		ldd	[%g2-16],%f8
+/* 0x01cc	     (18 21) */		fmuld	%f0,%f22,%f4
+/* 0x01d0	     (19 22) */		ldd	[%i3+16],%f0
+/* 0x01d4	     (19 22) */		fmuld	%f6,%f20,%f10
+/* 0x01d8	     (20 23) */		ldd	[%g2-8],%f6
+/* 0x01dc	     (21 24) */		faddd	%f2,%f4,%f4
+/* 0x01e0	     (21 24) */		ldd	[%i3+32],%f2
+                                   .L900000738:		/* frequency 512.0 confidence 0.0 */
+/* 0x01e4	 216 (16 24) */		ldd	[%g2],%f24
+/* 0x01e8	     (16 17) */		add	%o1,3,%o1
+/* 0x01ec	     (16 17) */		add	%g2,24,%g2
+/* 0x01f0	     (16 19) */		fmuld	%f8,%f22,%f8
+/* 0x01f4	     (17 25) */		ldd	[%l1],%f28
+/* 0x01f8	     (17 17) */		cmp	%o1,%o2
+/* 0x01fc	     (17 18) */		add	%o0,24,%o0
+/* 0x0200	     (18 26) */		ldd	[%o0-24],%f26
+/* 0x0204	     (18 21) */		faddd	%f0,%f4,%f0
+/* 0x0208	     (18 19) */		add	%l1,48,%l1
+/* 0x020c	     (19 22) */		faddd	%f10,%f8,%f10
+/* 0x0210	     (19 22) */		fmuld	%f14,%f20,%f4
+/* 0x0214	     (19 20) */		std	%f0,[%l1-80]
+/* 0x0218	     (20 28) */		ldd	[%g2-16],%f8
+/* 0x021c	     (20 23) */		fmuld	%f6,%f22,%f6
+/* 0x0220	     (21 29) */		ldd	[%l1-32],%f0
+/* 0x0224	     (22 30) */		ldd	[%o0-16],%f14
+/* 0x0228	     (22 25) */		faddd	%f2,%f10,%f2
+/* 0x022c	     (23 26) */		faddd	%f4,%f6,%f10
+/* 0x0230	     (23 26) */		fmuld	%f12,%f20,%f4
+/* 0x0234	     (23 24) */		std	%f2,[%l1-64]
+/* 0x0238	     (24 32) */		ldd	[%g2-8],%f6
+/* 0x023c	     (24 27) */		fmuld	%f24,%f22,%f24
+/* 0x0240	     (25 33) */		ldd	[%l1-16],%f2
+/* 0x0244	     (26 34) */		ldd	[%o0-8],%f12
+/* 0x0248	     (26 29) */		faddd	%f28,%f10,%f10
+/* 0x024c	     (27 28) */		std	%f10,[%l1-48]
+/* 0x0250	     (27 30) */		fmuld	%f26,%f20,%f10
+/* 0x0254	     (27 28) */		ble,pt	%icc,.L900000738	! tprob=0.50
+/* 0x0258	     (27 30) */		faddd	%f4,%f24,%f4
+                                   .L900000741:		/* frequency 64.0 confidence 0.0 */
+/* 0x025c	 216 ( 0  3) */		fmuld	%f8,%f22,%f28
+/* 0x0260	     ( 0  3) */		ldd	[%g2],%f24
+/* 0x0264	     ( 0  3) */		faddd	%f0,%f4,%f26
+/* 0x0268	     ( 1  4) */		fmuld	%f12,%f20,%f8
+/* 0x026c	     ( 1  2) */		add	%l1,32,%l1
+/* 0x0270	     ( 1  2) */		cmp	%o1,%g3
+/* 0x0274	     ( 2  5) */		fmuld	%f14,%f20,%f14
+/* 0x0278	     ( 2  5) */		ldd	[%l1-32],%f4
+/* 0x027c	     ( 2  3) */		add	%g2,8,%g2
+/* 0x0280	     ( 3  6) */		faddd	%f10,%f28,%f12
+/* 0x0284	     ( 3  6) */		fmuld	%f6,%f22,%f6
+/* 0x0288	     ( 3  6) */		ldd	[%l1-16],%f0
+/* 0x028c	     ( 4  7) */		fmuld	%f24,%f22,%f10
+/* 0x0290	     ( 4  5) */		std	%f26,[%l1-64]
+/* 0x0294	     ( 6  9) */		faddd	%f2,%f12,%f2
+/* 0x0298	     ( 6  7) */		std	%f2,[%l1-48]
+/* 0x029c	     ( 7 10) */		faddd	%f14,%f6,%f6
+/* 0x02a0	     ( 8 11) */		faddd	%f8,%f10,%f2
+/* 0x02a4	     (10 13) */		faddd	%f4,%f6,%f4
+/* 0x02a8	     (10 11) */		std	%f4,[%l1-32]
+/* 0x02ac	     (11 14) */		faddd	%f0,%f2,%f0
+/* 0x02b0	     (11 12) */		bg,pn	%icc,.L77000213	! tprob=0.13
+/* 0x02b4	     (11 12) */		std	%f0,[%l1-16]
+                                   .L77000281:		/* frequency 4.0 confidence 0.0 */
+/* 0x02b8	 216 ( 0  3) */		ldd	[%o0],%f0
+                                   .L900000752:		/* frequency 36.6 confidence 0.0 */
+/* 0x02bc	 216 ( 0  3) */		ldd	[%g2],%f4
+/* 0x02c0	     ( 0  3) */		fmuld	%f0,%f20,%f2
+/* 0x02c4	     ( 0  1) */		add	%o1,1,%o1
+/* 0x02c8	     ( 1  4) */		ldd	[%l1],%f0
+/* 0x02cc	     ( 1  2) */		add	%o0,8,%o0
+/* 0x02d0	     ( 1  2) */		add	%g2,8,%g2
+/* 0x02d4	     ( 2  5) */		fmuld	%f4,%f22,%f4
+/* 0x02d8	     ( 2  3) */		cmp	%o1,%g3
+/* 0x02dc	     ( 5  8) */		faddd	%f2,%f4,%f2
+/* 0x02e0	     ( 8 11) */		faddd	%f0,%f2,%f0
+/* 0x02e4	     ( 8  9) */		std	%f0,[%l1]
+/* 0x02e8	     ( 8  9) */		add	%l1,16,%l1
+/* 0x02ec	     ( 8  9) */		ble,a,pt	%icc,.L900000752	! tprob=0.87
+/* 0x02f0	     (10 13) */		ldd	[%o0],%f0
+                                   .L77000213:		/* frequency 5.3 confidence 0.0 */
+/* 0x02f4	     ( 0  1) */		srl	%i5,31,%g2
+                                   .L900000753:		/* frequency 5.3 confidence 0.0 */
+/* 0x02f8	 218 ( 0  1) */		cmp	%l0,30
+/* 0x02fc	     ( 0  1) */		bne,a,pt	%icc,.L900000751	! tprob=0.54
+/* 0x0300	     ( 0  3) */		fdtox	%f18,%f0
+/* 0x0304	     ( 1  2) */		add	%i5,%g2,%g2
+/* 0x0308	     ( 1  2) */		sub	%o3,1,%o2
+/* 0x030c	     ( 2  3) */		sra	%g2,1,%o0
+/* 0x0310	 216 ( 2  5) */		ldd	[%g4],%f0
+/* 0x0314	     ( 3  4) */		add	%o0,1,%g2
+/* 0x0318	     ( 4  5) */		sll	%g2,1,%o0
+/* 0x031c	     ( 4  5) */		fmovd	%f0,%f2
+/* 0x0320	     ( 5  6) */		sll	%g2,4,%o1
+/* 0x0324	     ( 5  6) */		cmp	%o0,%o3
+/* 0x0328	     ( 5  6) */		bge,pt	%icc,.L77000215	! tprob=0.53
+/* 0x032c	     ( 6  7) */		or	%g0,0,%l0
+/* 0x0330	 218 ( 6  7) */		add	%g5,%o1,%o1
+/* 0x0334	 216 ( 7 10) */		ldd	[%o1],%f8
+                                   .L900000750:		/* frequency 32.0 confidence 0.0 */
+/* 0x0338	     ( 0  3) */		fdtox	%f8,%f6
+/* 0x033c	     ( 0  3) */		ldd	[%g4],%f10
+/* 0x0340	     ( 0  1) */		add	%o0,2,%o0
+/* 0x0344	     ( 1  4) */		ldd	[%o1+8],%f4
+/* 0x0348	     ( 1  4) */		fdtox	%f8,%f8
+/* 0x034c	     ( 1  2) */		cmp	%o0,%o2
+/* 0x0350	     ( 5  6) */		fmovs	%f10,%f6
+/* 0x0354	     ( 7 10) */		fxtod	%f6,%f10
+/* 0x0358	     ( 8 11) */		fdtox	%f4,%f6
+/* 0x035c	     ( 9 12) */		fdtox	%f4,%f4
+/* 0x0360	     (10 13) */		faddd	%f10,%f2,%f2
+/* 0x0364	     (10 11) */		std	%f2,[%o1]
+/* 0x0368	     (12 15) */		ldd	[%g4],%f2
+/* 0x036c	     (14 15) */		fmovs	%f2,%f6
+/* 0x0370	     (16 19) */		fxtod	%f6,%f6
+/* 0x0374	     (17 20) */		fitod	%f8,%f2
+/* 0x0378	     (19 22) */		faddd	%f6,%f0,%f0
+/* 0x037c	     (19 20) */		std	%f0,[%o1+8]
+/* 0x0380	     (19 20) */		add	%o1,16,%o1
+/* 0x0384	     (20 23) */		fitod	%f4,%f0
+/* 0x0388	     (20 21) */		ble,a,pt	%icc,.L900000750	! tprob=0.87
+/* 0x038c	     (20 23) */		ldd	[%o1],%f8
+                                   .L77000233:		/* frequency 4.6 confidence 0.0 */
+/* 0x0390	     ( 0  0) */		or	%g0,0,%l0
+                                   .L77000215:		/* frequency 5.3 confidence 0.0 */
+/* 0x0394	     ( 0  3) */		fdtox	%f18,%f0
+                                   .L900000751:		/* frequency 5.3 confidence 0.0 */
+/* 0x0398	     ( 0  3) */		ldd	[%g4],%f6
+/* 0x039c	 220 ( 0  1) */		add	%i5,1,%i5
+/* 0x03a0	     ( 0  1) */		add	%i4,8,%i4
+/* 0x03a4	     ( 1  4) */		ldd	[%g4-8],%f2
+/* 0x03a8	     ( 1  2) */		add	%l0,1,%l0
+/* 0x03ac	     ( 1  2) */		add	%i3,8,%i3
+/* 0x03b0	     ( 2  3) */		fmovs	%f6,%f0
+/* 0x03b4	     ( 2  5) */		ldd	[%g4-16],%f4
+/* 0x03b8	     ( 2  3) */		cmp	%i5,%o5
+/* 0x03bc	     ( 4  7) */		fxtod	%f0,%f0
+/* 0x03c0	     ( 7 10) */		fmuld	%f0,%f16,%f0
+/* 0x03c4	     (10 13) */		fmuld	%f0,%f2,%f2
+/* 0x03c8	     (13 16) */		fdtox	%f2,%f2
+/* 0x03cc	     (16 19) */		fxtod	%f2,%f2
+/* 0x03d0	     (19 22) */		fmuld	%f2,%f4,%f2
+/* 0x03d4	     (22 25) */		fsubd	%f0,%f2,%f22
+/* 0x03d8	     (22 23) */		ble,a,pt	%icc,.L900000749	! tprob=0.89
+/* 0x03dc	     (22 25) */		ldd	[%i2],%f0
+                                   .L900000725:		/* frequency 0.7 confidence 0.0 */
+/* 0x03e0	 220 ( 0  1) */		ba	.L900000748	! tprob=1.00
+/* 0x03e4	     ( 0  1) */		sll	%g1,4,%g2
+
+	
+                                   .L77000289:		/* frequency 0.8 confidence 0.0 */
+/* 0x03e8	 225 ( 0  3) */		ldd	[%o1],%f6
+/* 0x03ec	 242 ( 0  1) */		add	%g4,-8,%g2
+/* 0x03f0	     ( 0  1) */		add	%g4,-16,%g3
+/* 0x03f4	 225 ( 1  4) */		ldd	[%i1],%f2
+/* 0x03f8	 245 ( 1  2) */		or	%g0,0,%o3
+/* 0x03fc	     ( 1  2) */		or	%g0,0,%o0
+/* 0x0400	 225 ( 3  6) */		fmuld	%f2,%f6,%f2
+/* 0x0404	     ( 3  4) */		std	%f2,[%o2]
+/* 0x0408	     ( 4  7) */		ldd	[%g4],%f6
+/* 0x040c	 237 ( 7  8) */		std	%f6,[%o2+8]
+/* 0x0410	     ( 8  9) */		std	%f6,[%o2+16]
+/* 0x0414	     ( 9 10) */		std	%f6,[%o2+24]
+/* 0x0418	     (10 11) */		std	%f6,[%o2+32]
+/* 0x041c	     (11 12) */		std	%f6,[%o2+40]
+/* 0x0420	     (12 13) */		std	%f6,[%o2+48]
+/* 0x0424	     (13 14) */		std	%f6,[%o2+56]
+/* 0x0428	     (14 15) */		std	%f6,[%o2+64]
+/* 0x042c	     (15 16) */		std	%f6,[%o2+72]
+!	prefetch	[%i4],0
+!	prefetch	[%i4+32],0
+!	prefetch	[%i4+64],0
+!	prefetch	[%i4+96],0
+!	prefetch	[%i4+120],0
+!	prefetch	[%i1],0
+!	prefetch	[%i1+32],0
+!	prefetch	[%i1+64],0
+!	prefetch	[%i1+96],0
+!	prefetch	[%i1+120],0
+/* 0x0430	     (16 17) */		std	%f6,[%o2+80]
+/* 0x0434	     (17 18) */		std	%f6,[%o2+88]
+/* 0x0438	     (18 19) */		std	%f6,[%o2+96]
+/* 0x043c	     (19 20) */		std	%f6,[%o2+104]
+/* 0x0440	     (20 21) */		std	%f6,[%o2+112]
+/* 0x0444	     (21 22) */		std	%f6,[%o2+120]
+/* 0x0448	     (22 23) */		std	%f6,[%o2+128]
+/* 0x044c	     (23 24) */		std	%f6,[%o2+136]
+/* 0x0450	     (24 25) */		std	%f6,[%o2+144]
+/* 0x0454	     (25 26) */		std	%f6,[%o2+152]
+/* 0x0458	     (26 27) */		std	%f6,[%o2+160]
+/* 0x045c	     (27 28) */		std	%f6,[%o2+168]
+/* 0x0460	     (27 30) */		fdtox	%f2,%f2
+/* 0x0464	     (28 29) */		std	%f6,[%o2+176]
+/* 0x0468	     (29 30) */		std	%f6,[%o2+184]
+/* 0x046c	     (30 31) */		std	%f6,[%o2+192]
+/* 0x0470	     (31 32) */		std	%f6,[%o2+200]
+/* 0x0474	     (32 33) */		std	%f6,[%o2+208]
+/* 0x0478	     (33 34) */		std	%f6,[%o2+216]
+/* 0x047c	     (34 35) */		std	%f6,[%o2+224]
+/* 0x0480	     (35 36) */		std	%f6,[%o2+232]
+/* 0x0484	     (36 37) */		std	%f6,[%o2+240]
+/* 0x0488	     (37 38) */		std	%f6,[%o2+248]
+/* 0x048c	     (38 39) */		std	%f6,[%o2+256]
+/* 0x0490	     (39 40) */		std	%f6,[%o2+264]
+/* 0x0494	     (40 41) */		std	%f6,[%o2+272]
+/* 0x0498	     (41 42) */		std	%f6,[%o2+280]
+/* 0x049c	     (42 43) */		std	%f6,[%o2+288]
+/* 0x04a0	     (43 44) */		std	%f6,[%o2+296]
+/* 0x04a4	     (44 45) */		std	%f6,[%o2+304]
+/* 0x04a8	     (45 46) */		std	%f6,[%o2+312]
+/* 0x04ac	     (46 47) */		std	%f6,[%o2+320]
+/* 0x04b0	     (47 48) */		std	%f6,[%o2+328]
+/* 0x04b4	     (48 49) */		std	%f6,[%o2+336]
+/* 0x04b8	     (49 50) */		std	%f6,[%o2+344]
+/* 0x04bc	     (50 51) */		std	%f6,[%o2+352]
+/* 0x04c0	     (51 52) */		std	%f6,[%o2+360]
+/* 0x04c4	     (52 53) */		std	%f6,[%o2+368]
+/* 0x04c8	     (53 54) */		std	%f6,[%o2+376]
+/* 0x04cc	     (54 55) */		std	%f6,[%o2+384]
+/* 0x04d0	     (55 56) */		std	%f6,[%o2+392]
+/* 0x04d4	     (56 57) */		std	%f6,[%o2+400]
+/* 0x04d8	     (57 58) */		std	%f6,[%o2+408]
+/* 0x04dc	     (58 59) */		std	%f6,[%o2+416]
+/* 0x04e0	     (59 60) */		std	%f6,[%o2+424]
+/* 0x04e4	     (60 61) */		std	%f6,[%o2+432]
+/* 0x04e8	     (61 62) */		std	%f6,[%o2+440]
+/* 0x04ec	     (62 63) */		std	%f6,[%o2+448]
+/* 0x04f0	     (63 64) */		std	%f6,[%o2+456]
+/* 0x04f4	     (64 65) */		std	%f6,[%o2+464]
+/* 0x04f8	     (65 66) */		std	%f6,[%o2+472]
+/* 0x04fc	     (66 67) */		std	%f6,[%o2+480]
+/* 0x0500	     (67 68) */		std	%f6,[%o2+488]
+/* 0x0504	     (68 69) */		std	%f6,[%o2+496]
+/* 0x0508	     (69 70) */		std	%f6,[%o2+504]
+/* 0x050c	     (70 71) */		std	%f6,[%o2+512]
+/* 0x0510	     (71 72) */		std	%f6,[%o2+520]
+/* 0x0514	 242 (72 75) */		ld	[%g4],%f2 ! dalign
+/* 0x0518	     (73 76) */		ld	[%g2],%f6 ! dalign
+/* 0x051c	     (74 77) */		fxtod	%f2,%f10
+/* 0x0520	     (74 77) */		ld	[%g2+4],%f7
+/* 0x0524	     (75 78) */		ld	[%g3],%f8 ! dalign
+/* 0x0528	     (76 79) */		ld	[%g3+4],%f9
+/* 0x052c	     (77 80) */		fmuld	%f10,%f0,%f0
+/* 0x0530	 239 (77 80) */		ldd	[%i4],%f4
+/* 0x0534	 240 (78 81) */		ldd	[%i1],%f2
+/* 0x0538	     (80 83) */		fmuld	%f0,%f6,%f6
+/* 0x053c	     (83 86) */		fdtox	%f6,%f6
+/* 0x0540	     (86 89) */		fxtod	%f6,%f6
+/* 0x0544	     (89 92) */		fmuld	%f6,%f8,%f6
+/* 0x0548	     (92 95) */		fsubd	%f0,%f6,%f0
+/* 0x054c	 250 (95 98) */		fmuld	%f4,%f0,%f10
+                                   .L900000747:		/* frequency 6.4 confidence 0.0 */
+
+
+	fmovd %f0,%f0
+	fmovd %f16,%f18
+	ldd [%i4],%f2
+	ldd [%o2],%f8
+	ldd [%i1],%f10
+	ldd [%g4-8],%f14
+	ldd [%g4-16],%f16
+	ldd [%o1],%f24
+
+	ldd [%i1+8],%f26
+	ldd [%i1+16],%f40
+	ldd [%i1+48],%f46
+	ldd [%i1+56],%f30
+	ldd [%i1+64],%f54
+	ldd [%i1+104],%f34
+	ldd [%i1+112],%f58
+
+	ldd [%i4+112],%f60
+	ldd [%i4+8],%f28	
+	ldd [%i4+104],%f38
+
+	nop
+	nop
+!
+	.L99999999:
+!1
+!!!
+	ldd	[%i1+24],%f32
+	fmuld	%f0,%f2,%f4
+!2
+!!!
+	ldd	[%i4+24],%f36
+	fmuld	%f26,%f24,%f20
+!3
+!!!
+	ldd	[%i1+40],%f42
+	fmuld	%f28,%f0,%f22
+!4
+!!!
+	ldd	[%i4+40],%f44
+	fmuld	%f32,%f24,%f32
+!5
+!!!
+	ldd	[%o1+8],%f6
+	faddd	%f4,%f8,%f4
+	fmuld	%f36,%f0,%f36
+!6
+!!!
+	add	%o1,8,%o1
+	ldd	[%i4+56],%f50
+	fmuld	%f42,%f24,%f42
+!7
+!!!
+	ldd	[%i1+72],%f52
+	faddd	%f20,%f22,%f20
+	fmuld	%f44,%f0,%f44
+!8
+!!!
+	ldd	[%o2+16],%f22
+	fmuld	%f10,%f6,%f12
+!9
+!!!
+	ldd	[%i4+72],%f56
+	faddd	%f32,%f36,%f32
+	fmuld	%f14,%f4,%f4
+!10
+!!!
+	ldd	[%o2+48],%f36
+	fmuld	%f30,%f24,%f48
+!11
+!!!
+	ldd	[%o2+8],%f8
+	faddd	%f20,%f22,%f20
+	fmuld	%f50,%f0,%f50	
+!12
+!!!
+	std	%f20,[%o2+16]
+	faddd	%f42,%f44,%f42
+	fmuld	%f52,%f24,%f52
+!13
+!!!
+	ldd	[%o2+80],%f44
+	faddd	%f4,%f12,%f4
+	fmuld	%f56,%f0,%f56
+!14
+!!!
+	ldd	[%i1+88],%f20
+	faddd	%f32,%f36,%f32
+!15
+!!!
+	ldd	[%i4+88],%f22
+	faddd	%f48,%f50,%f48
+!16
+!!!
+	ldd	[%o2+112],%f50
+	faddd	%f52,%f56,%f52
+!17
+!!!
+	ldd	[%o2+144],%f56
+	faddd	%f4,%f8,%f8
+	fmuld	%f20,%f24,%f20
+!18
+!!!
+	std	%f32,[%o2+48]
+	faddd	%f42,%f44,%f42
+	fmuld	%f22,%f0,%f22
+!19
+!!!
+	std	%f42,[%o2+80]
+	faddd	%f48,%f50,%f48
+	fmuld	%f34,%f24,%f32
+!20
+!!!
+	std	%f48,[%o2+112]
+	faddd	%f52,%f56,%f52
+	fmuld	%f38,%f0,%f36
+!21
+!!!
+	ldd	[%i1+120],%f42
+	fdtox	%f8,%f4
+!22
+!!!
+	std	%f52,[%o2+144]
+	faddd	%f20,%f22,%f20
+!23
+!!!
+	ldd	[%i4+120],%f44
+!24
+!!!
+	ldd	[%o2+176],%f22
+	faddd	%f32,%f36,%f32
+	fmuld	%f42,%f24,%f42
+!25
+!!!
+	ldd	[%i4+16],%f50
+	fmovs	%f17,%f4
+!26
+!!!
+	ldd	[%i1+32],%f52
+	fmuld	%f44,%f0,%f44
+!27
+!!!
+	ldd	[%i4+32],%f56
+	fmuld	%f40,%f24,%f48
+!28
+!!!
+	ldd	[%o2+208],%f36
+	faddd	%f20,%f22,%f20
+	fmuld	%f50,%f0,%f50
+!29
+!!!
+	std	%f20,[%o2+176]
+	fxtod	%f4,%f4
+	fmuld	%f52,%f24,%f52
+!30
+!!!
+	ldd	[%i4+48],%f22
+	faddd	%f42,%f44,%f42
+	fmuld	%f56,%f0,%f56
+!31
+!!!
+	ldd	[%o2+240],%f44
+	faddd	%f32,%f36,%f32
+!32
+!!!
+	std	%f32,[%o2+208]
+	faddd	%f48,%f50,%f48
+	fmuld	%f46,%f24,%f20
+!33
+!!!
+	ldd	[%o2+32],%f50
+	fmuld	%f4,%f18,%f12
+!34
+!!!
+	ldd	[%i4+64],%f36
+	faddd	%f52,%f56,%f52
+	fmuld	%f22,%f0,%f22
+!35
+!!!
+	ldd	[%o2+64],%f56
+	faddd	%f42,%f44,%f42
+!36
+!!!
+	std	%f42,[%o2+240]
+	faddd	%f48,%f50,%f48
+	fmuld	%f54,%f24,%f32
+!37
+!!!
+	std	%f48,[%o2+32]
+	fmuld	%f12,%f14,%f4
+!38
+!!!
+	ldd	[%i1+80],%f42
+	faddd	%f52,%f56,%f56	! yes, tmp52!
+	fmuld	%f36,%f0,%f36
+!39
+!!!
+	ldd	[%i4+80],%f44
+	faddd	%f20,%f22,%f20
+!40
+!!!
+	ldd	[%i1+96],%f48
+	fmuld	%f58,%f24,%f52
+!41
+!!!
+	ldd	[%i4+96],%f50
+	fdtox	%f4,%f4
+	fmuld	%f42,%f24,%f42
+!42
+!!!
+	std	%f56,[%o2+64]	! yes, tmp52!
+	faddd	%f32,%f36,%f32
+	fmuld	%f44,%f0,%f44
+!43
+!!!
+	ldd	[%o2+96],%f22
+	fmuld	%f48,%f24,%f48
+!44
+!!!
+	ldd	[%o2+128],%f36
+	fmovd	%f6,%f24
+	fmuld	%f50,%f0,%f50
+!45
+!!!
+	fxtod	%f4,%f4
+	fmuld	%f60,%f0,%f56
+!46
+!!!
+	add	%o2,8,%o2
+	faddd	%f42,%f44,%f42
+!47
+!!!
+	ldd	[%o2+160-8],%f44
+	faddd	%f20,%f22,%f20
+!48
+!!!
+	std	%f20,[%o2+96-8]
+	faddd	%f48,%f50,%f48
+!49
+!!!
+	ldd	[%o2+192-8],%f50
+	faddd	%f52,%f56,%f52
+	fmuld	%f4,%f16,%f4
+!50
+!!!
+	ldd	[%o2+224-8],%f56
+	faddd	%f32,%f36,%f32
+!51
+!!!
+	std	%f32,[%o2+128-8]
+	faddd	%f42,%f44,%f42
+!52
+	add	%o3,1,%o3
+	std	%f42,[%o2+160-8]
+	faddd	%f48,%f50,%f48
+!53
+!!!
+	cmp	%o3,31
+	std	%f48,[%o2+192-8]
+	faddd	%f52,%f56,%f52
+!54
+	std	%f52,[%o2+224-8]
+	ble,pt	%icc,.L99999999
+	fsubd	%f12,%f4,%f0
+
+
+
+!55
+	std %f8,[%o2]
+
+	
+	
+	
+	
+	
+	                                   .L77000285:		/* frequency 1.0 confidence 0.0 */
+/* 0x07a8	 279 ( 0  1) */		sll	%g1,4,%g2
+                                   .L900000748:		/* frequency 1.0 confidence 0.0 */
+/* 0x07ac	 279 ( 0  3) */		ldd	[%g5+%g2],%f0
+/* 0x07b0	     ( 0  1) */		add	%g5,%g2,%i1
+/* 0x07b4	     ( 0  1) */		or	%g0,0,%o4
+/* 0x07b8	 206 ( 1  4) */		ld	[%fp+68],%o0
+/* 0x07bc	 279 ( 1  2) */		or	%g0,0,%i0
+/* 0x07c0	     ( 1  2) */		cmp	%g1,0
+/* 0x07c4	     ( 2  5) */		fdtox	%f0,%f0
+/* 0x07c8	     ( 2  3) */		std	%f0,[%sp+120]
+/* 0x07cc	 275 ( 2  3) */		sethi	%hi(0xfc00),%o1
+/* 0x07d0	 206 ( 3  4) */		or	%g0,%o0,%o3
+/* 0x07d4	 275 ( 3  4) */		sub	%g1,1,%g4
+/* 0x07d8	 279 ( 4  7) */		ldd	[%i1+8],%f0
+/* 0x07dc	     ( 4  5) */		or	%g0,%o0,%g5
+/* 0x07e0	     ( 4  5) */		add	%o1,1023,%o1
+/* 0x07e4	     ( 6  9) */		fdtox	%f0,%f0
+/* 0x07e8	     ( 6  7) */		std	%f0,[%sp+112]
+/* 0x07ec	     (10 12) */		ldx	[%sp+112],%o5
+/* 0x07f0	     (11 13) */		ldx	[%sp+120],%o7
+/* 0x07f4	     (11 12) */		ble,pt	%icc,.L900000746	! tprob=0.56
+/* 0x07f8	     (11 12) */		sethi	%hi(0xfc00),%g2
+/* 0x07fc	 275 (12 13) */		or	%g0,-1,%g2
+/* 0x0800	 279 (12 13) */		cmp	%g1,3
+/* 0x0804	 275 (13 14) */		srl	%g2,0,%o2
+/* 0x0808	 279 (13 14) */		bl,pn	%icc,.L77000286	! tprob=0.44
+/* 0x080c	     (13 14) */		or	%g0,%i1,%g2
+/* 0x0810	     (14 17) */		ldd	[%i1+16],%f0
+/* 0x0814	     (14 15) */		and	%o5,%o1,%o0
+/* 0x0818	     (14 15) */		add	%i1,16,%g2
+/* 0x081c	     (15 16) */		sllx	%o0,16,%g3
+/* 0x0820	     (15 16) */		and	%o7,%o2,%o0
+/* 0x0824	     (16 19) */		fdtox	%f0,%f0
+/* 0x0828	     (16 17) */		std	%f0,[%sp+104]
+/* 0x082c	     (16 17) */		add	%o0,%g3,%o4
+/* 0x0830	     (17 20) */		ldd	[%i1+24],%f2
+/* 0x0834	     (17 18) */		srax	%o5,16,%o0
+/* 0x0838	     (17 18) */		add	%o3,4,%g5
+/* 0x083c	     (18 19) */		stx	%o0,[%sp+128]
+/* 0x0840	     (18 19) */		and	%o4,%o2,%o0
+/* 0x0844	     (18 19) */		or	%g0,1,%i0
+/* 0x0848	     (19 20) */		stx	%o0,[%sp+112]
+/* 0x084c	     (19 20) */		srax	%o4,32,%o0
+/* 0x0850	     (19 22) */		fdtox	%f2,%f0
+/* 0x0854	     (20 21) */		stx	%o0,[%sp+136]
+/* 0x0858	     (20 21) */		srax	%o7,32,%o4
+/* 0x085c	     (21 22) */		std	%f0,[%sp+96]
+/* 0x0860	     (22 24) */		ldx	[%sp+136],%o7
+/* 0x0864	     (23 25) */		ldx	[%sp+128],%o0
+/* 0x0868	     (25 27) */		ldx	[%sp+104],%g3
+/* 0x086c	     (25 26) */		add	%o0,%o7,%o0
+/* 0x0870	     (26 28) */		ldx	[%sp+112],%o7
+/* 0x0874	     (26 27) */		add	%o4,%o0,%o4
+/* 0x0878	     (27 29) */		ldx	[%sp+96],%o5
+/* 0x087c	     (28 29) */		st	%o7,[%o3]
+/* 0x0880	     (28 29) */		or	%g0,%g3,%o7
+                                   .L900000730:		/* frequency 64.0 confidence 0.0 */
+/* 0x0884	     (17 19) */		ldd	[%g2+16],%f0
+/* 0x0888	     (17 18) */		add	%i0,1,%i0
+/* 0x088c	     (17 18) */		add	%g5,4,%g5
+/* 0x0890	     (18 18) */		cmp	%i0,%g4
+/* 0x0894	     (18 19) */		add	%g2,16,%g2
+/* 0x0898	     (19 22) */		fdtox	%f0,%f0
+/* 0x089c	     (20 21) */		std	%f0,[%sp+104]
+/* 0x08a0	     (21 23) */		ldd	[%g2+8],%f0
+/* 0x08a4	     (23 26) */		fdtox	%f0,%f0
+/* 0x08a8	     (24 25) */		std	%f0,[%sp+96]
+/* 0x08ac	     (25 26) */		and	%o5,%o1,%g3
+/* 0x08b0	     (26 27) */		sllx	%g3,16,%g3
+/* 0x08b4	     ( 0  0) */		stx	%g3,[%sp+120]
+/* 0x08b8	     (26 27) */		and	%o7,%o2,%g3
+/* 0x08bc	     ( 0  0) */		stx	%o7,[%sp+128]
+/* 0x08c0	     ( 0  0) */		ldx	[%sp+120],%o7
+/* 0x08c4	     (27 27) */		add	%g3,%o7,%g3
+/* 0x08c8	     ( 0  0) */		ldx	[%sp+128],%o7
+/* 0x08cc	     (28 29) */		srax	%o5,16,%o5
+/* 0x08d0	     (28 28) */		add	%g3,%o4,%g3
+/* 0x08d4	     (29 30) */		srax	%g3,32,%o4
+/* 0x08d8	     ( 0  0) */		stx	%o4,[%sp+112]
+/* 0x08dc	     (30 31) */		srax	%o7,32,%o4
+/* 0x08e0	     ( 0  0) */		ldx	[%sp+112],%o7
+/* 0x08e4	     (30 31) */		add	%o5,%o7,%o7
+/* 0x08e8	     (31 33) */		ldx	[%sp+96],%o5
+/* 0x08ec	     (31 32) */		add	%o4,%o7,%o4
+/* 0x08f0	     (32 33) */		and	%g3,%o2,%g3
+/* 0x08f4	     ( 0  0) */		ldx	[%sp+104],%o7
+/* 0x08f8	     (33 34) */		ble,pt	%icc,.L900000730	! tprob=0.50
+/* 0x08fc	     (33 34) */		st	%g3,[%g5-4]
+                                   .L900000733:		/* frequency 8.0 confidence 0.0 */
+/* 0x0900	     ( 0  1) */		ba	.L900000746	! tprob=1.00
+/* 0x0904	     ( 0  1) */		sethi	%hi(0xfc00),%g2
+                                   .L77000286:		/* frequency 0.7 confidence 0.0 */
+/* 0x0908	     ( 0  3) */		ldd	[%g2+16],%f0
+                                   .L900000745:		/* frequency 6.4 confidence 0.0 */
+/* 0x090c	     ( 0  1) */		and	%o7,%o2,%o0
+/* 0x0910	     ( 0  1) */		and	%o5,%o1,%g3
+/* 0x0914	     ( 0  3) */		fdtox	%f0,%f0
+/* 0x0918	     ( 1  2) */		add	%o4,%o0,%o0
+/* 0x091c	     ( 1  2) */		std	%f0,[%sp+104]
+/* 0x0920	     ( 1  2) */		add	%i0,1,%i0
+/* 0x0924	     ( 2  3) */		sllx	%g3,16,%o4
+/* 0x0928	     ( 2  5) */		ldd	[%g2+24],%f2
+/* 0x092c	     ( 2  3) */		add	%g2,16,%g2
+/* 0x0930	     ( 3  4) */		add	%o0,%o4,%o4
+/* 0x0934	     ( 3  4) */		cmp	%i0,%g4
+/* 0x0938	     ( 4  5) */		srax	%o5,16,%o0
+/* 0x093c	     ( 4  5) */		stx	%o0,[%sp+112]
+/* 0x0940	     ( 4  5) */		and	%o4,%o2,%g3
+/* 0x0944	     ( 5  6) */		srax	%o4,32,%o5
+/* 0x0948	     ( 5  8) */		fdtox	%f2,%f0
+/* 0x094c	     ( 5  6) */		std	%f0,[%sp+96]
+/* 0x0950	     ( 6  7) */		srax	%o7,32,%o4
+/* 0x0954	     ( 6  8) */		ldx	[%sp+112],%o7
+/* 0x0958	     ( 8  9) */		add	%o7,%o5,%o7
+/* 0x095c	     ( 9 11) */		ldx	[%sp+104],%o5
+/* 0x0960	     ( 9 10) */		add	%o4,%o7,%o4
+/* 0x0964	     (10 12) */		ldx	[%sp+96],%o0
+/* 0x0968	     (11 12) */		st	%g3,[%g5]
+/* 0x096c	     (11 12) */		or	%g0,%o5,%o7
+/* 0x0970	     (11 12) */		add	%g5,4,%g5
+/* 0x0974	     (12 13) */		or	%g0,%o0,%o5
+/* 0x0978	     (12 13) */		ble,a,pt	%icc,.L900000745	! tprob=0.86
+/* 0x097c	     (12 15) */		ldd	[%g2+16],%f0
+                                   .L77000236:		/* frequency 1.0 confidence 0.0 */
+/* 0x0980	     ( 0  1) */		sethi	%hi(0xfc00),%g2
+                                   .L900000746:		/* frequency 1.0 confidence 0.0 */
+/* 0x0984	     ( 0  1) */		or	%g0,-1,%o0
+/* 0x0988	     ( 0  1) */		add	%g2,1023,%g2
+/* 0x098c	     ( 0  3) */		ld	[%fp+88],%o1
+/* 0x0990	     ( 1  2) */		srl	%o0,0,%g3
+/* 0x0994	     ( 1  2) */		and	%o5,%g2,%g2
+/* 0x0998	     ( 2  3) */		and	%o7,%g3,%g4
+/* 0x099c	 281 ( 2  3) */		or	%g0,-1,%o5
+/* 0x09a0	 275 ( 3  4) */		sllx	%g2,16,%g2
+/* 0x09a4	     ( 3  4) */		add	%o4,%g4,%g4
+/* 0x09a8	     ( 4  5) */		add	%g4,%g2,%g2
+/* 0x09ac	     ( 5  6) */		sll	%i0,2,%g4
+/* 0x09b0	     ( 5  6) */		and	%g2,%g3,%g2
+/* 0x09b4	     ( 6  7) */		st	%g2,[%o3+%g4]
+/* 0x09b8	 281 ( 6  7) */		sll	%g1,2,%g2
+/* 0x09bc	     ( 7 10) */		ld	[%o3+%g2],%g2
+/* 0x09c0	     ( 9 10) */		cmp	%g2,0
+/* 0x09c4	     ( 9 10) */		bleu,pn	%icc,.L77000241	! tprob=0.50
+/* 0x09c8	     ( 9 10) */		or	%g0,%o1,%o2
+/* 0x09cc	     (10 11) */		ba	.L900000744	! tprob=1.00
+/* 0x09d0	     (10 11) */		cmp	%o5,0
+                                   .L77000241:		/* frequency 0.8 confidence 0.0 */
+/* 0x09d4	     ( 0  1) */		subcc	%g1,1,%o5
+/* 0x09d8	     ( 0  1) */		bneg,pt	%icc,.L900000744	! tprob=0.60
+/* 0x09dc	     ( 1  2) */		cmp	%o5,0
+/* 0x09e0	     ( 1  2) */		sll	%o5,2,%g2
+/* 0x09e4	     ( 2  3) */		add	%o1,%g2,%o0
+/* 0x09e8	     ( 2  3) */		add	%o3,%g2,%o4
+/* 0x09ec	     ( 3  6) */		ld	[%o0],%g2
+                                   .L900000743:		/* frequency 5.3 confidence 0.0 */
+/* 0x09f0	     ( 0  3) */		ld	[%o4],%g3
+/* 0x09f4	     ( 0  1) */		add	%o0,4,%o0
+/* 0x09f8	     ( 0  1) */		add	%o4,4,%o4
+/* 0x09fc	     ( 2  3) */		cmp	%g3,%g2
+/* 0x0a00	     ( 2  3) */		bne,pn	%icc,.L77000244	! tprob=0.16
+/* 0x0a04	     ( 2  3) */		nop
+/* 0x0a08	     ( 3  4) */		addcc	%o5,1,%o5
+/* 0x0a0c	     ( 3  4) */		bpos,a,pt	%icc,.L900000743	! tprob=0.84
+/* 0x0a10	     ( 3  6) */		ld	[%o0],%g2
+                                   .L77000244:		/* frequency 1.0 confidence 0.0 */
+/* 0x0a14	     ( 0  1) */		cmp	%o5,0
+                                   .L900000744:		/* frequency 1.0 confidence 0.0 */
+/* 0x0a18	     ( 0  1) */		bl,pn	%icc,.L77000287	! tprob=0.50
+/* 0x0a1c	     ( 0  1) */		sll	%o5,2,%g2
+/* 0x0a20	     ( 1  4) */		ld	[%o2+%g2],%g3
+/* 0x0a24	     ( 2  5) */		ld	[%o3+%g2],%g2
+/* 0x0a28	     ( 4  5) */		cmp	%g2,%g3
+/* 0x0a2c	     ( 4  5) */		bleu,pt	%icc,.L77000224	! tprob=0.56
+/* 0x0a30	     ( 4  5) */		nop
+                                   .L77000287:		/* frequency 0.8 confidence 0.0 */
+/* 0x0a34	     ( 0  1) */		cmp	%g1,0
+/* 0x0a38	     ( 0  1) */		ble,pt	%icc,.L77000224	! tprob=0.60
+/* 0x0a3c	     ( 0  1) */		nop
+/* 0x0a40	 281 ( 1  2) */		sub	%g1,1,%o7
+/* 0x0a44	     ( 1  2) */		or	%g0,-1,%g2
+/* 0x0a48	     ( 2  3) */		srl	%g2,0,%o4
+/* 0x0a4c	     ( 2  3) */		add	%o7,1,%o0
+/* 0x0a50	 279 ( 3  4) */		or	%g0,0,%o5
+/* 0x0a54	     ( 3  4) */		or	%g0,0,%g1
+/* 0x0a58	     ( 4  5) */		cmp	%o0,3
+/* 0x0a5c	     ( 4  5) */		bl,pn	%icc,.L77000288	! tprob=0.40
+/* 0x0a60	     ( 4  5) */		add	%o3,8,%o1
+/* 0x0a64	     ( 5  6) */		add	%o2,4,%o0
+/* 0x0a68	     ( 5  8) */		ld	[%o1-8],%g2
+/* 0x0a6c	   0 ( 5  6) */		or	%g0,%o1,%o3
+/* 0x0a70	 279 ( 6  9) */		ld	[%o0-4],%g3
+/* 0x0a74	   0 ( 6  7) */		or	%g0,%o0,%o2
+/* 0x0a78	 279 ( 6  7) */		or	%g0,2,%g1
+/* 0x0a7c	     ( 7 10) */		ld	[%o3-4],%o0
+/* 0x0a80	     ( 8  9) */		sub	%g2,%g3,%g2
+/* 0x0a84	     ( 9 10) */		or	%g0,%g2,%o5
+/* 0x0a88	     ( 9 10) */		and	%g2,%o4,%g2
+/* 0x0a8c	     ( 9 10) */		st	%g2,[%o3-8]
+/* 0x0a90	     (10 11) */		srax	%o5,32,%o5
+                                   .L900000734:		/* frequency 64.0 confidence 0.0 */
+/* 0x0a94	     (12 20) */		ld	[%o2],%g2
+/* 0x0a98	     (12 13) */		add	%g1,1,%g1
+/* 0x0a9c	     (12 13) */		add	%o2,4,%o2
+/* 0x0aa0	     (13 13) */		cmp	%g1,%o7
+/* 0x0aa4	     (13 14) */		add	%o3,4,%o3
+/* 0x0aa8	     (14 14) */		sub	%o0,%g2,%o0
+/* 0x0aac	     (15 15) */		add	%o0,%o5,%o5
+/* 0x0ab0	     (16 17) */		and	%o5,%o4,%g2
+/* 0x0ab4	     (16 24) */		ld	[%o3-4],%o0
+/* 0x0ab8	     (17 18) */		st	%g2,[%o3-8]
+/* 0x0abc	     (17 18) */		ble,pt	%icc,.L900000734	! tprob=0.50
+/* 0x0ac0	     (17 18) */		srax	%o5,32,%o5
+                                   .L900000737:		/* frequency 8.0 confidence 0.0 */
+/* 0x0ac4	     ( 0  3) */		ld	[%o2],%o1
+/* 0x0ac8	     ( 2  3) */		sub	%o0,%o1,%o0
+/* 0x0acc	     ( 3  4) */		add	%o0,%o5,%o0
+/* 0x0ad0	     ( 4  5) */		and	%o0,%o4,%o1
+/* 0x0ad4	     ( 4  5) */		st	%o1,[%o3-4]
+/* 0x0ad8	     ( 5  7) */		ret	! Result = 
+/* 0x0adc	     ( 7  8) */		restore	%g0,%g0,%g0
+                                   .L77000288:		/* frequency 0.6 confidence 0.0 */
+/* 0x0ae0	     ( 0  3) */		ld	[%o3],%o0
+                                   .L900000742:		/* frequency 5.3 confidence 0.0 */
+/* 0x0ae4	     ( 0  3) */		ld	[%o2],%o1
+/* 0x0ae8	     ( 0  1) */		add	%o5,%o0,%o0
+/* 0x0aec	     ( 0  1) */		add	%g1,1,%g1
+/* 0x0af0	     ( 1  2) */		add	%o2,4,%o2
+/* 0x0af4	     ( 1  2) */		cmp	%g1,%o7
+/* 0x0af8	     ( 2  3) */		sub	%o0,%o1,%o0
+/* 0x0afc	     ( 3  4) */		and	%o0,%o4,%o1
+/* 0x0b00	     ( 3  4) */		st	%o1,[%o3]
+/* 0x0b04	     ( 3  4) */		add	%o3,4,%o3
+/* 0x0b08	     ( 4  5) */		srax	%o0,32,%o5
+/* 0x0b0c	     ( 4  5) */		ble,a,pt	%icc,.L900000742	! tprob=0.84
+/* 0x0b10	     ( 4  7) */		ld	[%o3],%o0
+                                   .L77000224:		/* frequency 1.0 confidence 0.0 */
+/* 0x0b14	     ( 0  2) */		ret	! Result = 
+/* 0x0b18	     ( 2  3) */		restore	%g0,%g0,%g0
+/* 0x0b1c	   0 ( 0  0) */		.type	mont_mulf_noconv,2
+/* 0x0b1c	     ( 0  0) */		.size	mont_mulf_noconv,(.-mont_mulf_noconv)
+
diff --git a/security/nss/lib/freebl/mpi/montmulfv8.il b/security/nss/lib/freebl/mpi/montmulfv8.il
new file mode 100644
index 000000000..27ce26a77
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/montmulfv8.il
@@ -0,0 +1,141 @@
+!  
+! ***** BEGIN LICENSE BLOCK *****
+! Version: MPL 1.1/GPL 2.0/LGPL 2.1
+!
+! The contents of this file are subject to the Mozilla Public License Version
+! 1.1 (the "License"); you may not use this file except in compliance with
+! the License. You may obtain a copy of the License at
+! http://www.mozilla.org/MPL/
+!
+! Software distributed under the License is distributed on an "AS IS" basis,
+! WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+! for the specific language governing rights and limitations under the
+! License.
+!
+! The Original Code is inline macros for SPARC Montgomery multiply functions.
+!
+! The Initial Developer of the Original Code is
+! Sun Microsystems Inc.
+! Portions created by the Initial Developer are Copyright (C) 1999-2000
+! the Initial Developer. All Rights Reserved.
+!
+! Contributor(s):
+!
+! Alternatively, the contents of this file may be used under the terms of
+! either the GNU General Public License Version 2 or later (the "GPL"), or
+! the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+! in which case the provisions of the GPL or the LGPL are applicable instead
+! of those above. If you wish to allow use of your version of this file only
+! under the terms of either the GPL or the LGPL, and not to allow others to
+! use your version of this file under the terms of the MPL, indicate your
+! decision by deleting the provisions above and replace them with the notice
+! and other provisions required by the GPL or the LGPL. If you do not delete
+! the provisions above, a recipient may use your version of this file under
+! the terms of any one of the MPL, the GPL or the LGPL.
+!
+! ***** END LICENSE BLOCK *****
+! $Id$
+
+!
+! double upper32(double /*frs1*/);
+!
+        .inline upper32,8
+        std     %o0,[%sp+0x48]
+        ldd     [%sp+0x48],%f10
+
+	fdtox	%f10,%f10
+	fitod	%f10,%f0
+        .end
+
+!
+! double lower32(double /*frs1*/, double /* Zero */);
+!
+        .inline lower32,8
+        std     %o0,[%sp+0x48]
+        ldd     [%sp+0x48],%f10
+        std     %o2,[%sp+0x48]
+        ldd     [%sp+0x48],%f12
+
+	fdtox	%f10,%f10
+	fmovs	%f12,%f10
+	fxtod	%f10,%f0
+        .end
+
+!
+! double mod(double /*x*/, double /*1/m*/, double /*m*/);
+!
+        .inline mod,12
+        std     %o0,[%sp+0x48]
+        ldd     [%sp+0x48],%f2
+        std     %o2,[%sp+0x48]
+        ldd     [%sp+0x48],%f4
+        std     %o4,[%sp+0x48]
+        ldd     [%sp+0x48],%f6
+
+	fmuld	%f2,%f4,%f4
+	fdtox	%f4,%f4
+	fxtod	%f4,%f4
+	fmuld	%f4,%f6,%f4
+	fsubd	%f2,%f4,%f0
+        .end
+
+
+!
+! void i16_to_d16_and_d32x4(double * /*1/(2^16)*/, double * /* 2^16*/,
+!			    double * /* 0 */,
+!			    double * /*result16*/, double * /* result32 */
+!			    float *  /*source - should be unsigned int*
+!		            	       converted to float* */);
+!
+        .inline i16_to_d16_and_d32x4,24
+        ldd     [%o0],%f2  ! 1/(2^16)
+        ldd     [%o1],%f4  ! 2^16
+	ldd	[%o2],%f22
+
+	fmovd	%f22,%f6
+	ld	[%o5],%f7
+	fmovd	%f22,%f10
+	ld	[%o5+4],%f11
+	fmovd	%f22,%f14
+	ld	[%o5+8],%f15
+	fmovd	%f22,%f18
+	ld	[%o5+12],%f19
+	fxtod	%f6,%f6
+	std	%f6,[%o4]
+	fxtod	%f10,%f10
+	std	%f10,[%o4+8]
+	fxtod	%f14,%f14
+	std	%f14,[%o4+16]
+	fxtod	%f18,%f18
+	std	%f18,[%o4+24]
+	fmuld	%f2,%f6,%f8
+	fmuld	%f2,%f10,%f12
+	fmuld	%f2,%f14,%f16
+	fmuld	%f2,%f18,%f20
+	fdtox	%f8,%f8
+	fdtox	%f12,%f12
+	fdtox	%f16,%f16
+	fdtox	%f20,%f20
+	fxtod	%f8,%f8
+	std	%f8,[%o3+8]
+	fxtod	%f12,%f12
+	std	%f12,[%o3+24]
+	fxtod	%f16,%f16
+	std	%f16,[%o3+40]
+	fxtod	%f20,%f20
+	std	%f20,[%o3+56]
+	fmuld	%f8,%f4,%f8
+	fmuld	%f12,%f4,%f12
+	fmuld	%f16,%f4,%f16
+	fmuld	%f20,%f4,%f20
+	fsubd	%f6,%f8,%f8
+	std	%f8,[%o3]
+	fsubd	%f10,%f12,%f12
+	std	%f12,[%o3+16]
+	fsubd	%f14,%f16,%f16
+	std	%f16,[%o3+32]
+	fsubd	%f18,%f20,%f20
+	std	%f20,[%o3+48]
+        .end
+
+
diff --git a/security/nss/lib/freebl/mpi/montmulfv8.s b/security/nss/lib/freebl/mpi/montmulfv8.s
new file mode 100644
index 000000000..25dcad322
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/montmulfv8.s
@@ -0,0 +1,1850 @@
+!  
+! ***** BEGIN LICENSE BLOCK *****
+! Version: MPL 1.1/GPL 2.0/LGPL 2.1
+!
+! The contents of this file are subject to the Mozilla Public License Version
+! 1.1 (the "License"); you may not use this file except in compliance with
+! the License. You may obtain a copy of the License at
+! http://www.mozilla.org/MPL/
+!
+! Software distributed under the License is distributed on an "AS IS" basis,
+! WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+! for the specific language governing rights and limitations under the
+! License.
+!
+! The Original Code is SPARC hand-optimized Montgomery multiply functions.
+!
+! The Initial Developer of the Original Code is
+! Sun Microsystems Inc.
+! Portions created by the Initial Developer are Copyright (C) 1999-2000
+! the Initial Developer. All Rights Reserved.
+!
+! Contributor(s):
+!
+! Alternatively, the contents of this file may be used under the terms of
+! either the GNU General Public License Version 2 or later (the "GPL"), or
+! the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+! in which case the provisions of the GPL or the LGPL are applicable instead
+! of those above. If you wish to allow use of your version of this file only
+! under the terms of either the GPL or the LGPL, and not to allow others to
+! use your version of this file under the terms of the MPL, indicate your
+! decision by deleting the provisions above and replace them with the notice
+! and other provisions required by the GPL or the LGPL. If you do not delete
+! the provisions above, a recipient may use your version of this file under
+! the terms of any one of the MPL, the GPL or the LGPL.
+!
+! ***** END LICENSE BLOCK *****
+
+	.section	".text",#alloc,#execinstr
+	.file	"montmulf.c"
+
+	.section	".rodata",#alloc
+	.global	TwoTo16
+	.align	8
+!
+! CONSTANT POOL
+!
+	.global TwoTo16
+TwoTo16:
+	.word	1089470464
+	.word	0
+	.type	TwoTo16,#object
+	.size	TwoTo16,8
+	.global	TwoToMinus16
+!
+! CONSTANT POOL
+!
+	.global TwoToMinus16
+TwoToMinus16:
+	.word	1055916032
+	.word	0
+	.type	TwoToMinus16,#object
+	.size	TwoToMinus16,8
+	.global	Zero
+!
+! CONSTANT POOL
+!
+	.global Zero
+Zero:
+	.word	0
+	.word	0
+	.type	Zero,#object
+	.size	Zero,8
+	.global	TwoTo32
+!
+! CONSTANT POOL
+!
+	.global TwoTo32
+TwoTo32:
+	.word	1106247680
+	.word	0
+	.type	TwoTo32,#object
+	.size	TwoTo32,8
+	.global	TwoToMinus32
+!
+! CONSTANT POOL
+!
+	.global TwoToMinus32
+TwoToMinus32:
+	.word	1039138816
+	.word	0
+	.type	TwoToMinus32,#object
+	.size	TwoToMinus32,8
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 */		.align	4
+!
+! SUBROUTINE conv_d16_to_i32
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION
+
+                       	.global conv_d16_to_i32
+                       conv_d16_to_i32:
+/* 000000	     */		save	%sp,-128,%sp
+! FILE montmulf.c
+
+!   36		      !#define RF_INLINE_MACROS
+!   38		      !static const double TwoTo16=65536.0;
+!   39		      !static const double TwoToMinus16=1.0/65536.0;
+!   40		      !static const double Zero=0.0;
+!   41		      !static const double TwoTo32=65536.0*65536.0;
+!   42		      !static const double TwoToMinus32=1.0/(65536.0*65536.0);
+!   44		      !#ifdef RF_INLINE_MACROS
+!   46		      !double upper32(double);
+!   47		      !double lower32(double, double);
+!   48		      !double mod(double, double, double);
+!   50		      !void i16_to_d16_and_d32x4(const double * /*1/(2^16)*/, 
+!   51		      !			  const double * /* 2^16*/,
+!   52		      !			  const double * /* 0 */,
+!   53		      !			  double *       /*result16*/, 
+!   54		      !			  double *       /* result32 */,
+!   55		      !			  float *  /*source - should be unsigned int*
+!   56		      !		          	       converted to float* */);
+!   58		      !#else
+!   60		      !static double upper32(double x)
+!   61		      !{
+!   62		      !  return floor(x*TwoToMinus32);
+!   63		      !}
+!   65		      !static double lower32(double x, double y)
+!   66		      !{
+!   67		      !  return x-TwoTo32*floor(x*TwoToMinus32);
+!   68		      !}
+!   70		      !static double mod(double x, double oneoverm, double m)
+!   71		      !{
+!   72		      !  return x-m*floor(x*oneoverm);
+!   73		      !}
+!   75		      !#endif
+!   78		      !static void cleanup(double *dt, int from, int tlen)
+!   79		      !{
+!   80		      ! int i;
+!   81		      ! double tmp,tmp1,x,x1;
+!   83		      ! tmp=tmp1=Zero;
+!   84		      ! /* original code **
+!   85		      ! for(i=2*from;i<2*tlen-2;i++)
+!   86		      !   {
+!   87		      !     x=dt[i];
+!   88		      !     dt[i]=lower32(x,Zero)+tmp1;
+!   89		      !     tmp1=tmp;
+!   90		      !     tmp=upper32(x);
+!   91		      !   }
+!   92		      ! dt[tlen-2]+=tmp1;
+!   93		      ! dt[tlen-1]+=tmp;
+!   94		      ! **end original code ***/
+!   95		      ! /* new code ***/
+!   96		      ! for(i=2*from;i<2*tlen;i+=2)
+!   97		      !   {
+!   98		      !     x=dt[i];
+!   99		      !     x1=dt[i+1];
+!  100		      !     dt[i]=lower32(x,Zero)+tmp;
+!  101		      !     dt[i+1]=lower32(x1,Zero)+tmp1;
+!  102		      !     tmp=upper32(x);
+!  103		      !     tmp1=upper32(x1);
+!  104		      !   }
+!  105		      !  /** end new code **/
+!  106		      !}
+!  109		      !void conv_d16_to_i32(unsigned int *i32, double *d16, long long *tmp, int ilen)
+!  110		      !{
+!  111		      !int i;
+!  112		      !long long t, t1, a, b, c, d;
+!  114		      ! t1=0;
+!  115		      ! a=(long long)d16[0];
+
+/* 0x0004	 115 */		ldd	[%i1],%f0
+/* 0x0008	 110 */		or	%g0,%i1,%o0
+
+!  116		      ! b=(long long)d16[1];
+!  117		      ! for(i=0; i<ilen-1; i++)
+
+/* 0x000c	 117 */		sub	%i3,1,%g2
+/* 0x0010	     */		cmp	%g2,0
+/* 0x0014	 114 */		or	%g0,0,%o4
+/* 0x0018	 115 */		fdtox	%f0,%f0
+/* 0x001c	     */		std	%f0,[%sp+120]
+/* 0x0020	 117 */		or	%g0,0,%o7
+/* 0x0024	 110 */		or	%g0,%i3,%o1
+/* 0x0028	     */		sub	%i3,2,%o2
+/* 0x002c	 116 */		ldd	[%o0+8],%f0
+/* 0x0030	 110 */		sethi	%hi(0xfc00),%o1
+/* 0x0034	     */		add	%o2,1,%g3
+/* 0x0038	     */		add	%o1,1023,%o1
+/* 0x003c	     */		or	%g0,%i0,%o5
+/* 0x0040	 116 */		fdtox	%f0,%f0
+/* 0x0044	     */		std	%f0,[%sp+112]
+/* 0x0048	     */		ldx	[%sp+112],%g1
+/* 0x004c	 115 */		ldx	[%sp+120],%g4
+/* 0x0050	 117 */		ble,pt	%icc,.L900000117
+/* 0x0054	     */		sethi	%hi(0xfc00),%g2
+/* 0x0058	 110 */		or	%g0,-1,%g2
+/* 0x005c	 117 */		cmp	%g3,3
+/* 0x0060	 110 */		srl	%g2,0,%o3
+/* 0x0064	 117 */		bl,pn	%icc,.L77000134
+/* 0x0068	     */		or	%g0,%o0,%g2
+
+!  118		      !   {
+!  119		      !     c=(long long)d16[2*i+2];
+
+/* 0x006c	 119 */		ldd	[%o0+16],%f0
+
+!  120		      !     t1+=a&0xffffffff;
+!  121		      !     t=(a>>32);
+!  122		      !     d=(long long)d16[2*i+3];
+!  123		      !     t1+=(b&0xffff)<<16;
+!  124		      !     t+=(b>>16)+(t1>>32);
+!  125		      !     i32[i]=t1&0xffffffff;
+!  126		      !     t1=t;
+!  127		      !     a=c;
+!  128		      !     b=d;
+
+/* 0x0070	 128 */		add	%o0,16,%g2
+/* 0x0074	 123 */		and	%g1,%o1,%o0
+/* 0x0078	     */		sllx	%o0,16,%g3
+/* 0x007c	 120 */		and	%g4,%o3,%o0
+/* 0x0080	 117 */		add	%o0,%g3,%o4
+/* 0x0084	 119 */		fdtox	%f0,%f0
+/* 0x0088	     */		std	%f0,[%sp+104]
+/* 0x008c	 125 */		and	%o4,%o3,%g5
+/* 0x0090	 122 */		ldd	[%g2+8],%f2
+/* 0x0094	 128 */		add	%o5,4,%o5
+/* 0x0098	 124 */		srax	%o4,32,%o4
+/* 0x009c	     */		stx	%o4,[%sp+112]
+/* 0x00a0	 122 */		fdtox	%f2,%f0
+/* 0x00a4	     */		std	%f0,[%sp+96]
+/* 0x00a8	 124 */		srax	%g1,16,%o0
+/* 0x00ac	     */		ldx	[%sp+112],%o7
+/* 0x00b0	 121 */		srax	%g4,32,%o4
+/* 0x00b4	 124 */		add	%o0,%o7,%g4
+/* 0x00b8	 128 */		or	%g0,1,%o7
+/* 0x00bc	 119 */		ldx	[%sp+104],%g3
+/* 0x00c0	 124 */		add	%o4,%g4,%o4
+/* 0x00c4	 122 */		ldx	[%sp+96],%g1
+/* 0x00c8	 125 */		st	%g5,[%o5-4]
+/* 0x00cc	 127 */		or	%g0,%g3,%g4
+                       .L900000112:
+/* 0x00d0	 119 */		ldd	[%g2+16],%f0
+/* 0x00d4	 128 */		add	%o7,1,%o7
+/* 0x00d8	     */		add	%o5,4,%o5
+/* 0x00dc	     */		cmp	%o7,%o2
+/* 0x00e0	     */		add	%g2,16,%g2
+/* 0x00e4	 119 */		fdtox	%f0,%f0
+/* 0x00e8	     */		std	%f0,[%sp+104]
+/* 0x00ec	 122 */		ldd	[%g2+8],%f0
+/* 0x00f0	     */		fdtox	%f0,%f0
+/* 0x00f4	     */		std	%f0,[%sp+96]
+/* 0x00f8	 123 */		and	%g1,%o1,%g3
+/* 0x00fc	     */		sllx	%g3,16,%g5
+/* 0x0100	 120 */		and	%g4,%o3,%g3
+/* 0x0104	 117 */		add	%g3,%g5,%g3
+/* 0x0108	 124 */		srax	%g1,16,%g1
+/* 0x010c	 117 */		add	%g3,%o4,%g3
+/* 0x0110	 124 */		srax	%g3,32,%o4
+/* 0x0114	     */		stx	%o4,[%sp+112]
+/* 0x0118	 119 */		ldx	[%sp+104],%g5
+/* 0x011c	 121 */		srax	%g4,32,%o4
+/* 0x0120	 124 */		ldx	[%sp+112],%g4
+/* 0x0124	     */		add	%g1,%g4,%g4
+/* 0x0128	 122 */		ldx	[%sp+96],%g1
+/* 0x012c	 124 */		add	%o4,%g4,%o4
+/* 0x0130	 125 */		and	%g3,%o3,%g3
+/* 0x0134	 127 */		or	%g0,%g5,%g4
+/* 0x0138	 128 */		ble,pt	%icc,.L900000112
+/* 0x013c	     */		st	%g3,[%o5-4]
+                       .L900000115:
+/* 0x0140	 128 */		ba	.L900000117
+/* 0x0144	     */		sethi	%hi(0xfc00),%g2
+                       .L77000134:
+/* 0x0148	 119 */		ldd	[%g2+16],%f0
+                       .L900000116:
+/* 0x014c	 120 */		and	%g4,%o3,%o0
+/* 0x0150	 123 */		and	%g1,%o1,%g3
+/* 0x0154	 119 */		fdtox	%f0,%f0
+/* 0x0158	 120 */		add	%o4,%o0,%o0
+/* 0x015c	 119 */		std	%f0,[%sp+104]
+/* 0x0160	 128 */		add	%o7,1,%o7
+/* 0x0164	 123 */		sllx	%g3,16,%o4
+/* 0x0168	 122 */		ldd	[%g2+24],%f2
+/* 0x016c	 128 */		add	%g2,16,%g2
+/* 0x0170	 123 */		add	%o0,%o4,%o0
+/* 0x0174	 128 */		cmp	%o7,%o2
+/* 0x0178	 125 */		and	%o0,%o3,%g3
+/* 0x017c	 122 */		fdtox	%f2,%f0
+/* 0x0180	     */		std	%f0,[%sp+96]
+/* 0x0184	 124 */		srax	%o0,32,%o0
+/* 0x0188	     */		stx	%o0,[%sp+112]
+/* 0x018c	 121 */		srax	%g4,32,%o4
+/* 0x0190	 122 */		ldx	[%sp+96],%o0
+/* 0x0194	 124 */		srax	%g1,16,%g5
+/* 0x0198	     */		ldx	[%sp+112],%g4
+/* 0x019c	 119 */		ldx	[%sp+104],%g1
+/* 0x01a0	 125 */		st	%g3,[%o5]
+/* 0x01a4	 124 */		add	%g5,%g4,%g4
+/* 0x01a8	 128 */		add	%o5,4,%o5
+/* 0x01ac	 124 */		add	%o4,%g4,%o4
+/* 0x01b0	 127 */		or	%g0,%g1,%g4
+/* 0x01b4	 128 */		or	%g0,%o0,%g1
+/* 0x01b8	     */		ble,a,pt	%icc,.L900000116
+/* 0x01bc	     */		ldd	[%g2+16],%f0
+                       .L77000127:
+
+!  129		      !   }
+!  130		      !     t1+=a&0xffffffff;
+!  131		      !     t=(a>>32);
+!  132		      !     t1+=(b&0xffff)<<16;
+!  133		      !     i32[i]=t1&0xffffffff;
+
+/* 0x01c0	 133 */		sethi	%hi(0xfc00),%g2
+                       .L900000117:
+/* 0x01c4	 133 */		or	%g0,-1,%g3
+/* 0x01c8	     */		add	%g2,1023,%g2
+/* 0x01cc	     */		srl	%g3,0,%g3
+/* 0x01d0	     */		and	%g1,%g2,%g2
+/* 0x01d4	     */		and	%g4,%g3,%g4
+/* 0x01d8	     */		sllx	%g2,16,%g2
+/* 0x01dc	     */		add	%o4,%g4,%g4
+/* 0x01e0	     */		add	%g4,%g2,%g2
+/* 0x01e4	     */		sll	%o7,2,%g4
+/* 0x01e8	     */		and	%g2,%g3,%g2
+/* 0x01ec	     */		st	%g2,[%i0+%g4]
+/* 0x01f0	     */		ret	! Result = 
+/* 0x01f4	     */		restore	%g0,%g0,%g0
+/* 0x01f8	   0 */		.type	conv_d16_to_i32,2
+/* 0x01f8	     */		.size	conv_d16_to_i32,(.-conv_d16_to_i32)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 */		.align	8
+!
+! CONSTANT POOL
+!
+                       .L_const_seg_900000201:
+/* 000000	   0 */		.word	1127219200,0
+/* 0x0008	   0 */		.align	4
+/* 0x0008	     */		.skip	16
+!
+! SUBROUTINE conv_i32_to_d32
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION
+
+                       	.global conv_i32_to_d32
+                       conv_i32_to_d32:
+/* 000000	     */		or	%g0,%o7,%g2
+
+!  135		      !}
+!  137		      !void conv_i32_to_d32(double *d32, unsigned int *i32, int len)
+!  138		      !{
+!  139		      !int i;
+!  141		      !#pragma pipeloop(0)
+!  142		      ! for(i=0;i<len;i++) d32[i]=(double)(i32[i]);
+
+/* 0x0004	 142 */		cmp	%o2,0
+                       .L900000210:
+/* 0x0008	     */		call	.+8
+/* 0x000c	     */		sethi	/*X*/%hi(_GLOBAL_OFFSET_TABLE_-(.L900000210-.)),%g4
+/* 0x0010	 142 */		or	%g0,0,%o5
+/* 0x0014	 138 */		add	%g4,/*X*/%lo(_GLOBAL_OFFSET_TABLE_-(.L900000210-.)),%g4
+/* 0x0018	     */		or	%g0,%o0,%g5
+/* 0x001c	     */		add	%g4,%o7,%g1
+/* 0x0020	 142 */		ble,pt	%icc,.L77000140
+/* 0x0024	     */		or	%g0,%g2,%o7
+/* 0x0028	     */		sethi	%hi(.L_const_seg_900000201),%g2
+/* 0x002c	 138 */		or	%g0,%o1,%g4
+/* 0x0030	 142 */		add	%g2,%lo(.L_const_seg_900000201),%g2
+/* 0x0034	     */		sub	%o2,1,%g3
+/* 0x0038	     */		ld	[%g1+%g2],%g2
+/* 0x003c	     */		cmp	%o2,9
+/* 0x0040	     */		bl,pn	%icc,.L77000144
+/* 0x0044	     */		ldd	[%g2],%f8
+/* 0x0048	     */		add	%o1,16,%g4
+/* 0x004c	     */		sub	%o2,5,%g1
+/* 0x0050	     */		ld	[%o1],%f7
+/* 0x0054	     */		or	%g0,4,%o5
+/* 0x0058	     */		ld	[%o1+4],%f5
+/* 0x005c	     */		ld	[%o1+8],%f3
+/* 0x0060	     */		fmovs	%f8,%f6
+/* 0x0064	     */		ld	[%o1+12],%f1
+                       .L900000205:
+/* 0x0068	     */		ld	[%g4],%f11
+/* 0x006c	     */		add	%o5,5,%o5
+/* 0x0070	     */		add	%g4,20,%g4
+/* 0x0074	     */		fsubd	%f6,%f8,%f6
+/* 0x0078	     */		std	%f6,[%g5]
+/* 0x007c	     */		cmp	%o5,%g1
+/* 0x0080	     */		add	%g5,40,%g5
+/* 0x0084	     */		fmovs	%f8,%f4
+/* 0x0088	     */		ld	[%g4-16],%f7
+/* 0x008c	     */		fsubd	%f4,%f8,%f12
+/* 0x0090	     */		fmovs	%f8,%f2
+/* 0x0094	     */		std	%f12,[%g5-32]
+/* 0x0098	     */		ld	[%g4-12],%f5
+/* 0x009c	     */		fsubd	%f2,%f8,%f12
+/* 0x00a0	     */		fmovs	%f8,%f0
+/* 0x00a4	     */		std	%f12,[%g5-24]
+/* 0x00a8	     */		ld	[%g4-8],%f3
+/* 0x00ac	     */		fsubd	%f0,%f8,%f12
+/* 0x00b0	     */		fmovs	%f8,%f10
+/* 0x00b4	     */		std	%f12,[%g5-16]
+/* 0x00b8	     */		ld	[%g4-4],%f1
+/* 0x00bc	     */		fsubd	%f10,%f8,%f10
+/* 0x00c0	     */		fmovs	%f8,%f6
+/* 0x00c4	     */		ble,pt	%icc,.L900000205
+/* 0x00c8	     */		std	%f10,[%g5-8]
+                       .L900000208:
+/* 0x00cc	     */		fmovs	%f8,%f4
+/* 0x00d0	     */		add	%g5,32,%g5
+/* 0x00d4	     */		cmp	%o5,%g3
+/* 0x00d8	     */		fmovs	%f8,%f2
+/* 0x00dc	     */		fmovs	%f8,%f0
+/* 0x00e0	     */		fsubd	%f6,%f8,%f6
+/* 0x00e4	     */		std	%f6,[%g5-32]
+/* 0x00e8	     */		fsubd	%f4,%f8,%f4
+/* 0x00ec	     */		std	%f4,[%g5-24]
+/* 0x00f0	     */		fsubd	%f2,%f8,%f2
+/* 0x00f4	     */		std	%f2,[%g5-16]
+/* 0x00f8	     */		fsubd	%f0,%f8,%f0
+/* 0x00fc	     */		bg,pn	%icc,.L77000140
+/* 0x0100	     */		std	%f0,[%g5-8]
+                       .L77000144:
+/* 0x0104	     */		ld	[%g4],%f1
+                       .L900000211:
+/* 0x0108	     */		ldd	[%g2],%f8
+/* 0x010c	     */		add	%o5,1,%o5
+/* 0x0110	     */		add	%g4,4,%g4
+/* 0x0114	     */		cmp	%o5,%g3
+/* 0x0118	     */		fmovs	%f8,%f0
+/* 0x011c	     */		fsubd	%f0,%f8,%f0
+/* 0x0120	     */		std	%f0,[%g5]
+/* 0x0124	     */		add	%g5,8,%g5
+/* 0x0128	     */		ble,a,pt	%icc,.L900000211
+/* 0x012c	     */		ld	[%g4],%f1
+                       .L77000140:
+/* 0x0130	     */		retl	! Result = 
+/* 0x0134	     */		nop
+/* 0x0138	   0 */		.type	conv_i32_to_d32,2
+/* 0x0138	     */		.size	conv_i32_to_d32,(.-conv_i32_to_d32)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 */		.align	8
+!
+! CONSTANT POOL
+!
+                       .L_const_seg_900000301:
+/* 000000	   0 */		.word	1127219200,0
+/* 0x0008	   0 */		.align	4
+!
+! SUBROUTINE conv_i32_to_d16
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION
+
+                       	.global conv_i32_to_d16
+                       conv_i32_to_d16:
+/* 000000	     */		save	%sp,-104,%sp
+/* 0x0004	     */		or	%g0,%i2,%o0
+
+!  143		      !}
+!  146		      !void conv_i32_to_d16(double *d16, unsigned int *i32, int len)
+!  147		      !{
+!  148		      !int i;
+!  149		      !unsigned int a;
+!  151		      !#pragma pipeloop(0)
+!  152		      ! for(i=0;i<len;i++)
+!  153		      !   {
+!  154		      !     a=i32[i];
+!  155		      !     d16[2*i]=(double)(a&0xffff);
+!  156		      !     d16[2*i+1]=(double)(a>>16);
+
+/* 0x0008	 156 */		sethi	%hi(.L_const_seg_900000301),%g2
+                       .L900000310:
+/* 0x000c	     */		call	.+8
+/* 0x0010	     */		sethi	/*X*/%hi(_GLOBAL_OFFSET_TABLE_-(.L900000310-.)),%g3
+/* 0x0014	 152 */		cmp	%o0,0
+/* 0x0018	 147 */		add	%g3,/*X*/%lo(_GLOBAL_OFFSET_TABLE_-(.L900000310-.)),%g3
+/* 0x001c	 152 */		ble,pt	%icc,.L77000150
+/* 0x0020	     */		add	%g3,%o7,%o2
+/* 0x0024	     */		sub	%i2,1,%o5
+/* 0x0028	 156 */		add	%g2,%lo(.L_const_seg_900000301),%o1
+/* 0x002c	 152 */		sethi	%hi(0xfc00),%o0
+/* 0x0030	     */		ld	[%o2+%o1],%o3
+/* 0x0034	     */		add	%o5,1,%g2
+/* 0x0038	     */		or	%g0,0,%g1
+/* 0x003c	     */		cmp	%g2,3
+/* 0x0040	     */		or	%g0,%i1,%o7
+/* 0x0044	     */		add	%o0,1023,%o4
+/* 0x0048	     */		or	%g0,%i0,%g3
+/* 0x004c	     */		bl,pn	%icc,.L77000154
+/* 0x0050	     */		add	%o7,4,%o0
+/* 0x0054	 155 */		ldd	[%o3],%f0
+/* 0x0058	 156 */		or	%g0,1,%g1
+/* 0x005c	 154 */		ld	[%o0-4],%o1
+/* 0x0060	   0 */		or	%g0,%o0,%o7
+/* 0x0064	 155 */		and	%o1,%o4,%o0
+                       .L900000306:
+/* 0x0068	 155 */		st	%o0,[%sp+96]
+/* 0x006c	 156 */		add	%g1,1,%g1
+/* 0x0070	     */		add	%g3,16,%g3
+/* 0x0074	     */		cmp	%g1,%o5
+/* 0x0078	     */		add	%o7,4,%o7
+/* 0x007c	 155 */		ld	[%sp+96],%f3
+/* 0x0080	     */		fmovs	%f0,%f2
+/* 0x0084	     */		fsubd	%f2,%f0,%f2
+/* 0x0088	 156 */		srl	%o1,16,%o0
+/* 0x008c	 155 */		std	%f2,[%g3-16]
+/* 0x0090	 156 */		st	%o0,[%sp+92]
+/* 0x0094	     */		ld	[%sp+92],%f3
+/* 0x0098	 154 */		ld	[%o7-4],%o1
+/* 0x009c	 156 */		fmovs	%f0,%f2
+/* 0x00a0	     */		fsubd	%f2,%f0,%f2
+/* 0x00a4	 155 */		and	%o1,%o4,%o0
+/* 0x00a8	 156 */		ble,pt	%icc,.L900000306
+/* 0x00ac	     */		std	%f2,[%g3-8]
+                       .L900000309:
+/* 0x00b0	 155 */		st	%o0,[%sp+96]
+/* 0x00b4	     */		fmovs	%f0,%f2
+/* 0x00b8	 156 */		add	%g3,16,%g3
+/* 0x00bc	     */		srl	%o1,16,%o0
+/* 0x00c0	 155 */		ld	[%sp+96],%f3
+/* 0x00c4	     */		fsubd	%f2,%f0,%f2
+/* 0x00c8	     */		std	%f2,[%g3-16]
+/* 0x00cc	 156 */		st	%o0,[%sp+92]
+/* 0x00d0	     */		fmovs	%f0,%f2
+/* 0x00d4	     */		ld	[%sp+92],%f3
+/* 0x00d8	     */		fsubd	%f2,%f0,%f0
+/* 0x00dc	     */		std	%f0,[%g3-8]
+/* 0x00e0	     */		ret	! Result = 
+/* 0x00e4	     */		restore	%g0,%g0,%g0
+                       .L77000154:
+/* 0x00e8	 154 */		ld	[%o7],%o0
+                       .L900000311:
+/* 0x00ec	 155 */		and	%o0,%o4,%o1
+/* 0x00f0	     */		st	%o1,[%sp+96]
+/* 0x00f4	 156 */		add	%g1,1,%g1
+/* 0x00f8	 155 */		ldd	[%o3],%f0
+/* 0x00fc	 156 */		srl	%o0,16,%o0
+/* 0x0100	     */		add	%o7,4,%o7
+/* 0x0104	     */		cmp	%g1,%o5
+/* 0x0108	 155 */		fmovs	%f0,%f2
+/* 0x010c	     */		ld	[%sp+96],%f3
+/* 0x0110	     */		fsubd	%f2,%f0,%f2
+/* 0x0114	     */		std	%f2,[%g3]
+/* 0x0118	 156 */		st	%o0,[%sp+92]
+/* 0x011c	     */		fmovs	%f0,%f2
+/* 0x0120	     */		ld	[%sp+92],%f3
+/* 0x0124	     */		fsubd	%f2,%f0,%f0
+/* 0x0128	     */		std	%f0,[%g3+8]
+/* 0x012c	     */		add	%g3,16,%g3
+/* 0x0130	     */		ble,a,pt	%icc,.L900000311
+/* 0x0134	     */		ld	[%o7],%o0
+                       .L77000150:
+/* 0x0138	     */		ret	! Result = 
+/* 0x013c	     */		restore	%g0,%g0,%g0
+/* 0x0140	   0 */		.type	conv_i32_to_d16,2
+/* 0x0140	     */		.size	conv_i32_to_d16,(.-conv_i32_to_d16)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 */		.align	8
+!
+! CONSTANT POOL
+!
+                       .L_const_seg_900000401:
+/* 000000	   0 */		.word	1127219200,0
+/* 0x0008	   0 */		.align	4
+/* 0x0008	     */		.skip	16
+!
+! SUBROUTINE conv_i32_to_d32_and_d16
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION
+
+                       	.global conv_i32_to_d32_and_d16
+                       conv_i32_to_d32_and_d16:
+/* 000000	     */		save	%sp,-120,%sp
+                       .L900000415:
+/* 0x0004	     */		call	.+8
+/* 0x0008	     */		sethi	/*X*/%hi(_GLOBAL_OFFSET_TABLE_-(.L900000415-.)),%g4
+
+!  157		      !   }
+!  158		      !}
+!  161		      !void conv_i32_to_d32_and_d16(double *d32, double *d16, 
+!  162		      !			     unsigned int *i32, int len)
+!  163		      !{
+!  164		      !int i = 0;
+!  165		      !unsigned int a;
+!  167		      !#pragma pipeloop(0)
+!  168		      !#ifdef RF_INLINE_MACROS
+!  169		      ! for(;i<len-3;i+=4)
+
+/* 0x000c	 169 */		sub	%i3,3,%g2
+/* 0x0010	     */		cmp	%g2,0
+/* 0x0014	 163 */		add	%g4,/*X*/%lo(_GLOBAL_OFFSET_TABLE_-(.L900000415-.)),%g4
+
+!  170		      !   {
+!  171		      !     i16_to_d16_and_d32x4(&TwoToMinus16, &TwoTo16, &Zero,
+!  172		      !			  &(d16[2*i]), &(d32[i]), (float *)(&(i32[i])));
+
+/* 0x0018	 172 */		sethi	%hi(Zero),%g2
+/* 0x001c	 163 */		add	%g4,%o7,%o4
+/* 0x0020	 172 */		add	%g2,%lo(Zero),%g2
+/* 0x0024	     */		sethi	%hi(TwoToMinus16),%g3
+/* 0x0028	     */		ld	[%o4+%g2],%o1
+/* 0x002c	     */		sethi	%hi(TwoTo16),%g4
+/* 0x0030	     */		add	%g3,%lo(TwoToMinus16),%g2
+/* 0x0034	     */		ld	[%o4+%g2],%o3
+/* 0x0038	 164 */		or	%g0,0,%g5
+/* 0x003c	 172 */		add	%g4,%lo(TwoTo16),%g3
+/* 0x0040	     */		ld	[%o4+%g3],%o2
+/* 0x0044	 163 */		or	%g0,%i0,%i4
+/* 0x0048	 169 */		or	%g0,%i2,%o7
+/* 0x004c	     */		ble,pt	%icc,.L900000418
+/* 0x0050	     */		cmp	%g5,%i3
+/* 0x0054	 172 */		stx	%o7,[%sp+104]
+/* 0x0058	 169 */		sub	%i3,4,%o5
+/* 0x005c	     */		or	%g0,0,%g4
+/* 0x0060	     */		or	%g0,0,%g1
+                       .L900000417:
+/* 0x0064	     */		ldd	[%o1],%f2
+/* 0x0068	 172 */		add	%i4,%g4,%g2
+/* 0x006c	     */		add	%i1,%g1,%g3
+/* 0x0070	     */		ldd	[%o3],%f0
+/* 0x0074	     */		add	%g5,4,%g5
+/* 0x0078	     */		fmovd	%f2,%f14
+/* 0x007c	     */		ld	[%o7],%f15
+/* 0x0080	     */		cmp	%g5,%o5
+/* 0x0084	     */		fmovd	%f2,%f10
+/* 0x0088	     */		ld	[%o7+4],%f11
+/* 0x008c	     */		add	%o7,16,%o7
+/* 0x0090	     */		ldx	[%sp+104],%o0
+/* 0x0094	     */		fmovd	%f2,%f6
+/* 0x0098	     */		stx	%o7,[%sp+112]
+/* 0x009c	     */		fxtod	%f14,%f14
+/* 0x00a0	     */		ld	[%o0+8],%f7
+/* 0x00a4	     */		fxtod	%f10,%f10
+/* 0x00a8	     */		ld	[%o0+12],%f3
+/* 0x00ac	     */		fxtod	%f6,%f6
+/* 0x00b0	     */		ldd	[%o2],%f16
+/* 0x00b4	     */		fmuld	%f0,%f14,%f12
+/* 0x00b8	     */		fxtod	%f2,%f2
+/* 0x00bc	     */		fmuld	%f0,%f10,%f8
+/* 0x00c0	     */		std	%f14,[%i4+%g4]
+/* 0x00c4	     */		ldx	[%sp+112],%o7
+/* 0x00c8	     */		add	%g4,32,%g4
+/* 0x00cc	     */		fmuld	%f0,%f6,%f4
+/* 0x00d0	     */		fdtox	%f12,%f12
+/* 0x00d4	     */		std	%f10,[%g2+8]
+/* 0x00d8	     */		fmuld	%f0,%f2,%f0
+/* 0x00dc	     */		fdtox	%f8,%f8
+/* 0x00e0	     */		std	%f6,[%g2+16]
+/* 0x00e4	     */		std	%f2,[%g2+24]
+/* 0x00e8	     */		fdtox	%f4,%f4
+/* 0x00ec	     */		fdtox	%f0,%f0
+/* 0x00f0	     */		fxtod	%f12,%f12
+/* 0x00f4	     */		std	%f12,[%g3+8]
+/* 0x00f8	     */		fxtod	%f8,%f8
+/* 0x00fc	     */		std	%f8,[%g3+24]
+/* 0x0100	     */		fxtod	%f4,%f4
+/* 0x0104	     */		std	%f4,[%g3+40]
+/* 0x0108	     */		fxtod	%f0,%f0
+/* 0x010c	     */		std	%f0,[%g3+56]
+/* 0x0110	     */		fmuld	%f12,%f16,%f12
+/* 0x0114	     */		fmuld	%f8,%f16,%f8
+/* 0x0118	     */		fmuld	%f4,%f16,%f4
+/* 0x011c	     */		fsubd	%f14,%f12,%f12
+/* 0x0120	     */		std	%f12,[%i1+%g1]
+/* 0x0124	     */		fmuld	%f0,%f16,%f0
+/* 0x0128	     */		fsubd	%f10,%f8,%f8
+/* 0x012c	     */		std	%f8,[%g3+16]
+/* 0x0130	     */		add	%g1,64,%g1
+/* 0x0134	     */		fsubd	%f6,%f4,%f4
+/* 0x0138	     */		std	%f4,[%g3+32]
+/* 0x013c	     */		fsubd	%f2,%f0,%f0
+/* 0x0140	     */		std	%f0,[%g3+48]
+/* 0x0144	     */		ble,a,pt	%icc,.L900000417
+/* 0x0148	     */		stx	%o7,[%sp+104]
+                       .L77000159:
+
+!  173		      !   }
+!  174		      !#endif
+!  175		      ! for(;i<len;i++)
+
+/* 0x014c	 175 */		cmp	%g5,%i3
+                       .L900000418:
+/* 0x0150	 175 */		bge,pt	%icc,.L77000164
+/* 0x0154	     */		nop
+
+!  176		      !   {
+!  177		      !     a=i32[i];
+!  178		      !     d32[i]=(double)(i32[i]);
+!  179		      !     d16[2*i]=(double)(a&0xffff);
+!  180		      !     d16[2*i+1]=(double)(a>>16);
+
+/* 0x0158	 180 */		sethi	%hi(.L_const_seg_900000401),%g2
+/* 0x015c	     */		add	%g2,%lo(.L_const_seg_900000401),%o1
+/* 0x0160	 175 */		sethi	%hi(0xfc00),%o0
+/* 0x0164	     */		ld	[%o4+%o1],%o2
+/* 0x0168	     */		sll	%g5,2,%o3
+/* 0x016c	     */		sub	%i3,%g5,%g3
+/* 0x0170	     */		sll	%g5,3,%g2
+/* 0x0174	     */		add	%o0,1023,%o4
+/* 0x0178	 178 */		ldd	[%o2],%f0
+/* 0x017c	     */		add	%i2,%o3,%o0
+/* 0x0180	 175 */		cmp	%g3,3
+/* 0x0184	     */		add	%i4,%g2,%o3
+/* 0x0188	     */		sub	%i3,1,%o1
+/* 0x018c	     */		sll	%g5,4,%g4
+/* 0x0190	     */		bl,pn	%icc,.L77000161
+/* 0x0194	     */		add	%i1,%g4,%o5
+/* 0x0198	 178 */		ld	[%o0],%f3
+/* 0x019c	 180 */		add	%o3,8,%o3
+/* 0x01a0	 177 */		ld	[%o0],%o7
+/* 0x01a4	 180 */		add	%o5,16,%o5
+/* 0x01a8	     */		add	%g5,1,%g5
+/* 0x01ac	 178 */		fmovs	%f0,%f2
+/* 0x01b0	 180 */		add	%o0,4,%o0
+/* 0x01b4	 179 */		and	%o7,%o4,%g1
+/* 0x01b8	 178 */		fsubd	%f2,%f0,%f2
+/* 0x01bc	     */		std	%f2,[%o3-8]
+/* 0x01c0	 180 */		srl	%o7,16,%o7
+/* 0x01c4	 179 */		st	%g1,[%sp+96]
+/* 0x01c8	     */		fmovs	%f0,%f2
+/* 0x01cc	     */		ld	[%sp+96],%f3
+/* 0x01d0	     */		fsubd	%f2,%f0,%f2
+/* 0x01d4	     */		std	%f2,[%o5-16]
+/* 0x01d8	 180 */		st	%o7,[%sp+92]
+/* 0x01dc	     */		fmovs	%f0,%f2
+/* 0x01e0	     */		ld	[%sp+92],%f3
+/* 0x01e4	     */		fsubd	%f2,%f0,%f2
+/* 0x01e8	     */		std	%f2,[%o5-8]
+                       .L900000411:
+/* 0x01ec	 178 */		ld	[%o0],%f3
+/* 0x01f0	 180 */		add	%g5,2,%g5
+/* 0x01f4	     */		add	%o5,32,%o5
+/* 0x01f8	 177 */		ld	[%o0],%o7
+/* 0x01fc	 180 */		cmp	%g5,%o1
+/* 0x0200	     */		add	%o3,16,%o3
+/* 0x0204	 178 */		fmovs	%f0,%f2
+/* 0x0208	     */		fsubd	%f2,%f0,%f2
+/* 0x020c	     */		std	%f2,[%o3-16]
+/* 0x0210	 179 */		and	%o7,%o4,%g1
+/* 0x0214	     */		st	%g1,[%sp+96]
+/* 0x0218	     */		ld	[%sp+96],%f3
+/* 0x021c	     */		fmovs	%f0,%f2
+/* 0x0220	     */		fsubd	%f2,%f0,%f2
+/* 0x0224	 180 */		srl	%o7,16,%o7
+/* 0x0228	 179 */		std	%f2,[%o5-32]
+/* 0x022c	 180 */		st	%o7,[%sp+92]
+/* 0x0230	     */		ld	[%sp+92],%f3
+/* 0x0234	     */		fmovs	%f0,%f2
+/* 0x0238	     */		fsubd	%f2,%f0,%f2
+/* 0x023c	     */		std	%f2,[%o5-24]
+/* 0x0240	     */		add	%o0,4,%o0
+/* 0x0244	 178 */		ld	[%o0],%f3
+/* 0x0248	 177 */		ld	[%o0],%o7
+/* 0x024c	 178 */		fmovs	%f0,%f2
+/* 0x0250	     */		fsubd	%f2,%f0,%f2
+/* 0x0254	     */		std	%f2,[%o3-8]
+/* 0x0258	 179 */		and	%o7,%o4,%g1
+/* 0x025c	     */		st	%g1,[%sp+96]
+/* 0x0260	     */		ld	[%sp+96],%f3
+/* 0x0264	     */		fmovs	%f0,%f2
+/* 0x0268	     */		fsubd	%f2,%f0,%f2
+/* 0x026c	 180 */		srl	%o7,16,%o7
+/* 0x0270	 179 */		std	%f2,[%o5-16]
+/* 0x0274	 180 */		st	%o7,[%sp+92]
+/* 0x0278	     */		ld	[%sp+92],%f3
+/* 0x027c	     */		fmovs	%f0,%f2
+/* 0x0280	     */		fsubd	%f2,%f0,%f2
+/* 0x0284	     */		std	%f2,[%o5-8]
+/* 0x0288	     */		bl,pt	%icc,.L900000411
+/* 0x028c	     */		add	%o0,4,%o0
+                       .L900000414:
+/* 0x0290	 180 */		cmp	%g5,%i3
+/* 0x0294	     */		bge,pn	%icc,.L77000164
+/* 0x0298	     */		nop
+                       .L77000161:
+/* 0x029c	 178 */		ld	[%o0],%f3
+                       .L900000416:
+/* 0x02a0	 178 */		ldd	[%o2],%f0
+/* 0x02a4	 180 */		add	%g5,1,%g5
+/* 0x02a8	 177 */		ld	[%o0],%o1
+/* 0x02ac	 180 */		add	%o0,4,%o0
+/* 0x02b0	     */		cmp	%g5,%i3
+/* 0x02b4	 178 */		fmovs	%f0,%f2
+/* 0x02b8	 179 */		and	%o1,%o4,%o7
+/* 0x02bc	 178 */		fsubd	%f2,%f0,%f2
+/* 0x02c0	     */		std	%f2,[%o3]
+/* 0x02c4	 180 */		srl	%o1,16,%o1
+/* 0x02c8	 179 */		st	%o7,[%sp+96]
+/* 0x02cc	 180 */		add	%o3,8,%o3
+/* 0x02d0	 179 */		fmovs	%f0,%f2
+/* 0x02d4	     */		ld	[%sp+96],%f3
+/* 0x02d8	     */		fsubd	%f2,%f0,%f2
+/* 0x02dc	     */		std	%f2,[%o5]
+/* 0x02e0	 180 */		st	%o1,[%sp+92]
+/* 0x02e4	     */		fmovs	%f0,%f2
+/* 0x02e8	     */		ld	[%sp+92],%f3
+/* 0x02ec	     */		fsubd	%f2,%f0,%f0
+/* 0x02f0	     */		std	%f0,[%o5+8]
+/* 0x02f4	     */		add	%o5,16,%o5
+/* 0x02f8	     */		bl,a,pt	%icc,.L900000416
+/* 0x02fc	     */		ld	[%o0],%f3
+                       .L77000164:
+/* 0x0300	     */		ret	! Result = 
+/* 0x0304	     */		restore	%g0,%g0,%g0
+/* 0x0308	   0 */		.type	conv_i32_to_d32_and_d16,2
+/* 0x0308	     */		.size	conv_i32_to_d32_and_d16,(.-conv_i32_to_d32_and_d16)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 */		.align	4
+!
+! SUBROUTINE adjust_montf_result
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION
+
+                       	.global adjust_montf_result
+                       adjust_montf_result:
+/* 000000	     */		or	%g0,%o2,%g5
+
+!  181		      !   }
+!  182		      !}
+!  185		      !void adjust_montf_result(unsigned int *i32, unsigned int *nint, int len)
+!  186		      !{
+!  187		      !long long acc;
+!  188		      !int i;
+!  190		      ! if(i32[len]>0) i=-1;
+
+/* 0x0004	 190 */		or	%g0,-1,%g4
+/* 0x0008	     */		sll	%o2,2,%g1
+/* 0x000c	     */		ld	[%o0+%g1],%g1
+/* 0x0010	     */		cmp	%g1,0
+/* 0x0014	     */		bleu,pn	%icc,.L77000175
+/* 0x0018	     */		or	%g0,%o1,%o3
+/* 0x001c	     */		ba	.L900000511
+/* 0x0020	     */		cmp	%g4,0
+                       .L77000175:
+
+!  191		      ! else
+!  192		      !   {
+!  193		      !     for(i=len-1; i>=0; i--)
+
+/* 0x0024	 193 */		sub	%o2,1,%g4
+/* 0x0028	     */		sll	%g4,2,%g1
+/* 0x002c	     */		cmp	%g4,0
+/* 0x0030	     */		bl,pt	%icc,.L900000511
+/* 0x0034	     */		cmp	%g4,0
+/* 0x0038	     */		add	%o1,%g1,%g2
+
+!  194		      !       {
+!  195		      !	 if(i32[i]!=nint[i]) break;
+
+/* 0x003c	 195 */		ld	[%g2],%o5
+/* 0x0040	 193 */		add	%o0,%g1,%g3
+                       .L900000510:
+/* 0x0044	 195 */		ld	[%g3],%o2
+/* 0x0048	     */		sub	%g4,1,%g1
+/* 0x004c	     */		sub	%g2,4,%g2
+/* 0x0050	     */		sub	%g3,4,%g3
+/* 0x0054	     */		cmp	%o2,%o5
+/* 0x0058	     */		bne,pn	%icc,.L77000182
+/* 0x005c	     */		nop
+/* 0x0060	   0 */		or	%g0,%g1,%g4
+/* 0x0064	 195 */		cmp	%g1,0
+/* 0x0068	     */		bge,a,pt	%icc,.L900000510
+/* 0x006c	     */		ld	[%g2],%o5
+                       .L77000182:
+
+!  196		      !       }
+!  197		      !   }
+!  198		      ! if((i<0)||(i32[i]>nint[i]))
+
+/* 0x0070	 198 */		cmp	%g4,0
+                       .L900000511:
+/* 0x0074	 198 */		bl,pn	%icc,.L77000198
+/* 0x0078	     */		sll	%g4,2,%g2
+/* 0x007c	     */		ld	[%o1+%g2],%g1
+/* 0x0080	     */		ld	[%o0+%g2],%g2
+/* 0x0084	     */		cmp	%g2,%g1
+/* 0x0088	     */		bleu,pt	%icc,.L77000191
+/* 0x008c	     */		nop
+                       .L77000198:
+
+!  199		      !   {
+!  200		      !     acc=0;
+!  201		      !     for(i=0;i<len;i++)
+
+/* 0x0090	 201 */		cmp	%g5,0
+/* 0x0094	     */		ble,pt	%icc,.L77000191
+/* 0x0098	     */		nop
+/* 0x009c	     */		or	%g0,%g5,%g1
+/* 0x00a0	 198 */		or	%g0,-1,%g2
+/* 0x00a4	     */		srl	%g2,0,%g3
+/* 0x00a8	     */		sub	%g5,1,%g4
+/* 0x00ac	 200 */		or	%g0,0,%g5
+/* 0x00b0	 201 */		or	%g0,0,%o5
+/* 0x00b4	 198 */		or	%g0,%o0,%o4
+/* 0x00b8	     */		cmp	%g1,3
+/* 0x00bc	 201 */		bl,pn	%icc,.L77000199
+/* 0x00c0	     */		add	%o0,8,%g1
+/* 0x00c4	     */		add	%o1,4,%g2
+
+!  202		      !       {
+!  203		      !	 acc=acc+(unsigned long long)(i32[i])-(unsigned long long)(nint[i]);
+
+/* 0x00c8	 203 */		ld	[%o0],%o2
+/* 0x00cc	     */		ld	[%o1],%o1
+/* 0x00d0	   0 */		or	%g0,%g1,%o4
+/* 0x00d4	     */		or	%g0,%g2,%o3
+/* 0x00d8	 203 */		ld	[%o0+4],%g1
+
+!  204		      !	 i32[i]=acc&0xffffffff;
+!  205		      !	 acc=acc>>32;
+
+/* 0x00dc	 205 */		or	%g0,2,%o5
+/* 0x00e0	 201 */		sub	%o2,%o1,%o2
+/* 0x00e4	     */		or	%g0,%o2,%g5
+/* 0x00e8	 204 */		and	%o2,%g3,%o2
+/* 0x00ec	     */		st	%o2,[%o0]
+/* 0x00f0	 205 */		srax	%g5,32,%g5
+                       .L900000505:
+/* 0x00f4	 203 */		ld	[%o3],%o2
+/* 0x00f8	 205 */		add	%o5,1,%o5
+/* 0x00fc	     */		add	%o3,4,%o3
+/* 0x0100	     */		cmp	%o5,%g4
+/* 0x0104	     */		add	%o4,4,%o4
+/* 0x0108	 201 */		sub	%g1,%o2,%g1
+/* 0x010c	     */		add	%g1,%g5,%g5
+/* 0x0110	 204 */		and	%g5,%g3,%o2
+/* 0x0114	 203 */		ld	[%o4-4],%g1
+/* 0x0118	 204 */		st	%o2,[%o4-8]
+/* 0x011c	 205 */		ble,pt	%icc,.L900000505
+/* 0x0120	     */		srax	%g5,32,%g5
+                       .L900000508:
+/* 0x0124	 203 */		ld	[%o3],%g2
+/* 0x0128	 201 */		sub	%g1,%g2,%g1
+/* 0x012c	     */		add	%g1,%g5,%g1
+/* 0x0130	 204 */		and	%g1,%g3,%g2
+/* 0x0134	     */		retl	! Result = 
+/* 0x0138	     */		st	%g2,[%o4-4]
+                       .L77000199:
+/* 0x013c	 203 */		ld	[%o4],%g1
+                       .L900000509:
+/* 0x0140	 203 */		ld	[%o3],%g2
+/* 0x0144	     */		add	%g5,%g1,%g1
+/* 0x0148	 205 */		add	%o5,1,%o5
+/* 0x014c	     */		add	%o3,4,%o3
+/* 0x0150	     */		cmp	%o5,%g4
+/* 0x0154	 203 */		sub	%g1,%g2,%g1
+/* 0x0158	 204 */		and	%g1,%g3,%g2
+/* 0x015c	     */		st	%g2,[%o4]
+/* 0x0160	 205 */		add	%o4,4,%o4
+/* 0x0164	     */		srax	%g1,32,%g5
+/* 0x0168	     */		ble,a,pt	%icc,.L900000509
+/* 0x016c	     */		ld	[%o4],%g1
+                       .L77000191:
+/* 0x0170	     */		retl	! Result = 
+/* 0x0174	     */		nop
+/* 0x0178	   0 */		.type	adjust_montf_result,2
+/* 0x0178	     */		.size	adjust_montf_result,(.-adjust_montf_result)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 */		.align	4
+/* 000000	     */		.skip	16
+!
+! SUBROUTINE mont_mulf_noconv
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION
+
+                       	.global mont_mulf_noconv
+                       mont_mulf_noconv:
+/* 000000	     */		save	%sp,-144,%sp
+                       .L900000646:
+/* 0x0004	     */		call	.+8
+/* 0x0008	     */		sethi	/*X*/%hi(_GLOBAL_OFFSET_TABLE_-(.L900000646-.)),%g5
+
+!  206		      !       }
+!  207		      !   }
+!  208		      !}
+!  213		      !/*
+!  214		      !** the lengths of the input arrays should be at least the following:
+!  215		      !** result[nlen+1], dm1[nlen], dm2[2*nlen+1], dt[4*nlen+2], dn[nlen], nint[nlen]
+!  216		      !** all of them should be different from one another
+!  217		      !**
+!  218		      !*/
+!  219		      !void mont_mulf_noconv(unsigned int *result,
+!  220		      !		     double *dm1, double *dm2, double *dt,
+!  221		      !		     double *dn, unsigned int *nint,
+!  222		      !		     int nlen, double dn0)
+!  223		      !{
+!  224		      ! int i, j, jj;
+!  225		      ! int tmp;
+!  226		      ! double digit, m2j, nextm2j, a, b;
+!  227		      ! double *dptmp, *pdm1, *pdm2, *pdn, *pdtj, pdn_0, pdm1_0;
+!  229		      ! pdm1=&(dm1[0]);
+!  230		      ! pdm2=&(dm2[0]);
+!  231		      ! pdn=&(dn[0]);
+!  232		      ! pdm2[2*nlen]=Zero;
+
+/* 0x000c	 232 */		ld	[%fp+92],%o1
+/* 0x0010	     */		sethi	%hi(Zero),%g2
+/* 0x0014	 223 */		ldd	[%fp+96],%f2
+/* 0x0018	     */		add	%g5,/*X*/%lo(_GLOBAL_OFFSET_TABLE_-(.L900000646-.)),%g5
+/* 0x001c	 232 */		add	%g2,%lo(Zero),%g2
+/* 0x0020	 223 */		st	%i0,[%fp+68]
+/* 0x0024	     */		add	%g5,%o7,%o3
+
+!  234		      ! if (nlen!=16)
+!  235		      !   {
+!  236		      !     for(i=0;i<4*nlen+2;i++) dt[i]=Zero;
+!  238		      !     a=dt[0]=pdm1[0]*pdm2[0];
+!  239		      !     digit=mod(lower32(a,Zero)*dn0,TwoToMinus16,TwoTo16);
+
+/* 0x0028	 239 */		sethi	%hi(TwoToMinus16),%g3
+/* 0x002c	 232 */		ld	[%o3+%g2],%l0
+/* 0x0030	 239 */		sethi	%hi(TwoTo16),%g4
+/* 0x0034	 223 */		or	%g0,%i2,%o2
+/* 0x0038	     */		fmovd	%f2,%f16
+/* 0x003c	     */		st	%i5,[%fp+88]
+/* 0x0040	 239 */		add	%g3,%lo(TwoToMinus16),%g2
+/* 0x0044	 223 */		or	%g0,%i1,%i2
+/* 0x0048	 232 */		ldd	[%l0],%f0
+/* 0x004c	 239 */		add	%g4,%lo(TwoTo16),%g3
+/* 0x0050	 223 */		or	%g0,%i3,%o0
+/* 0x0054	 232 */		sll	%o1,4,%g4
+/* 0x0058	 239 */		ld	[%o3+%g2],%g5
+/* 0x005c	 223 */		or	%g0,%i3,%i1
+/* 0x0060	 239 */		ld	[%o3+%g3],%g1
+/* 0x0064	 232 */		or	%g0,%o1,%i0
+/* 0x0068	     */		or	%g0,%o2,%i3
+/* 0x006c	 234 */		cmp	%o1,16
+/* 0x0070	     */		be,pn	%icc,.L77000279
+/* 0x0074	     */		std	%f0,[%o2+%g4]
+/* 0x0078	 236 */		sll	%o1,2,%g2
+/* 0x007c	     */		or	%g0,%o0,%o3
+/* 0x0080	 232 */		sll	%o1,1,%o1
+/* 0x0084	 236 */		add	%g2,2,%o2
+/* 0x0088	     */		cmp	%o2,0
+/* 0x008c	     */		ble,a,pt	%icc,.L900000660
+/* 0x0090	     */		ldd	[%i2],%f0
+
+!  241		      !     pdtj=&(dt[0]);
+!  242		      !     for(j=jj=0;j<2*nlen;j++,jj++,pdtj++)
+!  243		      !       {
+!  244		      !	 m2j=pdm2[j];
+!  245		      !	 a=pdtj[0]+pdn[0]*digit;
+!  246		      !	 b=pdtj[1]+pdm1[0]*pdm2[j+1]+a*TwoToMinus16;
+!  247		      !	 pdtj[1]=b;
+!  249		      !#pragma pipeloop(0)
+!  250		      !	 for(i=1;i<nlen;i++)
+!  251		      !	   {
+!  252		      !	     pdtj[2*i]+=pdm1[i]*m2j+pdn[i]*digit;
+!  253		      !	   }
+!  254		      ! 	 if((jj==30)) {cleanup(dt,j/2+1,2*nlen+1); jj=0;}
+!  255		      !	 
+!  256		      !	 digit=mod(lower32(b,Zero)*dn0,TwoToMinus16,TwoTo16);
+!  257		      !       }
+!  258		      !   }
+!  259		      ! else
+!  260		      !   {
+!  261		      !     a=dt[0]=pdm1[0]*pdm2[0];
+!  263		      !     dt[65]=     dt[64]=     dt[63]=     dt[62]=     dt[61]=     dt[60]=
+!  264		      !     dt[59]=     dt[58]=     dt[57]=     dt[56]=     dt[55]=     dt[54]=
+!  265		      !     dt[53]=     dt[52]=     dt[51]=     dt[50]=     dt[49]=     dt[48]=
+!  266		      !     dt[47]=     dt[46]=     dt[45]=     dt[44]=     dt[43]=     dt[42]=
+!  267		      !     dt[41]=     dt[40]=     dt[39]=     dt[38]=     dt[37]=     dt[36]=
+!  268		      !     dt[35]=     dt[34]=     dt[33]=     dt[32]=     dt[31]=     dt[30]=
+!  269		      !     dt[29]=     dt[28]=     dt[27]=     dt[26]=     dt[25]=     dt[24]=
+!  270		      !     dt[23]=     dt[22]=     dt[21]=     dt[20]=     dt[19]=     dt[18]=
+!  271		      !     dt[17]=     dt[16]=     dt[15]=     dt[14]=     dt[13]=     dt[12]=
+!  272		      !     dt[11]=     dt[10]=     dt[ 9]=     dt[ 8]=     dt[ 7]=     dt[ 6]=
+!  273		      !     dt[ 5]=     dt[ 4]=     dt[ 3]=     dt[ 2]=     dt[ 1]=Zero;
+!  275		      !     pdn_0=pdn[0];
+!  276		      !     pdm1_0=pdm1[0];
+!  278		      !     digit=mod(lower32(a,Zero)*dn0,TwoToMinus16,TwoTo16);
+!  279		      !     pdtj=&(dt[0]);
+!  281		      !     for(j=0;j<32;j++,pdtj++)
+
+/* 0x0094	 281 */		add	%g2,2,%o0
+/* 0x0098	 236 */		add	%g2,1,%o2
+/* 0x009c	 281 */		cmp	%o0,3
+/* 0x00a0	     */		bl,pn	%icc,.L77000280
+/* 0x00a4	     */		or	%g0,1,%o0
+/* 0x00a8	     */		add	%o3,8,%o3
+/* 0x00ac	     */		or	%g0,1,%o4
+/* 0x00b0	     */		std	%f0,[%o3-8]
+                       .L900000630:
+/* 0x00b4	     */		std	%f0,[%o3]
+/* 0x00b8	     */		add	%o4,2,%o4
+/* 0x00bc	     */		add	%o3,16,%o3
+/* 0x00c0	     */		cmp	%o4,%g2
+/* 0x00c4	     */		ble,pt	%icc,.L900000630
+/* 0x00c8	     */		std	%f0,[%o3-8]
+                       .L900000633:
+/* 0x00cc	     */		cmp	%o4,%o2
+/* 0x00d0	     */		bg,pn	%icc,.L77000285
+/* 0x00d4	     */		add	%o4,1,%o0
+                       .L77000280:
+/* 0x00d8	     */		std	%f0,[%o3]
+                       .L900000659:
+/* 0x00dc	     */		ldd	[%l0],%f0
+/* 0x00e0	     */		cmp	%o0,%o2
+/* 0x00e4	     */		add	%o3,8,%o3
+/* 0x00e8	     */		add	%o0,1,%o0
+/* 0x00ec	     */		ble,a,pt	%icc,.L900000659
+/* 0x00f0	     */		std	%f0,[%o3]
+                       .L77000285:
+/* 0x00f4	 238 */		ldd	[%i2],%f0
+                       .L900000660:
+/* 0x00f8	 238 */		ldd	[%i3],%f2
+/* 0x00fc	     */		add	%o1,1,%o2
+/* 0x0100	 242 */		cmp	%o1,0
+/* 0x0104	     */		sll	%o2,1,%o0
+/* 0x0108	     */		sub	%o1,1,%o1
+/* 0x010c	 238 */		fmuld	%f0,%f2,%f0
+/* 0x0110	     */		std	%f0,[%i1]
+/* 0x0114	   0 */		or	%g0,0,%l1
+/* 0x0118	     */		ldd	[%l0],%f6
+/* 0x011c	     */		or	%g0,0,%g4
+/* 0x0120	     */		or	%g0,%o2,%i5
+/* 0x0124	     */		ldd	[%g5],%f2
+/* 0x0128	     */		or	%g0,%o1,%g3
+/* 0x012c	     */		or	%g0,%o0,%o3
+/* 0x0130	     */		fdtox	%f0,%f0
+/* 0x0134	     */		ldd	[%g1],%f4
+/* 0x0138	 246 */		add	%i3,8,%o4
+/* 0x013c	     */		or	%g0,0,%l2
+/* 0x0140	     */		or	%g0,%i1,%o5
+/* 0x0144	     */		sub	%i0,1,%o7
+/* 0x0148	     */		fmovs	%f6,%f0
+/* 0x014c	     */		fxtod	%f0,%f0
+/* 0x0150	 239 */		fmuld	%f0,%f16,%f0
+/* 0x0154	     */		fmuld	%f0,%f2,%f2
+/* 0x0158	     */		fdtox	%f2,%f2
+/* 0x015c	     */		fxtod	%f2,%f2
+/* 0x0160	     */		fmuld	%f2,%f4,%f2
+/* 0x0164	     */		fsubd	%f0,%f2,%f22
+/* 0x0168	 242 */		ble,pt	%icc,.L900000653
+/* 0x016c	     */		sll	%i0,4,%g2
+/* 0x0170	 246 */		ldd	[%i4],%f0
+                       .L900000654:
+/* 0x0174	 246 */		fmuld	%f0,%f22,%f8
+/* 0x0178	     */		ldd	[%i2],%f0
+/* 0x017c	 250 */		cmp	%i0,1
+/* 0x0180	 246 */		ldd	[%o4+%l2],%f6
+/* 0x0184	     */		add	%i2,8,%o0
+/* 0x0188	 250 */		or	%g0,1,%o1
+/* 0x018c	 246 */		ldd	[%o5],%f2
+/* 0x0190	     */		add	%o5,16,%l3
+/* 0x0194	     */		fmuld	%f0,%f6,%f6
+/* 0x0198	     */		ldd	[%g5],%f4
+/* 0x019c	     */		faddd	%f2,%f8,%f2
+/* 0x01a0	     */		ldd	[%o5+8],%f0
+/* 0x01a4	 244 */		ldd	[%i3+%l2],%f20
+/* 0x01a8	 246 */		faddd	%f0,%f6,%f0
+/* 0x01ac	     */		fmuld	%f2,%f4,%f2
+/* 0x01b0	     */		faddd	%f0,%f2,%f18
+/* 0x01b4	 247 */		std	%f18,[%o5+8]
+/* 0x01b8	 250 */		ble,pt	%icc,.L900000658
+/* 0x01bc	     */		srl	%g4,31,%g2
+/* 0x01c0	     */		cmp	%o7,7
+/* 0x01c4	 246 */		add	%i4,8,%g2
+/* 0x01c8	 250 */		bl,pn	%icc,.L77000284
+/* 0x01cc	     */		add	%g2,24,%o2
+/* 0x01d0	 252 */		ldd	[%o0+24],%f12
+/* 0x01d4	     */		add	%o5,48,%l3
+/* 0x01d8	     */		ldd	[%o0],%f2
+/* 0x01dc	   0 */		or	%g0,%o2,%g2
+/* 0x01e0	 250 */		sub	%o7,2,%o2
+/* 0x01e4	 252 */		ldd	[%g2-24],%f0
+/* 0x01e8	     */		or	%g0,5,%o1
+/* 0x01ec	     */		ldd	[%o0+8],%f6
+/* 0x01f0	     */		fmuld	%f2,%f20,%f2
+/* 0x01f4	     */		ldd	[%o0+16],%f14
+/* 0x01f8	     */		fmuld	%f0,%f22,%f4
+/* 0x01fc	     */		add	%o0,32,%o0
+/* 0x0200	     */		ldd	[%g2-16],%f8
+/* 0x0204	     */		fmuld	%f6,%f20,%f10
+/* 0x0208	     */		ldd	[%o5+16],%f0
+/* 0x020c	     */		ldd	[%g2-8],%f6
+/* 0x0210	     */		faddd	%f2,%f4,%f4
+/* 0x0214	     */		ldd	[%o5+32],%f2
+                       .L900000642:
+/* 0x0218	 252 */		ldd	[%g2],%f24
+/* 0x021c	     */		add	%o1,3,%o1
+/* 0x0220	     */		add	%g2,24,%g2
+/* 0x0224	     */		fmuld	%f8,%f22,%f8
+/* 0x0228	     */		ldd	[%l3],%f28
+/* 0x022c	     */		cmp	%o1,%o2
+/* 0x0230	     */		add	%o0,24,%o0
+/* 0x0234	     */		ldd	[%o0-24],%f26
+/* 0x0238	     */		faddd	%f0,%f4,%f0
+/* 0x023c	     */		add	%l3,48,%l3
+/* 0x0240	     */		faddd	%f10,%f8,%f10
+/* 0x0244	     */		fmuld	%f14,%f20,%f4
+/* 0x0248	     */		std	%f0,[%l3-80]
+/* 0x024c	     */		ldd	[%g2-16],%f8
+/* 0x0250	     */		fmuld	%f6,%f22,%f6
+/* 0x0254	     */		ldd	[%l3-32],%f0
+/* 0x0258	     */		ldd	[%o0-16],%f14
+/* 0x025c	     */		faddd	%f2,%f10,%f2
+/* 0x0260	     */		faddd	%f4,%f6,%f10
+/* 0x0264	     */		fmuld	%f12,%f20,%f4
+/* 0x0268	     */		std	%f2,[%l3-64]
+/* 0x026c	     */		ldd	[%g2-8],%f6
+/* 0x0270	     */		fmuld	%f24,%f22,%f24
+/* 0x0274	     */		ldd	[%l3-16],%f2
+/* 0x0278	     */		ldd	[%o0-8],%f12
+/* 0x027c	     */		faddd	%f28,%f10,%f10
+/* 0x0280	     */		std	%f10,[%l3-48]
+/* 0x0284	     */		fmuld	%f26,%f20,%f10
+/* 0x0288	     */		ble,pt	%icc,.L900000642
+/* 0x028c	     */		faddd	%f4,%f24,%f4
+                       .L900000645:
+/* 0x0290	 252 */		fmuld	%f8,%f22,%f28
+/* 0x0294	     */		ldd	[%g2],%f24
+/* 0x0298	     */		faddd	%f0,%f4,%f26
+/* 0x029c	     */		fmuld	%f12,%f20,%f8
+/* 0x02a0	     */		add	%l3,32,%l3
+/* 0x02a4	     */		cmp	%o1,%o7
+/* 0x02a8	     */		fmuld	%f14,%f20,%f14
+/* 0x02ac	     */		ldd	[%l3-32],%f4
+/* 0x02b0	     */		add	%g2,8,%g2
+/* 0x02b4	     */		faddd	%f10,%f28,%f12
+/* 0x02b8	     */		fmuld	%f6,%f22,%f6
+/* 0x02bc	     */		ldd	[%l3-16],%f0
+/* 0x02c0	     */		fmuld	%f24,%f22,%f10
+/* 0x02c4	     */		std	%f26,[%l3-64]
+/* 0x02c8	     */		faddd	%f2,%f12,%f2
+/* 0x02cc	     */		std	%f2,[%l3-48]
+/* 0x02d0	     */		faddd	%f14,%f6,%f6
+/* 0x02d4	     */		faddd	%f8,%f10,%f2
+/* 0x02d8	     */		faddd	%f4,%f6,%f4
+/* 0x02dc	     */		std	%f4,[%l3-32]
+/* 0x02e0	     */		faddd	%f0,%f2,%f0
+/* 0x02e4	     */		bg,pn	%icc,.L77000213
+/* 0x02e8	     */		std	%f0,[%l3-16]
+                       .L77000284:
+/* 0x02ec	 252 */		ldd	[%o0],%f0
+                       .L900000657:
+/* 0x02f0	 252 */		ldd	[%g2],%f4
+/* 0x02f4	     */		fmuld	%f0,%f20,%f2
+/* 0x02f8	     */		add	%o1,1,%o1
+/* 0x02fc	     */		ldd	[%l3],%f0
+/* 0x0300	     */		add	%o0,8,%o0
+/* 0x0304	     */		add	%g2,8,%g2
+/* 0x0308	     */		fmuld	%f4,%f22,%f4
+/* 0x030c	     */		cmp	%o1,%o7
+/* 0x0310	     */		faddd	%f2,%f4,%f2
+/* 0x0314	     */		faddd	%f0,%f2,%f0
+/* 0x0318	     */		std	%f0,[%l3]
+/* 0x031c	     */		add	%l3,16,%l3
+/* 0x0320	     */		ble,a,pt	%icc,.L900000657
+/* 0x0324	     */		ldd	[%o0],%f0
+                       .L77000213:
+/* 0x0328	     */		srl	%g4,31,%g2
+                       .L900000658:
+/* 0x032c	 254 */		cmp	%l1,30
+/* 0x0330	     */		bne,a,pt	%icc,.L900000656
+/* 0x0334	     */		fdtox	%f18,%f0
+/* 0x0338	     */		add	%g4,%g2,%g2
+/* 0x033c	     */		sra	%g2,1,%o0
+/* 0x0340	 281 */		ldd	[%l0],%f0
+/* 0x0344	     */		sll	%i5,1,%o2
+/* 0x0348	     */		add	%o0,1,%g2
+/* 0x034c	     */		sll	%g2,1,%o0
+/* 0x0350	 254 */		sub	%o2,1,%o2
+/* 0x0354	 281 */		fmovd	%f0,%f2
+/* 0x0358	     */		sll	%g2,4,%o1
+/* 0x035c	     */		cmp	%o0,%o3
+/* 0x0360	     */		bge,pt	%icc,.L77000215
+/* 0x0364	     */		or	%g0,0,%l1
+/* 0x0368	 254 */		add	%i1,%o1,%o1
+/* 0x036c	 281 */		ldd	[%o1],%f6
+                       .L900000655:
+/* 0x0370	     */		fdtox	%f6,%f10
+/* 0x0374	     */		ldd	[%o1+8],%f4
+/* 0x0378	     */		add	%o0,2,%o0
+/* 0x037c	     */		ldd	[%l0],%f12
+/* 0x0380	     */		fdtox	%f6,%f6
+/* 0x0384	     */		cmp	%o0,%o2
+/* 0x0388	     */		fdtox	%f4,%f8
+/* 0x038c	     */		fdtox	%f4,%f4
+/* 0x0390	     */		fmovs	%f12,%f10
+/* 0x0394	     */		fmovs	%f12,%f8
+/* 0x0398	     */		fxtod	%f10,%f10
+/* 0x039c	     */		fxtod	%f8,%f8
+/* 0x03a0	     */		faddd	%f10,%f2,%f2
+/* 0x03a4	     */		std	%f2,[%o1]
+/* 0x03a8	     */		faddd	%f8,%f0,%f0
+/* 0x03ac	     */		std	%f0,[%o1+8]
+/* 0x03b0	     */		add	%o1,16,%o1
+/* 0x03b4	     */		fitod	%f6,%f2
+/* 0x03b8	     */		fitod	%f4,%f0
+/* 0x03bc	     */		ble,a,pt	%icc,.L900000655
+/* 0x03c0	     */		ldd	[%o1],%f6
+                       .L77000233:
+/* 0x03c4	     */		or	%g0,0,%l1
+                       .L77000215:
+/* 0x03c8	     */		fdtox	%f18,%f0
+                       .L900000656:
+/* 0x03cc	     */		ldd	[%l0],%f6
+/* 0x03d0	 256 */		add	%g4,1,%g4
+/* 0x03d4	     */		add	%l2,8,%l2
+/* 0x03d8	     */		ldd	[%g5],%f2
+/* 0x03dc	     */		add	%l1,1,%l1
+/* 0x03e0	     */		add	%o5,8,%o5
+/* 0x03e4	     */		fmovs	%f6,%f0
+/* 0x03e8	     */		ldd	[%g1],%f4
+/* 0x03ec	     */		cmp	%g4,%g3
+/* 0x03f0	     */		fxtod	%f0,%f0
+/* 0x03f4	     */		fmuld	%f0,%f16,%f0
+/* 0x03f8	     */		fmuld	%f0,%f2,%f2
+/* 0x03fc	     */		fdtox	%f2,%f2
+/* 0x0400	     */		fxtod	%f2,%f2
+/* 0x0404	     */		fmuld	%f2,%f4,%f2
+/* 0x0408	     */		fsubd	%f0,%f2,%f22
+/* 0x040c	     */		ble,a,pt	%icc,.L900000654
+/* 0x0410	     */		ldd	[%i4],%f0
+                       .L900000629:
+/* 0x0414	 256 */		ba	.L900000653
+/* 0x0418	     */		sll	%i0,4,%g2
+                       .L77000279:
+/* 0x041c	 261 */		ldd	[%o2],%f6
+/* 0x0420	 279 */		or	%g0,%o0,%o4
+/* 0x0424	 281 */		or	%g0,0,%o3
+/* 0x0428	 261 */		ldd	[%i2],%f4
+/* 0x042c	 273 */		std	%f0,[%o0+8]
+/* 0x0430	     */		std	%f0,[%o0+16]
+/* 0x0434	 261 */		fmuld	%f4,%f6,%f4
+/* 0x0438	     */		std	%f4,[%o0]
+/* 0x043c	 273 */		std	%f0,[%o0+24]
+/* 0x0440	     */		std	%f0,[%o0+32]
+/* 0x0444	     */		fdtox	%f4,%f4
+/* 0x0448	     */		std	%f0,[%o0+40]
+/* 0x044c	     */		std	%f0,[%o0+48]
+/* 0x0450	     */		std	%f0,[%o0+56]
+/* 0x0454	     */		std	%f0,[%o0+64]
+/* 0x0458	     */		std	%f0,[%o0+72]
+/* 0x045c	     */		std	%f0,[%o0+80]
+/* 0x0460	     */		std	%f0,[%o0+88]
+/* 0x0464	     */		std	%f0,[%o0+96]
+/* 0x0468	     */		std	%f0,[%o0+104]
+/* 0x046c	     */		std	%f0,[%o0+112]
+/* 0x0470	     */		std	%f0,[%o0+120]
+/* 0x0474	     */		std	%f0,[%o0+128]
+/* 0x0478	     */		std	%f0,[%o0+136]
+/* 0x047c	     */		std	%f0,[%o0+144]
+/* 0x0480	     */		std	%f0,[%o0+152]
+/* 0x0484	     */		std	%f0,[%o0+160]
+/* 0x0488	     */		std	%f0,[%o0+168]
+/* 0x048c	     */		fmovs	%f0,%f4
+/* 0x0490	     */		std	%f0,[%o0+176]
+/* 0x0494	 281 */		or	%g0,0,%o1
+/* 0x0498	 273 */		std	%f0,[%o0+184]
+/* 0x049c	     */		fxtod	%f4,%f4
+/* 0x04a0	     */		std	%f0,[%o0+192]
+/* 0x04a4	     */		std	%f0,[%o0+200]
+/* 0x04a8	     */		std	%f0,[%o0+208]
+/* 0x04ac	 278 */		fmuld	%f4,%f2,%f2
+/* 0x04b0	 273 */		std	%f0,[%o0+216]
+/* 0x04b4	     */		std	%f0,[%o0+224]
+/* 0x04b8	     */		std	%f0,[%o0+232]
+/* 0x04bc	     */		std	%f0,[%o0+240]
+/* 0x04c0	     */		std	%f0,[%o0+248]
+/* 0x04c4	     */		std	%f0,[%o0+256]
+/* 0x04c8	     */		std	%f0,[%o0+264]
+/* 0x04cc	     */		std	%f0,[%o0+272]
+/* 0x04d0	     */		std	%f0,[%o0+280]
+/* 0x04d4	     */		std	%f0,[%o0+288]
+/* 0x04d8	     */		std	%f0,[%o0+296]
+/* 0x04dc	     */		std	%f0,[%o0+304]
+/* 0x04e0	     */		std	%f0,[%o0+312]
+/* 0x04e4	     */		std	%f0,[%o0+320]
+/* 0x04e8	     */		std	%f0,[%o0+328]
+/* 0x04ec	     */		std	%f0,[%o0+336]
+/* 0x04f0	     */		std	%f0,[%o0+344]
+/* 0x04f4	     */		std	%f0,[%o0+352]
+/* 0x04f8	     */		std	%f0,[%o0+360]
+/* 0x04fc	     */		std	%f0,[%o0+368]
+/* 0x0500	     */		std	%f0,[%o0+376]
+/* 0x0504	     */		std	%f0,[%o0+384]
+/* 0x0508	     */		std	%f0,[%o0+392]
+/* 0x050c	     */		std	%f0,[%o0+400]
+/* 0x0510	     */		std	%f0,[%o0+408]
+/* 0x0514	     */		std	%f0,[%o0+416]
+/* 0x0518	     */		std	%f0,[%o0+424]
+/* 0x051c	     */		std	%f0,[%o0+432]
+/* 0x0520	     */		std	%f0,[%o0+440]
+/* 0x0524	     */		std	%f0,[%o0+448]
+/* 0x0528	     */		std	%f0,[%o0+456]
+/* 0x052c	     */		std	%f0,[%o0+464]
+/* 0x0530	     */		std	%f0,[%o0+472]
+/* 0x0534	     */		std	%f0,[%o0+480]
+/* 0x0538	     */		std	%f0,[%o0+488]
+/* 0x053c	     */		std	%f0,[%o0+496]
+/* 0x0540	     */		std	%f0,[%o0+504]
+/* 0x0544	     */		std	%f0,[%o0+512]
+/* 0x0548	     */		std	%f0,[%o0+520]
+/* 0x054c	     */		ldd	[%g5],%f0
+/* 0x0550	     */		ldd	[%g1],%f8
+/* 0x0554	     */		fmuld	%f2,%f0,%f6
+/* 0x0558	 275 */		ldd	[%i4],%f4
+/* 0x055c	 276 */		ldd	[%i2],%f0
+/* 0x0560	     */		fdtox	%f6,%f6
+/* 0x0564	     */		fxtod	%f6,%f6
+/* 0x0568	     */		fmuld	%f6,%f8,%f6
+/* 0x056c	     */		fsubd	%f2,%f6,%f2
+/* 0x0570	 286 */		fmuld	%f4,%f2,%f12
+
+!  282		      !       {
+!  284		      !	 m2j=pdm2[j];
+!  285		      !	 a=pdtj[0]+pdn_0*digit;
+!  286		      !	 b=pdtj[1]+pdm1_0*pdm2[j+1]+a*TwoToMinus16;
+
+!  287		      !	 pdtj[1]=b;
+!  289		      !	 /**** this loop will be fully unrolled:
+!  290		      !	 for(i=1;i<16;i++)
+!  291		      !	   {
+!  292		      !	     pdtj[2*i]+=pdm1[i]*m2j+pdn[i]*digit;
+!  293		      !	   }
+!  294		      !	 *************************************/
+!  295		      !	     pdtj[2]+=pdm1[1]*m2j+pdn[1]*digit;
+!  296		      !	     pdtj[4]+=pdm1[2]*m2j+pdn[2]*digit;
+!  297		      !	     pdtj[6]+=pdm1[3]*m2j+pdn[3]*digit;
+!  298		      !	     pdtj[8]+=pdm1[4]*m2j+pdn[4]*digit;
+!  299		      !	     pdtj[10]+=pdm1[5]*m2j+pdn[5]*digit;
+!  300		      !	     pdtj[12]+=pdm1[6]*m2j+pdn[6]*digit;
+!  301		      !	     pdtj[14]+=pdm1[7]*m2j+pdn[7]*digit;
+!  302		      !	     pdtj[16]+=pdm1[8]*m2j+pdn[8]*digit;
+!  303		      !	     pdtj[18]+=pdm1[9]*m2j+pdn[9]*digit;
+!  304		      !	     pdtj[20]+=pdm1[10]*m2j+pdn[10]*digit;
+!  305		      !	     pdtj[22]+=pdm1[11]*m2j+pdn[11]*digit;
+!  306		      !	     pdtj[24]+=pdm1[12]*m2j+pdn[12]*digit;
+!  307		      !	     pdtj[26]+=pdm1[13]*m2j+pdn[13]*digit;
+!  308		      !	     pdtj[28]+=pdm1[14]*m2j+pdn[14]*digit;
+!  309		      !	     pdtj[30]+=pdm1[15]*m2j+pdn[15]*digit;
+!  310		      !	 /* no need for cleenup, cannot overflow */
+!  311		      !	 digit=mod(lower32(b,Zero)*dn0,TwoToMinus16,TwoTo16);
+
+	fmovd %f2,%f0		! hand modified
+	fmovd %f16,%f18			! hand modified
+	ldd [%i4],%f2
+	ldd [%o4],%f8
+	ldd [%i2],%f10
+	ldd [%g5],%f14		! hand modified
+	ldd [%g1],%f16		! hand modified
+	ldd [%i3],%f24
+
+	ldd [%i2+8],%f26
+	ldd [%i2+16],%f40
+	ldd [%i2+48],%f46
+	ldd [%i2+56],%f30
+	ldd [%i2+64],%f54
+	ldd [%i2+104],%f34
+	ldd [%i2+112],%f58
+
+	ldd [%i4+8],%f28	
+	ldd [%i4+104],%f38
+	ldd [%i4+112],%f60
+
+	.L99999999: 			!1
+	ldd	[%i2+24],%f32
+	fmuld	%f0,%f2,%f4 	!2
+	ldd	[%i4+24],%f36
+	fmuld	%f26,%f24,%f20 	!3
+	ldd	[%i2+40],%f42
+	fmuld	%f28,%f0,%f22 	!4
+	ldd	[%i4+40],%f44
+	fmuld	%f32,%f24,%f32 	!5
+	ldd	[%i3+8],%f6
+	faddd	%f4,%f8,%f4
+	fmuld	%f36,%f0,%f36 	!6
+	add	%i3,8,%i3
+	ldd	[%i4+56],%f50
+	fmuld	%f42,%f24,%f42 	!7
+	ldd	[%i2+72],%f52
+	faddd	%f20,%f22,%f20
+	fmuld	%f44,%f0,%f44 	!8
+	ldd	[%o4+16],%f22
+	fmuld	%f10,%f6,%f12 	!9
+	ldd	[%i4+72],%f56
+	faddd	%f32,%f36,%f32
+	fmuld	%f14,%f4,%f4 !10
+	ldd	[%o4+48],%f36
+	fmuld	%f30,%f24,%f48 	!11
+	ldd	[%o4+8],%f8
+	faddd	%f20,%f22,%f20
+	fmuld	%f50,%f0,%f50	!12
+	std	%f20,[%o4+16]
+	faddd	%f42,%f44,%f42
+	fmuld	%f52,%f24,%f52 	!13
+	ldd	[%o4+80],%f44
+	faddd	%f4,%f12,%f4
+	fmuld	%f56,%f0,%f56 	!14
+	ldd	[%i2+88],%f20
+	faddd	%f32,%f36,%f32 	!15
+	ldd	[%i4+88],%f22
+	faddd	%f48,%f50,%f48 	!16
+	ldd	[%o4+112],%f50
+	faddd	%f52,%f56,%f52 	!17
+	ldd	[%o4+144],%f56
+	faddd	%f4,%f8,%f8
+	fmuld	%f20,%f24,%f20 	!18
+	std	%f32,[%o4+48]
+	faddd	%f42,%f44,%f42
+	fmuld	%f22,%f0,%f22 	!19
+	std	%f42,[%o4+80]
+	faddd	%f48,%f50,%f48
+	fmuld	%f34,%f24,%f32 	!20
+	std	%f48,[%o4+112]
+	faddd	%f52,%f56,%f52
+	fmuld	%f38,%f0,%f36 	!21
+	ldd	[%i2+120],%f42
+	fdtox	%f8,%f4 		!22
+	std	%f52,[%o4+144]
+	faddd	%f20,%f22,%f20 	!23
+	ldd	[%i4+120],%f44 	!24
+	ldd	[%o4+176],%f22
+	faddd	%f32,%f36,%f32
+	fmuld	%f42,%f24,%f42 	!25
+	ldd	[%i4+16],%f50
+	fmovs	%f17,%f4 	!26
+	ldd	[%i2+32],%f52
+	fmuld	%f44,%f0,%f44 	!27
+	ldd	[%i4+32],%f56
+	fmuld	%f40,%f24,%f48 	!28
+	ldd	[%o4+208],%f36
+	faddd	%f20,%f22,%f20
+	fmuld	%f50,%f0,%f50 	!29
+	std	%f20,[%o4+176]
+	fxtod	%f4,%f4
+	fmuld	%f52,%f24,%f52 	!30
+	ldd	[%i4+48],%f22
+	faddd	%f42,%f44,%f42
+	fmuld	%f56,%f0,%f56 	!31
+	ldd	[%o4+240],%f44
+	faddd	%f32,%f36,%f32 	!32
+	std	%f32,[%o4+208]
+	faddd	%f48,%f50,%f48
+	fmuld	%f46,%f24,%f20 	!33
+	ldd	[%o4+32],%f50
+	fmuld	%f4,%f18,%f12 	!34
+	ldd	[%i4+64],%f36
+	faddd	%f52,%f56,%f52
+	fmuld	%f22,%f0,%f22 	!35
+	ldd	[%o4+64],%f56
+	faddd	%f42,%f44,%f42 	!36
+	std	%f42,[%o4+240]
+	faddd	%f48,%f50,%f48
+	fmuld	%f54,%f24,%f32 	!37
+	std	%f48,[%o4+32]
+	fmuld	%f12,%f14,%f4 !38
+	ldd	[%i2+80],%f42
+	faddd	%f52,%f56,%f56	! yes, tmp52!
+	fmuld	%f36,%f0,%f36 	!39
+	ldd	[%i4+80],%f44
+	faddd	%f20,%f22,%f20 	!40
+	ldd	[%i2+96],%f48
+	fmuld	%f58,%f24,%f52 	!41
+	ldd	[%i4+96],%f50
+	fdtox	%f4,%f4
+	fmuld	%f42,%f24,%f42 	!42
+	std	%f56,[%o4+64]	! yes, tmp52!
+	faddd	%f32,%f36,%f32
+	fmuld	%f44,%f0,%f44 	!43
+	ldd	[%o4+96],%f22
+	fmuld	%f48,%f24,%f48 	!44
+	ldd	[%o4+128],%f36
+	fmovd	%f6,%f24
+	fmuld	%f50,%f0,%f50 	!45
+	fxtod	%f4,%f4
+	fmuld	%f60,%f0,%f56 	!46
+	add	%o4,8,%o4
+	faddd	%f42,%f44,%f42 	!47
+	ldd	[%o4+160-8],%f44
+	faddd	%f20,%f22,%f20 	!48
+	std	%f20,[%o4+96-8]
+	faddd	%f48,%f50,%f48 	!49
+	ldd	[%o4+192-8],%f50
+	faddd	%f52,%f56,%f52
+	fmuld	%f4,%f16,%f4 	!50
+	ldd	[%o4+224-8],%f56
+	faddd	%f32,%f36,%f32 	!51
+	std	%f32,[%o4+128-8]
+	faddd	%f42,%f44,%f42 	!52
+	add	%o3,1,%o3
+	std	%f42,[%o4+160-8]
+	faddd	%f48,%f50,%f48 	!53
+	cmp	%o3,31
+	std	%f48,[%o4+192-8]
+	fsubd	%f12,%f4,%f0 	!54
+	faddd	%f52,%f56,%f52
+	ble,pt	%icc,.L99999999
+	std	%f52,[%o4+224-8] 	!55
+	std %f8,[%o4]
+
+!  312		      !       }
+!  313		      !   }
+!  315		      ! conv_d16_to_i32(result,dt+2*nlen,(long long *)dt,nlen+1);
+
+/* 0x07c8	 315 */		sll	%i0,4,%g2
+                       .L900000653:
+/* 0x07cc	 315 */		add	%i1,%g2,%i1
+/* 0x07d0	 242 */		ld	[%fp+68],%o0
+/* 0x07d4	 315 */		or	%g0,0,%o4
+/* 0x07d8	     */		ldd	[%i1],%f0
+/* 0x07dc	     */		or	%g0,0,%g5
+/* 0x07e0	     */		cmp	%i0,0
+/* 0x07e4	 242 */		or	%g0,%o0,%o3
+/* 0x07e8	 311 */		sub	%i0,1,%g1
+/* 0x07ec	 315 */		fdtox	%f0,%f0
+/* 0x07f0	     */		std	%f0,[%sp+120]
+/* 0x07f4	 311 */		sethi	%hi(0xfc00),%o1
+/* 0x07f8	     */		add	%g1,1,%g3
+/* 0x07fc	     */		or	%g0,%o0,%g4
+/* 0x0800	 315 */		ldd	[%i1+8],%f0
+/* 0x0804	     */		add	%o1,1023,%o1
+/* 0x0808	     */		fdtox	%f0,%f0
+/* 0x080c	     */		std	%f0,[%sp+112]
+/* 0x0810	     */		ldx	[%sp+112],%o5
+/* 0x0814	     */		ldx	[%sp+120],%o7
+/* 0x0818	     */		ble,pt	%icc,.L900000651
+/* 0x081c	     */		sethi	%hi(0xfc00),%g2
+/* 0x0820	 311 */		or	%g0,-1,%g2
+/* 0x0824	 315 */		cmp	%g3,3
+/* 0x0828	 311 */		srl	%g2,0,%o2
+/* 0x082c	 315 */		bl,pn	%icc,.L77000287
+/* 0x0830	     */		or	%g0,%i1,%g2
+/* 0x0834	     */		ldd	[%i1+16],%f0
+/* 0x0838	     */		and	%o5,%o1,%o0
+/* 0x083c	     */		add	%i1,16,%g2
+/* 0x0840	     */		sllx	%o0,16,%g3
+/* 0x0844	     */		and	%o7,%o2,%o0
+/* 0x0848	     */		fdtox	%f0,%f0
+/* 0x084c	     */		std	%f0,[%sp+104]
+/* 0x0850	     */		add	%o0,%g3,%o4
+/* 0x0854	     */		ldd	[%i1+24],%f2
+/* 0x0858	     */		srax	%o5,16,%o0
+/* 0x085c	     */		add	%o3,4,%g4
+/* 0x0860	     */		stx	%o0,[%sp+128]
+/* 0x0864	     */		and	%o4,%o2,%o0
+/* 0x0868	     */		stx	%o0,[%sp+112]
+/* 0x086c	     */		srax	%o4,32,%o0
+/* 0x0870	     */		fdtox	%f2,%f0
+/* 0x0874	     */		stx	%o0,[%sp+136]
+/* 0x0878	     */		srax	%o7,32,%o4
+/* 0x087c	     */		std	%f0,[%sp+96]
+/* 0x0880	     */		ldx	[%sp+128],%g5
+/* 0x0884	     */		ldx	[%sp+136],%o7
+/* 0x0888	     */		ldx	[%sp+104],%g3
+/* 0x088c	     */		add	%g5,%o7,%o0
+/* 0x0890	     */		or	%g0,1,%g5
+/* 0x0894	     */		ldx	[%sp+112],%o7
+/* 0x0898	     */		add	%o4,%o0,%o4
+/* 0x089c	     */		ldx	[%sp+96],%o5
+/* 0x08a0	     */		st	%o7,[%o3]
+/* 0x08a4	     */		or	%g0,%g3,%o7
+                       .L900000634:
+/* 0x08a8	     */		ldd	[%g2+16],%f0
+/* 0x08ac	     */		add	%g5,1,%g5
+/* 0x08b0	     */		add	%g4,4,%g4
+/* 0x08b4	     */		cmp	%g5,%g1
+/* 0x08b8	     */		add	%g2,16,%g2
+/* 0x08bc	     */		fdtox	%f0,%f0
+/* 0x08c0	     */		std	%f0,[%sp+104]
+/* 0x08c4	     */		ldd	[%g2+8],%f0
+/* 0x08c8	     */		fdtox	%f0,%f0
+/* 0x08cc	     */		std	%f0,[%sp+96]
+/* 0x08d0	     */		and	%o5,%o1,%g3
+/* 0x08d4	     */		sllx	%g3,16,%g3
+/* 0x08d8	     */		stx	%g3,[%sp+120]
+/* 0x08dc	     */		and	%o7,%o2,%g3
+/* 0x08e0	     */		stx	%o7,[%sp+128]
+/* 0x08e4	     */		ldx	[%sp+120],%o7
+/* 0x08e8	     */		add	%g3,%o7,%g3
+/* 0x08ec	     */		ldx	[%sp+128],%o7
+/* 0x08f0	     */		srax	%o5,16,%o5
+/* 0x08f4	     */		add	%g3,%o4,%g3
+/* 0x08f8	     */		srax	%g3,32,%o4
+/* 0x08fc	     */		stx	%o4,[%sp+112]
+/* 0x0900	     */		srax	%o7,32,%o4
+/* 0x0904	     */		ldx	[%sp+112],%o7
+/* 0x0908	     */		add	%o5,%o7,%o7
+/* 0x090c	     */		ldx	[%sp+96],%o5
+/* 0x0910	     */		add	%o4,%o7,%o4
+/* 0x0914	     */		and	%g3,%o2,%g3
+/* 0x0918	     */		ldx	[%sp+104],%o7
+/* 0x091c	     */		ble,pt	%icc,.L900000634
+/* 0x0920	     */		st	%g3,[%g4-4]
+                       .L900000637:
+/* 0x0924	     */		ba	.L900000651
+/* 0x0928	     */		sethi	%hi(0xfc00),%g2
+                       .L77000287:
+/* 0x092c	     */		ldd	[%g2+16],%f0
+                       .L900000650:
+/* 0x0930	     */		and	%o7,%o2,%o0
+/* 0x0934	     */		and	%o5,%o1,%g3
+/* 0x0938	     */		fdtox	%f0,%f0
+/* 0x093c	     */		add	%o4,%o0,%o0
+/* 0x0940	     */		std	%f0,[%sp+104]
+/* 0x0944	     */		add	%g5,1,%g5
+/* 0x0948	     */		sllx	%g3,16,%o4
+/* 0x094c	     */		ldd	[%g2+24],%f2
+/* 0x0950	     */		add	%g2,16,%g2
+/* 0x0954	     */		add	%o0,%o4,%o4
+/* 0x0958	     */		cmp	%g5,%g1
+/* 0x095c	     */		srax	%o5,16,%o0
+/* 0x0960	     */		stx	%o0,[%sp+112]
+/* 0x0964	     */		and	%o4,%o2,%g3
+/* 0x0968	     */		srax	%o4,32,%o5
+/* 0x096c	     */		fdtox	%f2,%f0
+/* 0x0970	     */		std	%f0,[%sp+96]
+/* 0x0974	     */		srax	%o7,32,%o4
+/* 0x0978	     */		ldx	[%sp+112],%o7
+/* 0x097c	     */		add	%o7,%o5,%o7
+/* 0x0980	     */		ldx	[%sp+104],%o5
+/* 0x0984	     */		add	%o4,%o7,%o4
+/* 0x0988	     */		ldx	[%sp+96],%o0
+/* 0x098c	     */		st	%g3,[%g4]
+/* 0x0990	     */		or	%g0,%o5,%o7
+/* 0x0994	     */		add	%g4,4,%g4
+/* 0x0998	     */		or	%g0,%o0,%o5
+/* 0x099c	     */		ble,a,pt	%icc,.L900000650
+/* 0x09a0	     */		ldd	[%g2+16],%f0
+                       .L77000236:
+/* 0x09a4	     */		sethi	%hi(0xfc00),%g2
+                       .L900000651:
+/* 0x09a8	     */		or	%g0,-1,%o0
+/* 0x09ac	     */		add	%g2,1023,%g2
+/* 0x09b0	     */		ld	[%fp+88],%o1
+/* 0x09b4	     */		srl	%o0,0,%g3
+/* 0x09b8	     */		and	%o5,%g2,%g2
+/* 0x09bc	     */		and	%o7,%g3,%g4
+
+!  317		      ! adjust_montf_result(result,nint,nlen); 
+
+/* 0x09c0	 317 */		or	%g0,-1,%o5
+/* 0x09c4	 311 */		sllx	%g2,16,%g2
+/* 0x09c8	     */		add	%o4,%g4,%g4
+/* 0x09cc	     */		add	%g4,%g2,%g2
+/* 0x09d0	     */		sll	%g5,2,%g4
+/* 0x09d4	     */		and	%g2,%g3,%g2
+/* 0x09d8	     */		st	%g2,[%o3+%g4]
+/* 0x09dc	 317 */		sll	%i0,2,%g2
+/* 0x09e0	     */		ld	[%o3+%g2],%g2
+/* 0x09e4	     */		cmp	%g2,0
+/* 0x09e8	     */		bleu,pn	%icc,.L77000241
+/* 0x09ec	     */		or	%g0,%o1,%o2
+/* 0x09f0	     */		ba	.L900000649
+/* 0x09f4	     */		cmp	%o5,0
+                       .L77000241:
+/* 0x09f8	     */		sub	%i0,1,%o5
+/* 0x09fc	     */		sll	%o5,2,%g2
+/* 0x0a00	     */		cmp	%o5,0
+/* 0x0a04	     */		bl,pt	%icc,.L900000649
+/* 0x0a08	     */		cmp	%o5,0
+/* 0x0a0c	     */		add	%o1,%g2,%o1
+/* 0x0a10	     */		add	%o3,%g2,%o4
+/* 0x0a14	     */		ld	[%o1],%g2
+                       .L900000648:
+/* 0x0a18	     */		ld	[%o4],%g3
+/* 0x0a1c	     */		sub	%o5,1,%o0
+/* 0x0a20	     */		sub	%o1,4,%o1
+/* 0x0a24	     */		sub	%o4,4,%o4
+/* 0x0a28	     */		cmp	%g3,%g2
+/* 0x0a2c	     */		bne,pn	%icc,.L77000244
+/* 0x0a30	     */		nop
+/* 0x0a34	   0 */		or	%g0,%o0,%o5
+/* 0x0a38	 317 */		cmp	%o0,0
+/* 0x0a3c	     */		bge,a,pt	%icc,.L900000648
+/* 0x0a40	     */		ld	[%o1],%g2
+                       .L77000244:
+/* 0x0a44	     */		cmp	%o5,0
+                       .L900000649:
+/* 0x0a48	     */		bl,pn	%icc,.L77000288
+/* 0x0a4c	     */		sll	%o5,2,%g2
+/* 0x0a50	     */		ld	[%o2+%g2],%g3
+/* 0x0a54	     */		ld	[%o3+%g2],%g2
+/* 0x0a58	     */		cmp	%g2,%g3
+/* 0x0a5c	     */		bleu,pt	%icc,.L77000224
+/* 0x0a60	     */		nop
+                       .L77000288:
+/* 0x0a64	     */		cmp	%i0,0
+/* 0x0a68	     */		ble,pt	%icc,.L77000224
+/* 0x0a6c	     */		nop
+/* 0x0a70	 317 */		sub	%i0,1,%o7
+/* 0x0a74	     */		or	%g0,-1,%g2
+/* 0x0a78	     */		srl	%g2,0,%o4
+/* 0x0a7c	     */		add	%o7,1,%o0
+/* 0x0a80	 315 */		or	%g0,0,%o5
+/* 0x0a84	     */		or	%g0,0,%g1
+/* 0x0a88	     */		cmp	%o0,3
+/* 0x0a8c	     */		bl,pn	%icc,.L77000289
+/* 0x0a90	     */		add	%o3,8,%o1
+/* 0x0a94	     */		add	%o2,4,%o0
+/* 0x0a98	     */		ld	[%o1-8],%g2
+/* 0x0a9c	   0 */		or	%g0,%o1,%o3
+/* 0x0aa0	 315 */		ld	[%o0-4],%g3
+/* 0x0aa4	   0 */		or	%g0,%o0,%o2
+/* 0x0aa8	 315 */		or	%g0,2,%g1
+/* 0x0aac	     */		ld	[%o3-4],%o0
+/* 0x0ab0	     */		sub	%g2,%g3,%g2
+/* 0x0ab4	     */		or	%g0,%g2,%o5
+/* 0x0ab8	     */		and	%g2,%o4,%g2
+/* 0x0abc	     */		st	%g2,[%o3-8]
+/* 0x0ac0	     */		srax	%o5,32,%o5
+                       .L900000638:
+/* 0x0ac4	     */		ld	[%o2],%g2
+/* 0x0ac8	     */		add	%g1,1,%g1
+/* 0x0acc	     */		add	%o2,4,%o2
+/* 0x0ad0	     */		cmp	%g1,%o7
+/* 0x0ad4	     */		add	%o3,4,%o3
+/* 0x0ad8	     */		sub	%o0,%g2,%o0
+/* 0x0adc	     */		add	%o0,%o5,%o5
+/* 0x0ae0	     */		and	%o5,%o4,%g2
+/* 0x0ae4	     */		ld	[%o3-4],%o0
+/* 0x0ae8	     */		st	%g2,[%o3-8]
+/* 0x0aec	     */		ble,pt	%icc,.L900000638
+/* 0x0af0	     */		srax	%o5,32,%o5
+                       .L900000641:
+/* 0x0af4	     */		ld	[%o2],%o1
+/* 0x0af8	     */		sub	%o0,%o1,%o0
+/* 0x0afc	     */		add	%o0,%o5,%o0
+/* 0x0b00	     */		and	%o0,%o4,%o1
+/* 0x0b04	     */		st	%o1,[%o3-4]
+/* 0x0b08	     */		ret	! Result = 
+/* 0x0b0c	     */		restore	%g0,%g0,%g0
+                       .L77000289:
+/* 0x0b10	     */		ld	[%o3],%o0
+                       .L900000647:
+/* 0x0b14	     */		ld	[%o2],%o1
+/* 0x0b18	     */		add	%o5,%o0,%o0
+/* 0x0b1c	     */		add	%g1,1,%g1
+/* 0x0b20	     */		add	%o2,4,%o2
+/* 0x0b24	     */		cmp	%g1,%o7
+/* 0x0b28	     */		sub	%o0,%o1,%o0
+/* 0x0b2c	     */		and	%o0,%o4,%o1
+/* 0x0b30	     */		st	%o1,[%o3]
+/* 0x0b34	     */		add	%o3,4,%o3
+/* 0x0b38	     */		srax	%o0,32,%o5
+/* 0x0b3c	     */		ble,a,pt	%icc,.L900000647
+/* 0x0b40	     */		ld	[%o3],%o0
+                       .L77000224:
+/* 0x0b44	     */		ret	! Result = 
+/* 0x0b48	     */		restore	%g0,%g0,%g0
+/* 0x0b4c	   0 */		.type	mont_mulf_noconv,2
+/* 0x0b4c	     */		.size	mont_mulf_noconv,(.-mont_mulf_noconv)
+
diff --git a/security/nss/lib/freebl/mpi/montmulfv9.il b/security/nss/lib/freebl/mpi/montmulfv9.il
new file mode 100644
index 000000000..a37fdc768
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/montmulfv9.il
@@ -0,0 +1,126 @@
+!  
+! ***** BEGIN LICENSE BLOCK *****
+! Version: MPL 1.1/GPL 2.0/LGPL 2.1
+!
+! The contents of this file are subject to the Mozilla Public License Version
+! 1.1 (the "License"); you may not use this file except in compliance with
+! the License. You may obtain a copy of the License at
+! http://www.mozilla.org/MPL/
+!
+! Software distributed under the License is distributed on an "AS IS" basis,
+! WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+! for the specific language governing rights and limitations under the
+! License.
+!
+! The Original Code is inline macros for SPARC Montgomery multiply functions.
+!
+! The Initial Developer of the Original Code is
+! Sun Microsystems Inc.
+! Portions created by the Initial Developer are Copyright (C) 1999-2000
+! the Initial Developer. All Rights Reserved.
+!
+! Contributor(s):
+!
+! Alternatively, the contents of this file may be used under the terms of
+! either the GNU General Public License Version 2 or later (the "GPL"), or
+! the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+! in which case the provisions of the GPL or the LGPL are applicable instead
+! of those above. If you wish to allow use of your version of this file only
+! under the terms of either the GPL or the LGPL, and not to allow others to
+! use your version of this file under the terms of the MPL, indicate your
+! decision by deleting the provisions above and replace them with the notice
+! and other provisions required by the GPL or the LGPL. If you do not delete
+! the provisions above, a recipient may use your version of this file under
+! the terms of any one of the MPL, the GPL or the LGPL.
+!
+! ***** END LICENSE BLOCK *****
+! $Id$
+
+!
+! double upper32(double /*frs1*/);
+!
+        .inline upper32,8
+	fdtox	%f0,%f10
+	fitod	%f10,%f0
+        .end
+
+!
+! double lower32(double /*frs1*/, double /* Zero */);
+!
+        .inline lower32,8
+	fdtox	%f0,%f10
+	fmovs	%f2,%f10
+	fxtod	%f10,%f0
+        .end
+
+!
+! double mod(double /*x*/, double /*1/m*/, double /*m*/);
+!
+        .inline mod,12
+	fmuld	%f0,%f2,%f2
+	fdtox	%f2,%f2
+	fxtod	%f2,%f2
+	fmuld	%f2,%f4,%f2
+	fsubd	%f0,%f2,%f0
+        .end
+
+
+!
+! void i16_to_d16_and_d32x4(double * /*1/(2^16)*/, double * /* 2^16*/,
+!			    double * /* 0 */,
+!			    double * /*result16*/, double * /* result32 */
+!			    float *  /*source - should be unsigned int*
+!		            	       converted to float* */);
+!
+        .inline i16_to_d16_and_d32x4,24
+        ldd     [%o0],%f2  ! 1/(2^16)
+        ldd     [%o1],%f4  ! 2^16
+	ldd	[%o2],%f22
+
+	fmovd	%f22,%f6
+	ld	[%o5],%f7
+	fmovd	%f22,%f10
+	ld	[%o5+4],%f11
+	fmovd	%f22,%f14
+	ld	[%o5+8],%f15
+	fmovd	%f22,%f18
+	ld	[%o5+12],%f19
+	fxtod	%f6,%f6
+	std	%f6,[%o4]
+	fxtod	%f10,%f10
+	std	%f10,[%o4+8]
+	fxtod	%f14,%f14
+	std	%f14,[%o4+16]
+	fxtod	%f18,%f18
+	std	%f18,[%o4+24]
+	fmuld	%f2,%f6,%f8
+	fmuld	%f2,%f10,%f12
+	fmuld	%f2,%f14,%f16
+	fmuld	%f2,%f18,%f20
+	fdtox	%f8,%f8
+	fdtox	%f12,%f12
+	fdtox	%f16,%f16
+	fdtox	%f20,%f20
+	fxtod	%f8,%f8
+	std	%f8,[%o3+8]
+	fxtod	%f12,%f12
+	std	%f12,[%o3+24]
+	fxtod	%f16,%f16
+	std	%f16,[%o3+40]
+	fxtod	%f20,%f20
+	std	%f20,[%o3+56]
+	fmuld	%f8,%f4,%f8
+	fmuld	%f12,%f4,%f12
+	fmuld	%f16,%f4,%f16
+	fmuld	%f20,%f4,%f20
+	fsubd	%f6,%f8,%f8
+	std	%f8,[%o3]
+	fsubd	%f10,%f12,%f12
+	std	%f12,[%o3+16]
+	fsubd	%f14,%f16,%f16
+	std	%f16,[%o3+32]
+	fsubd	%f18,%f20,%f20
+	std	%f20,[%o3+48]
+        .end
+
+
diff --git a/security/nss/lib/freebl/mpi/montmulfv9.s b/security/nss/lib/freebl/mpi/montmulfv9.s
new file mode 100644
index 000000000..143601004
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/montmulfv9.s
@@ -0,0 +1,2380 @@
+!  
+! ***** BEGIN LICENSE BLOCK *****
+! Version: MPL 1.1/GPL 2.0/LGPL 2.1
+!
+! The contents of this file are subject to the Mozilla Public License Version
+! 1.1 (the "License"); you may not use this file except in compliance with
+! the License. You may obtain a copy of the License at
+! http://www.mozilla.org/MPL/
+!
+! Software distributed under the License is distributed on an "AS IS" basis,
+! WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+! for the specific language governing rights and limitations under the
+! License.
+!
+! The Original Code is SPARC hand-optimized Montgomery multiply functions.
+!
+! The Initial Developer of the Original Code is
+! Sun Microsystems Inc.
+! Portions created by the Initial Developer are Copyright (C) 1999-2000
+! the Initial Developer. All Rights Reserved.
+!
+! Contributor(s):
+!
+! Alternatively, the contents of this file may be used under the terms of
+! either the GNU General Public License Version 2 or later (the "GPL"), or
+! the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+! in which case the provisions of the GPL or the LGPL are applicable instead
+! of those above. If you wish to allow use of your version of this file only
+! under the terms of either the GPL or the LGPL, and not to allow others to
+! use your version of this file under the terms of the MPL, indicate your
+! decision by deleting the provisions above and replace them with the notice
+! and other provisions required by the GPL or the LGPL. If you do not delete
+! the provisions above, a recipient may use your version of this file under
+! the terms of any one of the MPL, the GPL or the LGPL.
+!
+! ***** END LICENSE BLOCK *****
+
+	.section	".text",#alloc,#execinstr
+	.file	"montmulf.c"
+
+	.section	".rodata",#alloc
+	.global	TwoTo16
+	.align	8
+!
+! CONSTANT POOL
+!
+	.global TwoTo16
+TwoTo16:
+	.word	1089470464
+	.word	0
+	.type	TwoTo16,#object
+	.size	TwoTo16,8
+	.global	TwoToMinus16
+!
+! CONSTANT POOL
+!
+	.global TwoToMinus16
+TwoToMinus16:
+	.word	1055916032
+	.word	0
+	.type	TwoToMinus16,#object
+	.size	TwoToMinus16,8
+	.global	Zero
+!
+! CONSTANT POOL
+!
+	.global Zero
+Zero:
+	.word	0
+	.word	0
+	.type	Zero,#object
+	.size	Zero,8
+	.global	TwoTo32
+!
+! CONSTANT POOL
+!
+	.global TwoTo32
+TwoTo32:
+	.word	1106247680
+	.word	0
+	.type	TwoTo32,#object
+	.size	TwoTo32,8
+	.global	TwoToMinus32
+!
+! CONSTANT POOL
+!
+	.global TwoToMinus32
+TwoToMinus32:
+	.word	1039138816
+	.word	0
+	.type	TwoToMinus32,#object
+	.size	TwoToMinus32,8
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 */		.register	%g3,#scratch
+/* 000000	     */		.register	%g2,#scratch
+/* 000000	   0 */		.align	8
+!
+! SUBROUTINE conv_d16_to_i32
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION
+
+                       	.global conv_d16_to_i32
+                       conv_d16_to_i32:
+/* 000000	     */		save	%sp,-208,%sp
+! FILE montmulf.c
+
+!    1		      !/*
+!    2		      ! * The contents of this file are subject to the Mozilla Public
+!    3		      ! * License Version 1.1 (the "License"); you may not use this file
+!    4		      ! * except in compliance with the License. You may obtain a copy of
+!    5		      ! * the License at http://www.mozilla.org/MPL/
+!    6		      ! * 
+!    7		      ! * Software distributed under the License is distributed on an "AS
+!    8		      ! * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+!    9		      ! * implied. See the License for the specific language governing
+!   10		      ! * rights and limitations under the License.
+!   11		      ! * 
+!   12		      ! * The Original Code is SPARC optimized Montgomery multiply functions.
+!   13		      ! *
+!   14		      ! * The Initial Developer of the Original Code is Sun Microsystems Inc.
+!   15		      ! * Portions created by Sun Microsystems Inc. are 
+!   16		      ! * Copyright (C) 1999-2000 Sun Microsystems Inc.  All Rights Reserved.
+!   17		      ! * 
+!   18		      ! * Contributor(s):
+!   19		      ! *	Netscape Communications Corporation
+!   20		      ! * 
+!   21		      ! * Alternatively, the contents of this file may be used under the
+!   22		      ! * terms of the GNU General Public License Version 2 or later (the
+!   23		      ! * "GPL"), in which case the provisions of the GPL are applicable 
+!   24		      ! * instead of those above.	If you wish to allow use of your 
+!   25		      ! * version of this file only under the terms of the GPL and not to
+!   26		      ! * allow others to use your version of this file under the MPL,
+!   27		      ! * indicate your decision by deleting the provisions above and
+!   28		      ! * replace them with the notice and other provisions required by
+!   29		      ! * the GPL.  If you do not delete the provisions above, a recipient
+!   30		      ! * may use your version of this file under either the MPL or the
+!   31		      ! * GPL.
+!   32		      ! *
+!   33		      ! *  $Id$
+!   34		      ! */
+!   36		      !#define RF_INLINE_MACROS
+!   38		      !static const double TwoTo16=65536.0;
+!   39		      !static const double TwoToMinus16=1.0/65536.0;
+!   40		      !static const double Zero=0.0;
+!   41		      !static const double TwoTo32=65536.0*65536.0;
+!   42		      !static const double TwoToMinus32=1.0/(65536.0*65536.0);
+!   44		      !#ifdef RF_INLINE_MACROS
+!   46		      !double upper32(double);
+!   47		      !double lower32(double, double);
+!   48		      !double mod(double, double, double);
+!   50		      !void i16_to_d16_and_d32x4(const double * /*1/(2^16)*/, 
+!   51		      !			  const double * /* 2^16*/,
+!   52		      !			  const double * /* 0 */,
+!   53		      !			  double *       /*result16*/, 
+!   54		      !			  double *       /* result32 */,
+!   55		      !			  float *  /*source - should be unsigned int*
+!   56		      !		          	       converted to float* */);
+!   58		      !#else
+!   60		      !static double upper32(double x)
+!   61		      !{
+!   62		      !  return floor(x*TwoToMinus32);
+!   63		      !}
+!   65		      !static double lower32(double x, double y)
+!   66		      !{
+!   67		      !  return x-TwoTo32*floor(x*TwoToMinus32);
+!   68		      !}
+!   70		      !static double mod(double x, double oneoverm, double m)
+!   71		      !{
+!   72		      !  return x-m*floor(x*oneoverm);
+!   73		      !}
+!   75		      !#endif
+!   78		      !static void cleanup(double *dt, int from, int tlen)
+!   79		      !{
+!   80		      ! int i;
+!   81		      ! double tmp,tmp1,x,x1;
+!   83		      ! tmp=tmp1=Zero;
+!   84		      ! /* original code **
+!   85		      ! for(i=2*from;i<2*tlen-2;i++)
+!   86		      !   {
+!   87		      !     x=dt[i];
+!   88		      !     dt[i]=lower32(x,Zero)+tmp1;
+!   89		      !     tmp1=tmp;
+!   90		      !     tmp=upper32(x);
+!   91		      !   }
+!   92		      ! dt[tlen-2]+=tmp1;
+!   93		      ! dt[tlen-1]+=tmp;
+!   94		      ! **end original code ***/
+!   95		      ! /* new code ***/
+!   96		      ! for(i=2*from;i<2*tlen;i+=2)
+!   97		      !   {
+!   98		      !     x=dt[i];
+!   99		      !     x1=dt[i+1];
+!  100		      !     dt[i]=lower32(x,Zero)+tmp;
+!  101		      !     dt[i+1]=lower32(x1,Zero)+tmp1;
+!  102		      !     tmp=upper32(x);
+!  103		      !     tmp1=upper32(x1);
+!  104		      !   }
+!  105		      !  /** end new code **/
+!  106		      !}
+!  109		      !void conv_d16_to_i32(unsigned int *i32, double *d16, long long *tmp, int ilen)
+!  110		      !{
+!  111		      !int i;
+!  112		      !long long t, t1, a, b, c, d;
+!  114		      ! t1=0;
+!  115		      ! a=(long long)d16[0];
+
+/* 0x0004	 115 */		ldd	[%i1],%f2
+
+!  116		      ! b=(long long)d16[1];
+!  117		      ! for(i=0; i<ilen-1; i++)
+
+/* 0x0008	 117 */		sub	%i3,1,%o1
+/* 0x000c	 110 */		or	%g0,%i0,%g1
+/* 0x0010	 116 */		ldd	[%i1+8],%f4
+/* 0x0014	 117 */		cmp	%o1,0
+/* 0x0018	 114 */		or	%g0,0,%g5
+/* 0x001c	 115 */		fdtox	%f2,%f2
+/* 0x0020	     */		std	%f2,[%sp+2247]
+/* 0x0024	 117 */		or	%g0,0,%o0
+/* 0x0028	 116 */		fdtox	%f4,%f2
+/* 0x002c	     */		std	%f2,[%sp+2239]
+/* 0x0030	 110 */		sub	%o1,1,%o7
+/* 0x0034	     */		or	%g0,%i1,%o4
+/* 0x0038	     */		sethi	%hi(0xfc00),%o3
+/* 0x003c	     */		or	%g0,-1,%o1
+/* 0x0040	     */		or	%g0,2,%i1
+/* 0x0044	     */		srl	%o1,0,%g3
+/* 0x0048	     */		or	%g0,%o4,%g4
+/* 0x004c	 116 */		ldx	[%sp+2239],%i2
+/* 0x0050	     */		add	%o3,1023,%o5
+/* 0x0054	 117 */		sub	%o7,1,%o2
+/* 0x0058	 115 */		ldx	[%sp+2247],%i3
+/* 0x005c	 117 */		ble,pt	%icc,.L900000113
+/* 0x0060	     */		sethi	%hi(0xfc00),%g2
+/* 0x0064	     */		add	%o7,1,%g2
+
+!  118		      !   {
+!  119		      !     c=(long long)d16[2*i+2];
+!  120		      !     t1+=a&0xffffffff;
+!  121		      !     t=(a>>32);
+!  122		      !     d=(long long)d16[2*i+3];
+!  123		      !     t1+=(b&0xffff)<<16;
+
+/* 0x0068	 123 */		and	%i2,%o5,%i4
+/* 0x006c	     */		sllx	%i4,16,%o1
+/* 0x0070	 117 */		cmp	%g2,6
+/* 0x0074	     */		bl,pn	%icc,.L77000134
+/* 0x0078	     */		or	%g0,3,%i0
+/* 0x007c	 119 */		ldd	[%o4+16],%f0
+/* 0x0080	 120 */		and	%i3,%g3,%o3
+
+!  124		      !     t+=(b>>16)+(t1>>32);
+
+/* 0x0084	 124 */		srax	%i2,16,%i5
+/* 0x0088	 117 */		add	%o3,%o1,%i4
+/* 0x008c	 121 */		srax	%i3,32,%i3
+/* 0x0090	 119 */		fdtox	%f0,%f0
+/* 0x0094	     */		std	%f0,[%sp+2231]
+
+!  125		      !     i32[i]=t1&0xffffffff;
+
+/* 0x0098	 125 */		and	%i4,%g3,%l0
+/* 0x009c	 117 */		or	%g0,72,%o3
+/* 0x00a0	 122 */		ldd	[%g4+24],%f0
+/* 0x00a4	 117 */		or	%g0,64,%o4
+/* 0x00a8	     */		or	%g0,4,%o1
+
+!  126		      !     t1=t;
+!  127		      !     a=c;
+!  128		      !     b=d;
+
+/* 0x00ac	 128 */		or	%g0,5,%i0
+/* 0x00b0	     */		or	%g0,4,%i1
+/* 0x00b4	 119 */		ldx	[%sp+2231],%g2
+/* 0x00b8	 122 */		fdtox	%f0,%f0
+/* 0x00bc	 128 */		or	%g0,4,%o0
+/* 0x00c0	 122 */		std	%f0,[%sp+2223]
+/* 0x00c4	     */		ldd	[%g4+40],%f2
+/* 0x00c8	 120 */		and	%g2,%g3,%i2
+/* 0x00cc	 119 */		ldd	[%g4+32],%f0
+/* 0x00d0	 121 */		srax	%g2,32,%g2
+/* 0x00d4	 122 */		ldd	[%g4+56],%f4
+/* 0x00d8	     */		fdtox	%f2,%f2
+/* 0x00dc	     */		ldx	[%sp+2223],%g5
+/* 0x00e0	 119 */		fdtox	%f0,%f0
+/* 0x00e4	 125 */		st	%l0,[%g1]
+/* 0x00e8	 124 */		srax	%i4,32,%l0
+/* 0x00ec	 122 */		fdtox	%f4,%f4
+/* 0x00f0	     */		std	%f2,[%sp+2223]
+/* 0x00f4	 123 */		and	%g5,%o5,%i4
+/* 0x00f8	 124 */		add	%i5,%l0,%i5
+/* 0x00fc	 119 */		std	%f0,[%sp+2231]
+/* 0x0100	 123 */		sllx	%i4,16,%i4
+/* 0x0104	 124 */		add	%i3,%i5,%i3
+/* 0x0108	 119 */		ldd	[%g4+48],%f2
+/* 0x010c	 124 */		srax	%g5,16,%g5
+/* 0x0110	 117 */		add	%i2,%i4,%i2
+/* 0x0114	 122 */		ldd	[%g4+72],%f0
+/* 0x0118	 117 */		add	%i2,%i3,%i4
+/* 0x011c	 124 */		srax	%i4,32,%i5
+/* 0x0120	 119 */		fdtox	%f2,%f2
+/* 0x0124	 125 */		and	%i4,%g3,%i4
+/* 0x0128	 122 */		ldx	[%sp+2223],%i2
+/* 0x012c	 124 */		add	%g5,%i5,%g5
+/* 0x0130	 119 */		ldx	[%sp+2231],%i3
+/* 0x0134	 124 */		add	%g2,%g5,%g5
+/* 0x0138	 119 */		std	%f2,[%sp+2231]
+/* 0x013c	 122 */		std	%f4,[%sp+2223]
+/* 0x0140	 119 */		ldd	[%g4+64],%f2
+/* 0x0144	 125 */		st	%i4,[%g1+4]
+                       .L900000108:
+/* 0x0148	 122 */		ldx	[%sp+2223],%i4
+/* 0x014c	 128 */		add	%o0,2,%o0
+/* 0x0150	     */		add	%i0,4,%i0
+/* 0x0154	 119 */		ldx	[%sp+2231],%l0
+/* 0x0158	 117 */		add	%o3,16,%o3
+/* 0x015c	 123 */		and	%i2,%o5,%g2
+/* 0x0160	     */		sllx	%g2,16,%i5
+/* 0x0164	 120 */		and	%i3,%g3,%g2
+/* 0x0168	 122 */		ldd	[%g4+%o3],%f4
+/* 0x016c	     */		fdtox	%f0,%f0
+/* 0x0170	     */		std	%f0,[%sp+2223]
+/* 0x0174	 124 */		srax	%i2,16,%i2
+/* 0x0178	 117 */		add	%g2,%i5,%g2
+/* 0x017c	 119 */		fdtox	%f2,%f0
+/* 0x0180	 117 */		add	%o4,16,%o4
+/* 0x0184	 119 */		std	%f0,[%sp+2231]
+/* 0x0188	 117 */		add	%g2,%g5,%g2
+/* 0x018c	 119 */		ldd	[%g4+%o4],%f2
+/* 0x0190	 124 */		srax	%g2,32,%i5
+/* 0x0194	 128 */		cmp	%o0,%o2
+/* 0x0198	 121 */		srax	%i3,32,%g5
+/* 0x019c	 124 */		add	%i2,%i5,%i2
+/* 0x01a0	     */		add	%g5,%i2,%i5
+/* 0x01a4	 117 */		add	%o1,4,%o1
+/* 0x01a8	 125 */		and	%g2,%g3,%g2
+/* 0x01ac	 127 */		or	%g0,%l0,%g5
+/* 0x01b0	 125 */		st	%g2,[%g1+%o1]
+/* 0x01b4	 128 */		add	%i1,4,%i1
+/* 0x01b8	 122 */		ldx	[%sp+2223],%i2
+/* 0x01bc	 119 */		ldx	[%sp+2231],%i3
+/* 0x01c0	 117 */		add	%o3,16,%o3
+/* 0x01c4	 123 */		and	%i4,%o5,%g2
+/* 0x01c8	     */		sllx	%g2,16,%l0
+/* 0x01cc	 120 */		and	%g5,%g3,%g2
+/* 0x01d0	 122 */		ldd	[%g4+%o3],%f0
+/* 0x01d4	     */		fdtox	%f4,%f4
+/* 0x01d8	     */		std	%f4,[%sp+2223]
+/* 0x01dc	 124 */		srax	%i4,16,%i4
+/* 0x01e0	 117 */		add	%g2,%l0,%g2
+/* 0x01e4	 119 */		fdtox	%f2,%f2
+/* 0x01e8	 117 */		add	%o4,16,%o4
+/* 0x01ec	 119 */		std	%f2,[%sp+2231]
+/* 0x01f0	 117 */		add	%g2,%i5,%g2
+/* 0x01f4	 119 */		ldd	[%g4+%o4],%f2
+/* 0x01f8	 124 */		srax	%g2,32,%i5
+/* 0x01fc	 121 */		srax	%g5,32,%g5
+/* 0x0200	 124 */		add	%i4,%i5,%i4
+/* 0x0204	     */		add	%g5,%i4,%g5
+/* 0x0208	 117 */		add	%o1,4,%o1
+/* 0x020c	 125 */		and	%g2,%g3,%g2
+/* 0x0210	 128 */		ble,pt	%icc,.L900000108
+/* 0x0214	     */		st	%g2,[%g1+%o1]
+                       .L900000111:
+/* 0x0218	 122 */		ldx	[%sp+2223],%o2
+/* 0x021c	 123 */		and	%i2,%o5,%i4
+/* 0x0220	 120 */		and	%i3,%g3,%g2
+/* 0x0224	 123 */		sllx	%i4,16,%i4
+/* 0x0228	 119 */		ldx	[%sp+2231],%i5
+/* 0x022c	 128 */		cmp	%o0,%o7
+/* 0x0230	 124 */		srax	%i2,16,%i2
+/* 0x0234	 117 */		add	%g2,%i4,%g2
+/* 0x0238	 122 */		fdtox	%f0,%f4
+/* 0x023c	     */		std	%f4,[%sp+2223]
+/* 0x0240	 117 */		add	%g2,%g5,%g5
+/* 0x0244	 123 */		and	%o2,%o5,%l0
+/* 0x0248	 124 */		srax	%g5,32,%l1
+/* 0x024c	 120 */		and	%i5,%g3,%i4
+/* 0x0250	 119 */		fdtox	%f2,%f0
+/* 0x0254	 121 */		srax	%i3,32,%g2
+/* 0x0258	 119 */		std	%f0,[%sp+2231]
+/* 0x025c	 124 */		add	%i2,%l1,%i2
+/* 0x0260	 123 */		sllx	%l0,16,%i3
+/* 0x0264	 124 */		add	%g2,%i2,%i2
+/* 0x0268	     */		srax	%o2,16,%o2
+/* 0x026c	 117 */		add	%o1,4,%g2
+/* 0x0270	     */		add	%i4,%i3,%o1
+/* 0x0274	 125 */		and	%g5,%g3,%g5
+/* 0x0278	     */		st	%g5,[%g1+%g2]
+/* 0x027c	 119 */		ldx	[%sp+2231],%i3
+/* 0x0280	 117 */		add	%o1,%i2,%o1
+/* 0x0284	     */		add	%g2,4,%g2
+/* 0x0288	 124 */		srax	%o1,32,%i4
+/* 0x028c	 122 */		ldx	[%sp+2223],%i2
+/* 0x0290	 125 */		and	%o1,%g3,%g5
+/* 0x0294	 121 */		srax	%i5,32,%o1
+/* 0x0298	 124 */		add	%o2,%i4,%o2
+/* 0x029c	 125 */		st	%g5,[%g1+%g2]
+/* 0x02a0	 128 */		bg,pn	%icc,.L77000127
+/* 0x02a4	     */		add	%o1,%o2,%g5
+/* 0x02a8	     */		add	%i0,6,%i0
+/* 0x02ac	     */		add	%i1,6,%i1
+                       .L77000134:
+/* 0x02b0	 119 */		sra	%i1,0,%o2
+                       .L900000112:
+/* 0x02b4	 119 */		sllx	%o2,3,%o3
+/* 0x02b8	 120 */		and	%i3,%g3,%o1
+/* 0x02bc	 119 */		ldd	[%g4+%o3],%f0
+/* 0x02c0	 122 */		sra	%i0,0,%o3
+/* 0x02c4	 123 */		and	%i2,%o5,%o2
+/* 0x02c8	 122 */		sllx	%o3,3,%o3
+/* 0x02cc	 120 */		add	%g5,%o1,%o1
+/* 0x02d0	 119 */		fdtox	%f0,%f0
+/* 0x02d4	     */		std	%f0,[%sp+2231]
+/* 0x02d8	 123 */		sllx	%o2,16,%o2
+/* 0x02dc	     */		add	%o1,%o2,%o2
+/* 0x02e0	 128 */		add	%i1,2,%i1
+/* 0x02e4	 122 */		ldd	[%g4+%o3],%f0
+/* 0x02e8	 124 */		srax	%o2,32,%g2
+/* 0x02ec	 125 */		and	%o2,%g3,%o3
+/* 0x02f0	 124 */		srax	%i2,16,%o1
+/* 0x02f4	 128 */		add	%i0,2,%i0
+/* 0x02f8	 122 */		fdtox	%f0,%f0
+/* 0x02fc	     */		std	%f0,[%sp+2223]
+/* 0x0300	 125 */		sra	%o0,0,%o2
+/* 0x0304	     */		sllx	%o2,2,%o2
+/* 0x0308	 124 */		add	%o1,%g2,%g5
+/* 0x030c	 121 */		srax	%i3,32,%g2
+/* 0x0310	 128 */		add	%o0,1,%o0
+/* 0x0314	 124 */		add	%g2,%g5,%g5
+/* 0x0318	 128 */		cmp	%o0,%o7
+/* 0x031c	 119 */		ldx	[%sp+2231],%o4
+/* 0x0320	 122 */		ldx	[%sp+2223],%i2
+/* 0x0324	 125 */		st	%o3,[%g1+%o2]
+/* 0x0328	 127 */		or	%g0,%o4,%i3
+/* 0x032c	 128 */		ble,pt	%icc,.L900000112
+/* 0x0330	     */		sra	%i1,0,%o2
+                       .L77000127:
+
+!  129		      !   }
+!  130		      !     t1+=a&0xffffffff;
+!  131		      !     t=(a>>32);
+!  132		      !     t1+=(b&0xffff)<<16;
+!  133		      !     i32[i]=t1&0xffffffff;
+
+/* 0x0334	 133 */		sethi	%hi(0xfc00),%g2
+                       .L900000113:
+/* 0x0338	 133 */		or	%g0,-1,%g3
+/* 0x033c	     */		add	%g2,1023,%g2
+/* 0x0340	     */		srl	%g3,0,%g3
+/* 0x0344	     */		and	%i2,%g2,%g2
+/* 0x0348	     */		and	%i3,%g3,%g4
+/* 0x034c	     */		sllx	%g2,16,%g2
+/* 0x0350	     */		add	%g5,%g4,%g4
+/* 0x0354	     */		sra	%o0,0,%g5
+/* 0x0358	     */		add	%g4,%g2,%g4
+/* 0x035c	     */		sllx	%g5,2,%g2
+/* 0x0360	     */		and	%g4,%g3,%g3
+/* 0x0364	     */		st	%g3,[%g1+%g2]
+/* 0x0368	     */		ret	! Result = 
+/* 0x036c	     */		restore	%g0,%g0,%g0
+/* 0x0370	   0 */		.type	conv_d16_to_i32,2
+/* 0x0370	     */		.size	conv_d16_to_i32,(.-conv_d16_to_i32)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 */		.align	8
+!
+! CONSTANT POOL
+!
+                       .L_const_seg_900000201:
+/* 000000	   0 */		.word	1127219200,0
+/* 0x0008	   0 */		.align	8
+/* 0x0008	     */		.skip	24
+!
+! SUBROUTINE conv_i32_to_d32
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION
+
+                       	.global conv_i32_to_d32
+                       conv_i32_to_d32:
+/* 000000	     */		or	%g0,%o7,%g3
+
+!  135		      !}
+!  137		      !void conv_i32_to_d32(double *d32, unsigned int *i32, int len)
+!  138		      !{
+!  139		      !int i;
+!  141		      !#pragma pipeloop(0)
+!  142		      ! for(i=0;i<len;i++) d32[i]=(double)(i32[i]);
+
+/* 0x0004	 142 */		cmp	%o2,0
+                       .L900000210:
+/* 0x0008	     */		call	.+8
+/* 0x000c	     */		sethi	/*X*/%hi(_GLOBAL_OFFSET_TABLE_-(.L900000210-.)),%g4
+/* 0x0010	 142 */		or	%g0,0,%o3
+/* 0x0014	 138 */		add	%g4,/*X*/%lo(_GLOBAL_OFFSET_TABLE_-(.L900000210-.)),%g4
+/* 0x0018	 142 */		sub	%o2,1,%o4
+/* 0x001c	 138 */		add	%g4,%o7,%g1
+/* 0x0020	 142 */		ble,pt	%icc,.L77000140
+/* 0x0024	     */		or	%g0,%g3,%o7
+/* 0x0028	     */		sethi	%hi(.L_const_seg_900000201),%g3
+/* 0x002c	     */		cmp	%o2,12
+/* 0x0030	     */		add	%g3,%lo(.L_const_seg_900000201),%g2
+/* 0x0034	     */		or	%g0,%o1,%g5
+/* 0x0038	     */		ldx	[%g1+%g2],%g4
+/* 0x003c	     */		or	%g0,0,%g1
+/* 0x0040	     */		or	%g0,24,%g2
+/* 0x0044	     */		bl,pn	%icc,.L77000144
+/* 0x0048	     */		or	%g0,0,%g3
+/* 0x004c	     */		ld	[%o1],%f13
+/* 0x0050	     */		or	%g0,7,%o3
+/* 0x0054	     */		ldd	[%g4],%f8
+/* 0x0058	     */		sub	%o2,5,%g3
+/* 0x005c	     */		or	%g0,8,%g1
+/* 0x0060	     */		ld	[%o1+4],%f11
+/* 0x0064	     */		ld	[%o1+8],%f7
+/* 0x0068	     */		fmovs	%f8,%f12
+/* 0x006c	     */		ld	[%o1+12],%f5
+/* 0x0070	     */		fmovs	%f8,%f10
+/* 0x0074	     */		ld	[%o1+16],%f3
+/* 0x0078	     */		fmovs	%f8,%f6
+/* 0x007c	     */		ld	[%o1+20],%f1
+/* 0x0080	     */		fsubd	%f12,%f8,%f12
+/* 0x0084	     */		std	%f12,[%o0]
+/* 0x0088	     */		fsubd	%f10,%f8,%f10
+/* 0x008c	     */		std	%f10,[%o0+8]
+                       .L900000205:
+/* 0x0090	     */		ld	[%o1+%g2],%f11
+/* 0x0094	     */		add	%g1,8,%g1
+/* 0x0098	     */		add	%o3,5,%o3
+/* 0x009c	     */		fsubd	%f6,%f8,%f6
+/* 0x00a0	     */		add	%g2,4,%g2
+/* 0x00a4	     */		std	%f6,[%o0+%g1]
+/* 0x00a8	     */		cmp	%o3,%g3
+/* 0x00ac	     */		fmovs	%f8,%f4
+/* 0x00b0	     */		ld	[%o1+%g2],%f7
+/* 0x00b4	     */		fsubd	%f4,%f8,%f12
+/* 0x00b8	     */		add	%g1,8,%g1
+/* 0x00bc	     */		add	%g2,4,%g2
+/* 0x00c0	     */		fmovs	%f8,%f2
+/* 0x00c4	     */		std	%f12,[%o0+%g1]
+/* 0x00c8	     */		ld	[%o1+%g2],%f5
+/* 0x00cc	     */		fsubd	%f2,%f8,%f12
+/* 0x00d0	     */		add	%g1,8,%g1
+/* 0x00d4	     */		add	%g2,4,%g2
+/* 0x00d8	     */		fmovs	%f8,%f0
+/* 0x00dc	     */		std	%f12,[%o0+%g1]
+/* 0x00e0	     */		ld	[%o1+%g2],%f3
+/* 0x00e4	     */		fsubd	%f0,%f8,%f12
+/* 0x00e8	     */		add	%g1,8,%g1
+/* 0x00ec	     */		add	%g2,4,%g2
+/* 0x00f0	     */		fmovs	%f8,%f10
+/* 0x00f4	     */		std	%f12,[%o0+%g1]
+/* 0x00f8	     */		ld	[%o1+%g2],%f1
+/* 0x00fc	     */		fsubd	%f10,%f8,%f10
+/* 0x0100	     */		add	%g1,8,%g1
+/* 0x0104	     */		add	%g2,4,%g2
+/* 0x0108	     */		std	%f10,[%o0+%g1]
+/* 0x010c	     */		ble,pt	%icc,.L900000205
+/* 0x0110	     */		fmovs	%f8,%f6
+                       .L900000208:
+/* 0x0114	     */		fmovs	%f8,%f4
+/* 0x0118	     */		ld	[%o1+%g2],%f11
+/* 0x011c	     */		add	%g1,8,%g3
+/* 0x0120	     */		fmovs	%f8,%f2
+/* 0x0124	     */		add	%g1,16,%g1
+/* 0x0128	     */		cmp	%o3,%o4
+/* 0x012c	     */		fmovs	%f8,%f0
+/* 0x0130	     */		add	%g1,8,%o1
+/* 0x0134	     */		add	%g1,16,%o2
+/* 0x0138	     */		fmovs	%f8,%f10
+/* 0x013c	     */		add	%g1,24,%g2
+/* 0x0140	     */		fsubd	%f6,%f8,%f6
+/* 0x0144	     */		std	%f6,[%o0+%g3]
+/* 0x0148	     */		fsubd	%f4,%f8,%f4
+/* 0x014c	     */		std	%f4,[%o0+%g1]
+/* 0x0150	     */		sra	%o3,0,%g1
+/* 0x0154	     */		fsubd	%f2,%f8,%f2
+/* 0x0158	     */		std	%f2,[%o0+%o1]
+/* 0x015c	     */		sllx	%g1,2,%g3
+/* 0x0160	     */		fsubd	%f0,%f8,%f0
+/* 0x0164	     */		std	%f0,[%o0+%o2]
+/* 0x0168	     */		fsubd	%f10,%f8,%f0
+/* 0x016c	     */		bg,pn	%icc,.L77000140
+/* 0x0170	     */		std	%f0,[%o0+%g2]
+                       .L77000144:
+/* 0x0174	     */		ldd	[%g4],%f8
+                       .L900000211:
+/* 0x0178	     */		ld	[%g5+%g3],%f13
+/* 0x017c	     */		sllx	%g1,3,%g2
+/* 0x0180	     */		add	%o3,1,%o3
+/* 0x0184	     */		sra	%o3,0,%g1
+/* 0x0188	     */		cmp	%o3,%o4
+/* 0x018c	     */		fmovs	%f8,%f12
+/* 0x0190	     */		sllx	%g1,2,%g3
+/* 0x0194	     */		fsubd	%f12,%f8,%f0
+/* 0x0198	     */		std	%f0,[%o0+%g2]
+/* 0x019c	     */		ble,a,pt	%icc,.L900000211
+/* 0x01a0	     */		ldd	[%g4],%f8
+                       .L77000140:
+/* 0x01a4	     */		retl	! Result = 
+/* 0x01a8	     */		nop
+/* 0x01ac	   0 */		.type	conv_i32_to_d32,2
+/* 0x01ac	     */		.size	conv_i32_to_d32,(.-conv_i32_to_d32)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 */		.align	8
+!
+! CONSTANT POOL
+!
+                       .L_const_seg_900000301:
+/* 000000	   0 */		.word	1127219200,0
+/* 0x0008	   0 */		.align	8
+/* 0x0008	     */		.skip	24
+!
+! SUBROUTINE conv_i32_to_d16
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION
+
+                       	.global conv_i32_to_d16
+                       conv_i32_to_d16:
+/* 000000	     */		save	%sp,-192,%sp
+                       .L900000310:
+/* 0x0004	     */		call	.+8
+/* 0x0008	     */		sethi	/*X*/%hi(_GLOBAL_OFFSET_TABLE_-(.L900000310-.)),%g3
+
+!  143		      !}
+!  146		      !void conv_i32_to_d16(double *d16, unsigned int *i32, int len)
+!  147		      !{
+!  148		      !int i;
+!  149		      !unsigned int a;
+!  151		      !#pragma pipeloop(0)
+!  152		      ! for(i=0;i<len;i++)
+
+/* 0x000c	 152 */		cmp	%i2,0
+/* 0x0010	 147 */		add	%g3,/*X*/%lo(_GLOBAL_OFFSET_TABLE_-(.L900000310-.)),%g3
+/* 0x0014	 152 */		ble,pt	%icc,.L77000150
+/* 0x0018	     */		add	%g3,%o7,%o0
+
+!  153		      !   {
+!  154		      !     a=i32[i];
+!  155		      !     d16[2*i]=(double)(a&0xffff);
+!  156		      !     d16[2*i+1]=(double)(a>>16);
+
+/* 0x001c	 156 */		sethi	%hi(.L_const_seg_900000301),%g2
+/* 0x0020	 147 */		or	%g0,%i2,%o1
+/* 0x0024	 152 */		sethi	%hi(0xfc00),%g3
+/* 0x0028	 156 */		add	%g2,%lo(.L_const_seg_900000301),%g2
+/* 0x002c	 152 */		or	%g0,%o1,%g4
+/* 0x0030	 156 */		ldx	[%o0+%g2],%o5
+/* 0x0034	 152 */		add	%g3,1023,%g1
+/* 0x0038	 147 */		or	%g0,%i1,%o7
+/* 0x003c	 152 */		or	%g0,0,%i2
+/* 0x0040	     */		sub	%o1,1,%g5
+/* 0x0044	     */		or	%g0,0,%g3
+/* 0x0048	     */		or	%g0,1,%g2
+/* 0x004c	 154 */		or	%g0,0,%o2
+/* 0x0050	     */		cmp	%g4,6
+/* 0x0054	 152 */		bl,pn	%icc,.L77000154
+/* 0x0058	     */		ldd	[%o5],%f0
+/* 0x005c	     */		sub	%o1,2,%o3
+/* 0x0060	     */		or	%g0,16,%o2
+/* 0x0064	 154 */		ld	[%i1],%o4
+/* 0x0068	 156 */		or	%g0,3,%g2
+/* 0x006c	     */		or	%g0,2,%g3
+/* 0x0070	 155 */		fmovs	%f0,%f2
+/* 0x0074	 156 */		or	%g0,4,%i2
+/* 0x0078	 155 */		and	%o4,%g1,%o0
+/* 0x007c	     */		st	%o0,[%sp+2227]
+/* 0x0080	     */		fmovs	%f0,%f4
+/* 0x0084	 156 */		srl	%o4,16,%i4
+/* 0x0088	 152 */		or	%g0,12,%o4
+/* 0x008c	     */		or	%g0,24,%o0
+/* 0x0090	 155 */		ld	[%sp+2227],%f3
+/* 0x0094	     */		fsubd	%f2,%f0,%f2
+/* 0x0098	     */		std	%f2,[%i0]
+/* 0x009c	 156 */		st	%i4,[%sp+2223]
+/* 0x00a0	 154 */		ld	[%o7+4],%o1
+/* 0x00a4	 156 */		fmovs	%f0,%f2
+/* 0x00a8	 155 */		and	%o1,%g1,%i1
+/* 0x00ac	 156 */		ld	[%sp+2223],%f3
+/* 0x00b0	     */		srl	%o1,16,%o1
+/* 0x00b4	     */		fsubd	%f2,%f0,%f2
+/* 0x00b8	     */		std	%f2,[%i0+8]
+/* 0x00bc	     */		st	%o1,[%sp+2223]
+/* 0x00c0	 155 */		st	%i1,[%sp+2227]
+/* 0x00c4	 154 */		ld	[%o7+8],%o1
+/* 0x00c8	 156 */		fmovs	%f0,%f2
+/* 0x00cc	 155 */		and	%o1,%g1,%g4
+/* 0x00d0	     */		ld	[%sp+2227],%f5
+/* 0x00d4	 156 */		srl	%o1,16,%o1
+/* 0x00d8	     */		ld	[%sp+2223],%f3
+/* 0x00dc	     */		st	%o1,[%sp+2223]
+/* 0x00e0	 155 */		fsubd	%f4,%f0,%f4
+/* 0x00e4	     */		st	%g4,[%sp+2227]
+/* 0x00e8	 156 */		fsubd	%f2,%f0,%f2
+/* 0x00ec	 154 */		ld	[%o7+12],%o1
+/* 0x00f0	 155 */		std	%f4,[%i0+16]
+/* 0x00f4	 156 */		std	%f2,[%i0+24]
+                       .L900000306:
+/* 0x00f8	 155 */		ld	[%sp+2227],%f5
+/* 0x00fc	 156 */		add	%i2,2,%i2
+/* 0x0100	     */		add	%g2,4,%g2
+/* 0x0104	     */		ld	[%sp+2223],%f3
+/* 0x0108	     */		cmp	%i2,%o3
+/* 0x010c	     */		add	%g3,4,%g3
+/* 0x0110	 155 */		and	%o1,%g1,%g4
+/* 0x0114	 156 */		srl	%o1,16,%o1
+/* 0x0118	 155 */		st	%g4,[%sp+2227]
+/* 0x011c	 156 */		st	%o1,[%sp+2223]
+/* 0x0120	 152 */		add	%o4,4,%o1
+/* 0x0124	 154 */		ld	[%o7+%o1],%o4
+/* 0x0128	 156 */		fmovs	%f0,%f2
+/* 0x012c	 155 */		fmovs	%f0,%f4
+/* 0x0130	     */		fsubd	%f4,%f0,%f4
+/* 0x0134	 152 */		add	%o2,16,%o2
+/* 0x0138	 156 */		fsubd	%f2,%f0,%f2
+/* 0x013c	 155 */		std	%f4,[%i0+%o2]
+/* 0x0140	 152 */		add	%o0,16,%o0
+/* 0x0144	 156 */		std	%f2,[%i0+%o0]
+/* 0x0148	 155 */		ld	[%sp+2227],%f5
+/* 0x014c	 156 */		ld	[%sp+2223],%f3
+/* 0x0150	 155 */		and	%o4,%g1,%g4
+/* 0x0154	 156 */		srl	%o4,16,%o4
+/* 0x0158	 155 */		st	%g4,[%sp+2227]
+/* 0x015c	 156 */		st	%o4,[%sp+2223]
+/* 0x0160	 152 */		add	%o1,4,%o4
+/* 0x0164	 154 */		ld	[%o7+%o4],%o1
+/* 0x0168	 156 */		fmovs	%f0,%f2
+/* 0x016c	 155 */		fmovs	%f0,%f4
+/* 0x0170	     */		fsubd	%f4,%f0,%f4
+/* 0x0174	 152 */		add	%o2,16,%o2
+/* 0x0178	 156 */		fsubd	%f2,%f0,%f2
+/* 0x017c	 155 */		std	%f4,[%i0+%o2]
+/* 0x0180	 152 */		add	%o0,16,%o0
+/* 0x0184	 156 */		ble,pt	%icc,.L900000306
+/* 0x0188	     */		std	%f2,[%i0+%o0]
+                       .L900000309:
+/* 0x018c	 155 */		ld	[%sp+2227],%f5
+/* 0x0190	 156 */		fmovs	%f0,%f2
+/* 0x0194	     */		srl	%o1,16,%o3
+/* 0x0198	     */		ld	[%sp+2223],%f3
+/* 0x019c	 155 */		and	%o1,%g1,%i1
+/* 0x01a0	 152 */		add	%o2,16,%g4
+/* 0x01a4	 155 */		fmovs	%f0,%f4
+/* 0x01a8	     */		st	%i1,[%sp+2227]
+/* 0x01ac	 152 */		add	%o0,16,%o2
+/* 0x01b0	 156 */		st	%o3,[%sp+2223]
+/* 0x01b4	 154 */		sra	%i2,0,%o3
+/* 0x01b8	 152 */		add	%g4,16,%o1
+/* 0x01bc	 155 */		fsubd	%f4,%f0,%f4
+/* 0x01c0	     */		std	%f4,[%i0+%g4]
+/* 0x01c4	 152 */		add	%o0,32,%o0
+/* 0x01c8	 156 */		fsubd	%f2,%f0,%f2
+/* 0x01cc	     */		std	%f2,[%i0+%o2]
+/* 0x01d0	     */		sllx	%o3,2,%o2
+/* 0x01d4	 155 */		ld	[%sp+2227],%f5
+/* 0x01d8	 156 */		cmp	%i2,%g5
+/* 0x01dc	     */		add	%g2,6,%g2
+/* 0x01e0	     */		ld	[%sp+2223],%f3
+/* 0x01e4	     */		add	%g3,6,%g3
+/* 0x01e8	 155 */		fmovs	%f0,%f4
+/* 0x01ec	 156 */		fmovs	%f0,%f2
+/* 0x01f0	 155 */		fsubd	%f4,%f0,%f4
+/* 0x01f4	     */		std	%f4,[%i0+%o1]
+/* 0x01f8	 156 */		fsubd	%f2,%f0,%f0
+/* 0x01fc	     */		bg,pn	%icc,.L77000150
+/* 0x0200	     */		std	%f0,[%i0+%o0]
+                       .L77000154:
+/* 0x0204	 155 */		ldd	[%o5],%f0
+                       .L900000311:
+/* 0x0208	 154 */		ld	[%o7+%o2],%o0
+/* 0x020c	 155 */		sra	%g3,0,%o1
+/* 0x0210	     */		fmovs	%f0,%f2
+/* 0x0214	     */		sllx	%o1,3,%o2
+/* 0x0218	 156 */		add	%i2,1,%i2
+/* 0x021c	 155 */		and	%o0,%g1,%o1
+/* 0x0220	     */		st	%o1,[%sp+2227]
+/* 0x0224	 156 */		add	%g3,2,%g3
+/* 0x0228	     */		srl	%o0,16,%o1
+/* 0x022c	     */		cmp	%i2,%g5
+/* 0x0230	     */		sra	%g2,0,%o0
+/* 0x0234	     */		add	%g2,2,%g2
+/* 0x0238	     */		sllx	%o0,3,%o0
+/* 0x023c	 155 */		ld	[%sp+2227],%f3
+/* 0x0240	 154 */		sra	%i2,0,%o3
+/* 0x0244	 155 */		fsubd	%f2,%f0,%f2
+/* 0x0248	     */		std	%f2,[%i0+%o2]
+/* 0x024c	     */		sllx	%o3,2,%o2
+/* 0x0250	 156 */		st	%o1,[%sp+2223]
+/* 0x0254	     */		fmovs	%f0,%f2
+/* 0x0258	     */		ld	[%sp+2223],%f3
+/* 0x025c	     */		fsubd	%f2,%f0,%f0
+/* 0x0260	     */		std	%f0,[%i0+%o0]
+/* 0x0264	     */		ble,a,pt	%icc,.L900000311
+/* 0x0268	     */		ldd	[%o5],%f0
+                       .L77000150:
+/* 0x026c	     */		ret	! Result = 
+/* 0x0270	     */		restore	%g0,%g0,%g0
+/* 0x0274	   0 */		.type	conv_i32_to_d16,2
+/* 0x0274	     */		.size	conv_i32_to_d16,(.-conv_i32_to_d16)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 */		.align	8
+!
+! CONSTANT POOL
+!
+                       .L_const_seg_900000401:
+/* 000000	   0 */		.word	1127219200,0
+/* 0x0008	   0 */		.align	8
+/* 0x0008	     */		.skip	24
+!
+! SUBROUTINE conv_i32_to_d32_and_d16
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION
+
+                       	.global conv_i32_to_d32_and_d16
+                       conv_i32_to_d32_and_d16:
+/* 000000	     */		save	%sp,-192,%sp
+                       .L900000415:
+/* 0x0004	     */		call	.+8
+/* 0x0008	     */		sethi	/*X*/%hi(_GLOBAL_OFFSET_TABLE_-(.L900000415-.)),%g3
+
+!  157		      !   }
+!  158		      !}
+!  161		      !void conv_i32_to_d32_and_d16(double *d32, double *d16, 
+!  162		      !			     unsigned int *i32, int len)
+!  163		      !{
+!  164		      !int i = 0;
+!  165		      !unsigned int a;
+!  167		      !#pragma pipeloop(0)
+!  168		      !#ifdef RF_INLINE_MACROS
+!  169		      ! for(;i<len-3;i+=4)
+!  170		      !   {
+!  171		      !     i16_to_d16_and_d32x4(&TwoToMinus16, &TwoTo16, &Zero,
+!  172		      !			  &(d16[2*i]), &(d32[i]), (float *)(&(i32[i])));
+
+/* 0x000c	 172 */		sethi	%hi(Zero),%g2
+/* 0x0010	 163 */		add	%g3,/*X*/%lo(_GLOBAL_OFFSET_TABLE_-(.L900000415-.)),%g3
+/* 0x0014	     */		or	%g0,%i3,%g5
+/* 0x0018	     */		add	%g3,%o7,%o3
+/* 0x001c	 172 */		add	%g2,%lo(Zero),%g2
+/* 0x0020	     */		ldx	[%o3+%g2],%o0
+/* 0x0024	     */		sethi	%hi(TwoToMinus16),%g3
+/* 0x0028	 163 */		or	%g0,%i0,%i3
+/* 0x002c	 169 */		sub	%g5,3,%o1
+/* 0x0030	 172 */		sethi	%hi(TwoTo16),%g4
+/* 0x0034	 163 */		or	%g0,%i2,%i0
+/* 0x0038	 172 */		add	%g3,%lo(TwoToMinus16),%g2
+/* 0x003c	     */		ldx	[%o3+%g2],%o2
+/* 0x0040	 169 */		cmp	%o1,0
+/* 0x0044	 164 */		or	%g0,0,%i2
+/* 0x0048	 169 */		ble,pt	%icc,.L900000418
+/* 0x004c	     */		cmp	%i2,%g5
+/* 0x0050	     */		ldd	[%o0],%f2
+/* 0x0054	 172 */		add	%g4,%lo(TwoTo16),%g3
+/* 0x0058	     */		ldx	[%o3+%g3],%o1
+/* 0x005c	 169 */		sub	%g5,4,%o4
+/* 0x0060	     */		or	%g0,0,%o5
+                       .L900000417:
+/* 0x0064	 172 */		sra	%i2,0,%g2
+/* 0x0068	     */		fmovd	%f2,%f14
+/* 0x006c	     */		ldd	[%o2],%f0
+/* 0x0070	     */		sllx	%g2,2,%g3
+/* 0x0074	     */		fmovd	%f2,%f10
+/* 0x0078	     */		ldd	[%o1],%f16
+/* 0x007c	     */		ld	[%g3+%i0],%f15
+/* 0x0080	     */		add	%i0,%g3,%g3
+/* 0x0084	     */		fmovd	%f2,%f6
+/* 0x0088	     */		ld	[%g3+4],%f11
+/* 0x008c	     */		sra	%o5,0,%g4
+/* 0x0090	     */		add	%i2,4,%i2
+/* 0x0094	     */		ld	[%g3+8],%f7
+/* 0x0098	     */		fxtod	%f14,%f14
+/* 0x009c	     */		sllx	%g2,3,%g2
+/* 0x00a0	     */		ld	[%g3+12],%f3
+/* 0x00a4	     */		fxtod	%f10,%f10
+/* 0x00a8	     */		sllx	%g4,3,%g3
+/* 0x00ac	     */		fxtod	%f6,%f6
+/* 0x00b0	     */		std	%f14,[%g2+%i3]
+/* 0x00b4	     */		add	%i3,%g2,%g4
+/* 0x00b8	     */		fxtod	%f2,%f2
+/* 0x00bc	     */		fmuld	%f0,%f14,%f12
+/* 0x00c0	     */		std	%f2,[%g4+24]
+/* 0x00c4	     */		fmuld	%f0,%f10,%f8
+/* 0x00c8	     */		std	%f10,[%g4+8]
+/* 0x00cc	     */		add	%i1,%g3,%g2
+/* 0x00d0	     */		fmuld	%f0,%f6,%f4
+/* 0x00d4	     */		std	%f6,[%g4+16]
+/* 0x00d8	     */		cmp	%i2,%o4
+/* 0x00dc	     */		fmuld	%f0,%f2,%f0
+/* 0x00e0	     */		fdtox	%f12,%f12
+/* 0x00e4	     */		add	%o5,8,%o5
+/* 0x00e8	     */		fdtox	%f8,%f8
+/* 0x00ec	     */		fdtox	%f4,%f4
+/* 0x00f0	     */		fdtox	%f0,%f0
+/* 0x00f4	     */		fxtod	%f12,%f12
+/* 0x00f8	     */		std	%f12,[%g2+8]
+/* 0x00fc	     */		fxtod	%f8,%f8
+/* 0x0100	     */		std	%f8,[%g2+24]
+/* 0x0104	     */		fxtod	%f4,%f4
+/* 0x0108	     */		std	%f4,[%g2+40]
+/* 0x010c	     */		fxtod	%f0,%f0
+/* 0x0110	     */		std	%f0,[%g2+56]
+/* 0x0114	     */		fmuld	%f12,%f16,%f12
+/* 0x0118	     */		fmuld	%f8,%f16,%f8
+/* 0x011c	     */		fmuld	%f4,%f16,%f4
+/* 0x0120	     */		fsubd	%f14,%f12,%f12
+/* 0x0124	     */		std	%f12,[%g3+%i1]
+/* 0x0128	     */		fmuld	%f0,%f16,%f0
+/* 0x012c	     */		fsubd	%f10,%f8,%f8
+/* 0x0130	     */		std	%f8,[%g2+16]
+/* 0x0134	     */		fsubd	%f6,%f4,%f4
+/* 0x0138	     */		std	%f4,[%g2+32]
+/* 0x013c	     */		fsubd	%f2,%f0,%f0
+/* 0x0140	     */		std	%f0,[%g2+48]
+/* 0x0144	     */		ble,a,pt	%icc,.L900000417
+/* 0x0148	     */		ldd	[%o0],%f2
+                       .L77000159:
+
+!  173		      !   }
+!  174		      !#endif
+!  175		      ! for(;i<len;i++)
+
+/* 0x014c	 175 */		cmp	%i2,%g5
+                       .L900000418:
+/* 0x0150	 175 */		bge,pt	%icc,.L77000164
+/* 0x0154	     */		nop
+
+!  176		      !   {
+!  177		      !     a=i32[i];
+!  178		      !     d32[i]=(double)(i32[i]);
+!  179		      !     d16[2*i]=(double)(a&0xffff);
+!  180		      !     d16[2*i+1]=(double)(a>>16);
+
+/* 0x0158	 180 */		sethi	%hi(.L_const_seg_900000401),%g2
+/* 0x015c	     */		add	%g2,%lo(.L_const_seg_900000401),%g2
+/* 0x0160	 175 */		sethi	%hi(0xfc00),%g3
+/* 0x0164	 180 */		ldx	[%o3+%g2],%g1
+/* 0x0168	 175 */		sll	%i2,1,%i4
+/* 0x016c	     */		sub	%g5,%i2,%g4
+/* 0x0170	 177 */		sra	%i2,0,%o3
+/* 0x0174	 175 */		add	%g3,1023,%g3
+/* 0x0178	 178 */		ldd	[%g1],%f2
+/* 0x017c	     */		sllx	%o3,2,%o2
+/* 0x0180	 175 */		add	%i4,1,%g2
+/* 0x0184	 177 */		or	%g0,%o3,%o1
+/* 0x0188	     */		cmp	%g4,6
+/* 0x018c	 175 */		bl,pn	%icc,.L77000161
+/* 0x0190	     */		sra	%i2,0,%o3
+/* 0x0194	 177 */		or	%g0,%o2,%o0
+/* 0x0198	 178 */		ld	[%i0+%o2],%f5
+/* 0x019c	 179 */		fmovs	%f2,%f8
+/* 0x01a0	 175 */		add	%o0,4,%o3
+/* 0x01a4	 177 */		ld	[%i0+%o0],%o7
+/* 0x01a8	 180 */		fmovs	%f2,%f6
+/* 0x01ac	 178 */		fmovs	%f2,%f4
+/* 0x01b0	     */		sllx	%o1,3,%o2
+/* 0x01b4	 175 */		add	%o3,4,%o5
+/* 0x01b8	 179 */		sra	%i4,0,%o0
+/* 0x01bc	 175 */		add	%o3,8,%o4
+/* 0x01c0	 178 */		fsubd	%f4,%f2,%f4
+/* 0x01c4	     */		std	%f4,[%i3+%o2]
+/* 0x01c8	 179 */		sllx	%o0,3,%i5
+/* 0x01cc	     */		and	%o7,%g3,%o0
+/* 0x01d0	     */		st	%o0,[%sp+2227]
+/* 0x01d4	 175 */		add	%i5,16,%o1
+/* 0x01d8	 180 */		srl	%o7,16,%g4
+/* 0x01dc	     */		add	%i2,1,%i2
+/* 0x01e0	     */		sra	%g2,0,%o0
+/* 0x01e4	 175 */		add	%o2,8,%o2
+/* 0x01e8	 179 */		fmovs	%f2,%f4
+/* 0x01ec	 180 */		sllx	%o0,3,%l0
+/* 0x01f0	     */		add	%i4,3,%g2
+/* 0x01f4	 179 */		ld	[%sp+2227],%f5
+/* 0x01f8	 175 */		add	%l0,16,%o0
+/* 0x01fc	 180 */		add	%i4,2,%i4
+/* 0x0200	 175 */		sub	%g5,1,%o7
+/* 0x0204	 180 */		add	%i2,3,%i2
+/* 0x0208	 179 */		fsubd	%f4,%f2,%f4
+/* 0x020c	     */		std	%f4,[%i1+%i5]
+/* 0x0210	 180 */		st	%g4,[%sp+2223]
+/* 0x0214	 177 */		ld	[%i0+%o3],%i5
+/* 0x0218	 180 */		fmovs	%f2,%f4
+/* 0x021c	     */		srl	%i5,16,%g4
+/* 0x0220	 179 */		and	%i5,%g3,%i5
+/* 0x0224	 180 */		ld	[%sp+2223],%f5
+/* 0x0228	     */		fsubd	%f4,%f2,%f4
+/* 0x022c	     */		std	%f4,[%i1+%l0]
+/* 0x0230	     */		st	%g4,[%sp+2223]
+/* 0x0234	 177 */		ld	[%i0+%o5],%g4
+/* 0x0238	 179 */		st	%i5,[%sp+2227]
+/* 0x023c	 178 */		fmovs	%f2,%f4
+/* 0x0240	 180 */		srl	%g4,16,%i5
+/* 0x0244	 179 */		and	%g4,%g3,%g4
+/* 0x0248	 180 */		ld	[%sp+2223],%f7
+/* 0x024c	     */		st	%i5,[%sp+2223]
+/* 0x0250	 178 */		ld	[%i0+%o3],%f5
+/* 0x0254	 180 */		fsubd	%f6,%f2,%f6
+/* 0x0258	 177 */		ld	[%i0+%o4],%o3
+/* 0x025c	 178 */		fsubd	%f4,%f2,%f4
+/* 0x0260	 179 */		ld	[%sp+2227],%f9
+/* 0x0264	 180 */		ld	[%sp+2223],%f1
+/* 0x0268	 179 */		st	%g4,[%sp+2227]
+/* 0x026c	     */		fsubd	%f8,%f2,%f8
+/* 0x0270	     */		std	%f8,[%i1+%o1]
+/* 0x0274	 180 */		std	%f6,[%i1+%o0]
+/* 0x0278	 178 */		std	%f4,[%i3+%o2]
+                       .L900000411:
+/* 0x027c	 179 */		ld	[%sp+2227],%f13
+/* 0x0280	 180 */		srl	%o3,16,%g4
+/* 0x0284	     */		add	%i2,2,%i2
+/* 0x0288	     */		st	%g4,[%sp+2223]
+/* 0x028c	     */		cmp	%i2,%o7
+/* 0x0290	     */		add	%g2,4,%g2
+/* 0x0294	 178 */		ld	[%i0+%o5],%f11
+/* 0x0298	 180 */		add	%i4,4,%i4
+/* 0x029c	 175 */		add	%o4,4,%o5
+/* 0x02a0	 177 */		ld	[%i0+%o5],%g4
+/* 0x02a4	 179 */		and	%o3,%g3,%o3
+/* 0x02a8	     */		st	%o3,[%sp+2227]
+/* 0x02ac	 180 */		fmovs	%f2,%f0
+/* 0x02b0	 179 */		fmovs	%f2,%f12
+/* 0x02b4	 180 */		fsubd	%f0,%f2,%f8
+/* 0x02b8	 179 */		fsubd	%f12,%f2,%f4
+/* 0x02bc	 175 */		add	%o1,16,%o1
+/* 0x02c0	 180 */		ld	[%sp+2223],%f7
+/* 0x02c4	 178 */		fmovs	%f2,%f10
+/* 0x02c8	 179 */		std	%f4,[%i1+%o1]
+/* 0x02cc	 175 */		add	%o0,16,%o0
+/* 0x02d0	 178 */		fsubd	%f10,%f2,%f4
+/* 0x02d4	 175 */		add	%o2,8,%o2
+/* 0x02d8	 180 */		std	%f8,[%i1+%o0]
+/* 0x02dc	 178 */		std	%f4,[%i3+%o2]
+/* 0x02e0	 179 */		ld	[%sp+2227],%f9
+/* 0x02e4	 180 */		srl	%g4,16,%o3
+/* 0x02e8	     */		st	%o3,[%sp+2223]
+/* 0x02ec	 178 */		ld	[%i0+%o4],%f5
+/* 0x02f0	 175 */		add	%o4,8,%o4
+/* 0x02f4	 177 */		ld	[%i0+%o4],%o3
+/* 0x02f8	 179 */		and	%g4,%g3,%g4
+/* 0x02fc	     */		st	%g4,[%sp+2227]
+/* 0x0300	 180 */		fmovs	%f2,%f6
+/* 0x0304	 179 */		fmovs	%f2,%f8
+/* 0x0308	 180 */		fsubd	%f6,%f2,%f6
+/* 0x030c	 179 */		fsubd	%f8,%f2,%f8
+/* 0x0310	 175 */		add	%o1,16,%o1
+/* 0x0314	 180 */		ld	[%sp+2223],%f1
+/* 0x0318	 178 */		fmovs	%f2,%f4
+/* 0x031c	 179 */		std	%f8,[%i1+%o1]
+/* 0x0320	 175 */		add	%o0,16,%o0
+/* 0x0324	 178 */		fsubd	%f4,%f2,%f4
+/* 0x0328	 175 */		add	%o2,8,%o2
+/* 0x032c	 180 */		std	%f6,[%i1+%o0]
+/* 0x0330	     */		bl,pt	%icc,.L900000411
+/* 0x0334	     */		std	%f4,[%i3+%o2]
+                       .L900000414:
+/* 0x0338	 180 */		srl	%o3,16,%o7
+/* 0x033c	     */		st	%o7,[%sp+2223]
+/* 0x0340	 179 */		fmovs	%f2,%f12
+/* 0x0344	 178 */		ld	[%i0+%o5],%f11
+/* 0x0348	 180 */		fmovs	%f2,%f0
+/* 0x034c	 179 */		and	%o3,%g3,%g4
+/* 0x0350	 180 */		fmovs	%f2,%f6
+/* 0x0354	 175 */		add	%o1,16,%o3
+/* 0x0358	     */		add	%o0,16,%o7
+/* 0x035c	 178 */		fmovs	%f2,%f10
+/* 0x0360	 175 */		add	%o2,8,%o2
+/* 0x0364	     */		add	%o1,32,%o5
+/* 0x0368	 179 */		ld	[%sp+2227],%f13
+/* 0x036c	 178 */		fmovs	%f2,%f4
+/* 0x0370	 175 */		add	%o0,32,%o1
+/* 0x0374	 180 */		ld	[%sp+2223],%f7
+/* 0x0378	 175 */		add	%o2,8,%o0
+/* 0x037c	 180 */		cmp	%i2,%g5
+/* 0x0380	 179 */		st	%g4,[%sp+2227]
+/* 0x0384	     */		fsubd	%f12,%f2,%f8
+/* 0x0388	 180 */		add	%g2,6,%g2
+/* 0x038c	 179 */		std	%f8,[%i1+%o3]
+/* 0x0390	 180 */		fsubd	%f0,%f2,%f0
+/* 0x0394	 177 */		sra	%i2,0,%o3
+/* 0x0398	 180 */		std	%f0,[%i1+%o7]
+/* 0x039c	 178 */		fsubd	%f10,%f2,%f0
+/* 0x03a0	 180 */		add	%i4,6,%i4
+/* 0x03a4	 178 */		std	%f0,[%i3+%o2]
+/* 0x03a8	     */		sllx	%o3,2,%o2
+/* 0x03ac	 179 */		ld	[%sp+2227],%f9
+/* 0x03b0	 178 */		ld	[%i0+%o4],%f5
+/* 0x03b4	 179 */		fmovs	%f2,%f8
+/* 0x03b8	     */		fsubd	%f8,%f2,%f0
+/* 0x03bc	     */		std	%f0,[%i1+%o5]
+/* 0x03c0	 180 */		fsubd	%f6,%f2,%f0
+/* 0x03c4	     */		std	%f0,[%i1+%o1]
+/* 0x03c8	 178 */		fsubd	%f4,%f2,%f0
+/* 0x03cc	 180 */		bge,pn	%icc,.L77000164
+/* 0x03d0	     */		std	%f0,[%i3+%o0]
+                       .L77000161:
+/* 0x03d4	 178 */		ldd	[%g1],%f2
+                       .L900000416:
+/* 0x03d8	 178 */		ld	[%i0+%o2],%f5
+/* 0x03dc	 179 */		sra	%i4,0,%o0
+/* 0x03e0	 180 */		add	%i2,1,%i2
+/* 0x03e4	 177 */		ld	[%i0+%o2],%o1
+/* 0x03e8	 178 */		sllx	%o3,3,%o3
+/* 0x03ec	 180 */		add	%i4,2,%i4
+/* 0x03f0	 178 */		fmovs	%f2,%f4
+/* 0x03f4	 179 */		sllx	%o0,3,%o4
+/* 0x03f8	 180 */		cmp	%i2,%g5
+/* 0x03fc	 179 */		and	%o1,%g3,%o0
+/* 0x0400	 178 */		fsubd	%f4,%f2,%f0
+/* 0x0404	     */		std	%f0,[%i3+%o3]
+/* 0x0408	 180 */		srl	%o1,16,%o1
+/* 0x040c	 179 */		st	%o0,[%sp+2227]
+/* 0x0410	 180 */		sra	%g2,0,%o0
+/* 0x0414	     */		add	%g2,2,%g2
+/* 0x0418	 177 */		sra	%i2,0,%o3
+/* 0x041c	 180 */		sllx	%o0,3,%o0
+/* 0x0420	 179 */		fmovs	%f2,%f4
+/* 0x0424	     */		sllx	%o3,2,%o2
+/* 0x0428	     */		ld	[%sp+2227],%f5
+/* 0x042c	     */		fsubd	%f4,%f2,%f0
+/* 0x0430	     */		std	%f0,[%i1+%o4]
+/* 0x0434	 180 */		st	%o1,[%sp+2223]
+/* 0x0438	     */		fmovs	%f2,%f4
+/* 0x043c	     */		ld	[%sp+2223],%f5
+/* 0x0440	     */		fsubd	%f4,%f2,%f0
+/* 0x0444	     */		std	%f0,[%i1+%o0]
+/* 0x0448	     */		bl,a,pt	%icc,.L900000416
+/* 0x044c	     */		ldd	[%g1],%f2
+                       .L77000164:
+/* 0x0450	     */		ret	! Result = 
+/* 0x0454	     */		restore	%g0,%g0,%g0
+/* 0x0458	   0 */		.type	conv_i32_to_d32_and_d16,2
+/* 0x0458	     */		.size	conv_i32_to_d32_and_d16,(.-conv_i32_to_d32_and_d16)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 */		.align	8
+!
+! SUBROUTINE adjust_montf_result
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION
+
+                       	.global adjust_montf_result
+                       adjust_montf_result:
+/* 000000	     */		save	%sp,-176,%sp
+/* 0x0004	     */		or	%g0,%i2,%o1
+/* 0x0008	     */		or	%g0,%i0,%i2
+
+!  181		      !   }
+!  182		      !}
+!  185		      !void adjust_montf_result(unsigned int *i32, unsigned int *nint, int len)
+!  186		      !{
+!  187		      !long long acc;
+!  188		      !int i;
+!  190		      ! if(i32[len]>0) i=-1;
+
+/* 0x000c	 190 */		sra	%o1,0,%g2
+/* 0x0010	     */		or	%g0,-1,%o2
+/* 0x0014	     */		sllx	%g2,2,%g2
+/* 0x0018	     */		ld	[%i2+%g2],%g2
+/* 0x001c	     */		cmp	%g2,0
+/* 0x0020	     */		bleu,pn	%icc,.L77000175
+/* 0x0024	     */		or	%g0,%i1,%i0
+/* 0x0028	     */		ba	.L900000511
+/* 0x002c	     */		cmp	%o2,0
+                       .L77000175:
+
+!  191		      ! else
+!  192		      !   {
+!  193		      !     for(i=len-1; i>=0; i--)
+
+/* 0x0030	 193 */		sub	%o1,1,%o2
+/* 0x0034	     */		cmp	%o2,0
+/* 0x0038	     */		bl,pn	%icc,.L77000182
+/* 0x003c	     */		sra	%o2,0,%g2
+                       .L900000510:
+
+!  194		      !       {
+!  195		      !	 if(i32[i]!=nint[i]) break;
+
+/* 0x0040	 195 */		sllx	%g2,2,%g2
+/* 0x0044	     */		sub	%o2,1,%o0
+/* 0x0048	     */		ld	[%i1+%g2],%g3
+/* 0x004c	     */		ld	[%i2+%g2],%g2
+/* 0x0050	     */		cmp	%g2,%g3
+/* 0x0054	     */		bne,pn	%icc,.L77000182
+/* 0x0058	     */		nop
+/* 0x005c	   0 */		or	%g0,%o0,%o2
+/* 0x0060	 195 */		cmp	%o0,0
+/* 0x0064	     */		bge,pt	%icc,.L900000510
+/* 0x0068	     */		sra	%o2,0,%g2
+                       .L77000182:
+
+!  196		      !       }
+!  197		      !   }
+!  198		      ! if((i<0)||(i32[i]>nint[i]))
+
+/* 0x006c	 198 */		cmp	%o2,0
+                       .L900000511:
+/* 0x0070	 198 */		bl,pn	%icc,.L77000198
+/* 0x0074	     */		sra	%o2,0,%g2
+/* 0x0078	     */		sllx	%g2,2,%g2
+/* 0x007c	     */		ld	[%i1+%g2],%g3
+/* 0x0080	     */		ld	[%i2+%g2],%g2
+/* 0x0084	     */		cmp	%g2,%g3
+/* 0x0088	     */		bleu,pt	%icc,.L77000191
+/* 0x008c	     */		nop
+                       .L77000198:
+
+!  199		      !   {
+!  200		      !     acc=0;
+!  201		      !     for(i=0;i<len;i++)
+
+/* 0x0090	 201 */		cmp	%o1,0
+/* 0x0094	     */		ble,pt	%icc,.L77000191
+/* 0x0098	     */		nop
+/* 0x009c	 198 */		or	%g0,-1,%g2
+/* 0x00a0	 201 */		or	%g0,%o1,%g3
+/* 0x00a4	 198 */		srl	%g2,0,%g2
+/* 0x00a8	     */		sub	%o1,1,%g4
+/* 0x00ac	     */		cmp	%o1,9
+/* 0x00b0	 201 */		or	%g0,0,%i1
+/* 0x00b4	 200 */		or	%g0,0,%g5
+
+!  202		      !       {
+!  203		      !	 acc=acc+(unsigned long long)(i32[i])-(unsigned long long)(nint[i]);
+
+/* 0x00b8	 203 */		or	%g0,0,%o1
+/* 0x00bc	 201 */		bl,pn	%icc,.L77000199
+/* 0x00c0	     */		sub	%g3,4,%o7
+/* 0x00c4	 203 */		ld	[%i2],%o1
+
+!  204		      !	 i32[i]=acc&0xffffffff;
+!  205		      !	 acc=acc>>32;
+
+/* 0x00c8	 205 */		or	%g0,5,%i1
+/* 0x00cc	 203 */		ld	[%i0],%o2
+/* 0x00d0	 201 */		or	%g0,8,%o5
+/* 0x00d4	     */		or	%g0,12,%o4
+/* 0x00d8	 203 */		ld	[%i0+4],%o3
+/* 0x00dc	 201 */		or	%g0,16,%g1
+/* 0x00e0	 203 */		ld	[%i2+4],%o0
+/* 0x00e4	 201 */		sub	%o1,%o2,%o1
+/* 0x00e8	 203 */		ld	[%i0+8],%i3
+/* 0x00ec	 204 */		and	%o1,%g2,%g5
+/* 0x00f0	     */		st	%g5,[%i2]
+/* 0x00f4	 205 */		srax	%o1,32,%g5
+/* 0x00f8	 201 */		sub	%o0,%o3,%o0
+/* 0x00fc	 203 */		ld	[%i0+12],%o2
+/* 0x0100	 201 */		add	%o0,%g5,%o0
+/* 0x0104	 204 */		and	%o0,%g2,%g5
+/* 0x0108	     */		st	%g5,[%i2+4]
+/* 0x010c	 205 */		srax	%o0,32,%o0
+/* 0x0110	 203 */		ld	[%i2+8],%o1
+/* 0x0114	     */		ld	[%i2+12],%o3
+/* 0x0118	 201 */		sub	%o1,%i3,%o1
+                       .L900000505:
+/* 0x011c	     */		add	%g1,4,%g3
+/* 0x0120	 203 */		ld	[%g1+%i2],%g5
+/* 0x0124	 201 */		add	%o1,%o0,%o0
+/* 0x0128	 203 */		ld	[%i0+%g1],%i3
+/* 0x012c	 201 */		sub	%o3,%o2,%o1
+/* 0x0130	 204 */		and	%o0,%g2,%o2
+/* 0x0134	     */		st	%o2,[%o5+%i2]
+/* 0x0138	 205 */		srax	%o0,32,%o2
+/* 0x013c	     */		add	%i1,4,%i1
+/* 0x0140	 201 */		add	%g1,8,%o5
+/* 0x0144	 203 */		ld	[%g3+%i2],%o0
+/* 0x0148	 201 */		add	%o1,%o2,%o1
+/* 0x014c	 203 */		ld	[%i0+%g3],%o3
+/* 0x0150	 201 */		sub	%g5,%i3,%o2
+/* 0x0154	 204 */		and	%o1,%g2,%g5
+/* 0x0158	     */		st	%g5,[%o4+%i2]
+/* 0x015c	 205 */		srax	%o1,32,%g5
+/* 0x0160	     */		cmp	%i1,%o7
+/* 0x0164	 201 */		add	%g1,12,%o4
+/* 0x0168	 203 */		ld	[%o5+%i2],%o1
+/* 0x016c	 201 */		add	%o2,%g5,%o2
+/* 0x0170	 203 */		ld	[%i0+%o5],%i3
+/* 0x0174	 201 */		sub	%o0,%o3,%o0
+/* 0x0178	 204 */		and	%o2,%g2,%o3
+/* 0x017c	     */		st	%o3,[%g1+%i2]
+/* 0x0180	 205 */		srax	%o2,32,%g5
+/* 0x0184	 203 */		ld	[%o4+%i2],%o3
+/* 0x0188	 201 */		add	%g1,16,%g1
+/* 0x018c	     */		add	%o0,%g5,%o0
+/* 0x0190	 203 */		ld	[%i0+%o4],%o2
+/* 0x0194	 201 */		sub	%o1,%i3,%o1
+/* 0x0198	 204 */		and	%o0,%g2,%g5
+/* 0x019c	     */		st	%g5,[%g3+%i2]
+/* 0x01a0	 205 */		ble,pt	%icc,.L900000505
+/* 0x01a4	     */		srax	%o0,32,%o0
+                       .L900000508:
+/* 0x01a8	     */		add	%o1,%o0,%g3
+/* 0x01ac	     */		sub	%o3,%o2,%o1
+/* 0x01b0	 203 */		ld	[%g1+%i2],%o0
+/* 0x01b4	     */		ld	[%i0+%g1],%o2
+/* 0x01b8	 205 */		srax	%g3,32,%o7
+/* 0x01bc	 204 */		and	%g3,%g2,%o3
+/* 0x01c0	 201 */		add	%o1,%o7,%o1
+/* 0x01c4	 204 */		st	%o3,[%o5+%i2]
+/* 0x01c8	 205 */		cmp	%i1,%g4
+/* 0x01cc	 201 */		sub	%o0,%o2,%o0
+/* 0x01d0	 204 */		and	%o1,%g2,%o2
+/* 0x01d4	     */		st	%o2,[%o4+%i2]
+/* 0x01d8	 205 */		srax	%o1,32,%o1
+/* 0x01dc	 203 */		sra	%i1,0,%o2
+/* 0x01e0	 201 */		add	%o0,%o1,%o0
+/* 0x01e4	 205 */		srax	%o0,32,%g5
+/* 0x01e8	 204 */		and	%o0,%g2,%o1
+/* 0x01ec	     */		st	%o1,[%g1+%i2]
+/* 0x01f0	 205 */		bg,pn	%icc,.L77000191
+/* 0x01f4	     */		sllx	%o2,2,%o1
+                       .L77000199:
+/* 0x01f8	   0 */		or	%g0,%o1,%g1
+                       .L900000509:
+/* 0x01fc	 203 */		ld	[%o1+%i2],%o0
+/* 0x0200	 205 */		add	%i1,1,%i1
+/* 0x0204	 203 */		ld	[%i0+%o1],%o1
+/* 0x0208	     */		sra	%i1,0,%o2
+/* 0x020c	 205 */		cmp	%i1,%g4
+/* 0x0210	 203 */		add	%g5,%o0,%o0
+/* 0x0214	     */		sub	%o0,%o1,%o0
+/* 0x0218	 205 */		srax	%o0,32,%g5
+/* 0x021c	 204 */		and	%o0,%g2,%o1
+/* 0x0220	     */		st	%o1,[%g1+%i2]
+/* 0x0224	     */		sllx	%o2,2,%o1
+/* 0x0228	 205 */		ble,pt	%icc,.L900000509
+/* 0x022c	     */		or	%g0,%o1,%g1
+                       .L77000191:
+/* 0x0230	     */		ret	! Result = 
+/* 0x0234	     */		restore	%g0,%g0,%g0
+/* 0x0238	   0 */		.type	adjust_montf_result,2
+/* 0x0238	     */		.size	adjust_montf_result,(.-adjust_montf_result)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 */		.align	8
+/* 000000	     */		.skip	24
+!
+! SUBROUTINE mont_mulf_noconv
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION
+
+                       	.global mont_mulf_noconv
+                       mont_mulf_noconv:
+/* 000000	     */		save	%sp,-224,%sp
+                       .L900000643:
+/* 0x0004	     */		call	.+8
+/* 0x0008	     */		sethi	/*X*/%hi(_GLOBAL_OFFSET_TABLE_-(.L900000643-.)),%g5
+/* 0x000c	     */		ldx	[%fp+2223],%l0
+
+!  206		      !       }
+!  207		      !   }
+!  208		      !}
+!  213		      !/*
+!  214		      !** the lengths of the input arrays should be at least the following:
+!  215		      !** result[nlen+1], dm1[nlen], dm2[2*nlen+1], dt[4*nlen+2], dn[nlen], nint[nlen]
+!  216		      !** all of them should be different from one another
+!  217		      !**
+!  218		      !*/
+!  219		      !void mont_mulf_noconv(unsigned int *result,
+!  220		      !		     double *dm1, double *dm2, double *dt,
+!  221		      !		     double *dn, unsigned int *nint,
+!  222		      !		     int nlen, double dn0)
+!  223		      !{
+!  224		      ! int i, j, jj;
+!  225		      ! int tmp;
+!  226		      ! double digit, m2j, nextm2j, a, b;
+!  227		      ! double *dptmp, *pdm1, *pdm2, *pdn, *pdtj, pdn_0, pdm1_0;
+!  229		      ! pdm1=&(dm1[0]);
+!  230		      ! pdm2=&(dm2[0]);
+!  231		      ! pdn=&(dn[0]);
+!  232		      ! pdm2[2*nlen]=Zero;
+
+/* 0x0010	 232 */		sethi	%hi(Zero),%g2
+/* 0x0014	 223 */		fmovd	%f14,%f30
+/* 0x0018	     */		add	%g5,/*X*/%lo(_GLOBAL_OFFSET_TABLE_-(.L900000643-.)),%g5
+/* 0x001c	 232 */		add	%g2,%lo(Zero),%g2
+/* 0x0020	     */		sll	%l0,1,%o3
+/* 0x0024	 223 */		add	%g5,%o7,%o4
+/* 0x0028	 232 */		sra	%o3,0,%g5
+/* 0x002c	     */		ldx	[%o4+%g2],%o7
+
+!  234		      ! if (nlen!=16)
+!  235		      !   {
+!  236		      !     for(i=0;i<4*nlen+2;i++) dt[i]=Zero;
+!  238		      !     a=dt[0]=pdm1[0]*pdm2[0];
+!  239		      !     digit=mod(lower32(a,Zero)*dn0,TwoToMinus16,TwoTo16);
+
+/* 0x0030	 239 */		sethi	%hi(TwoToMinus16),%g3
+/* 0x0034	     */		sethi	%hi(TwoTo16),%g4
+/* 0x0038	     */		add	%g3,%lo(TwoToMinus16),%g2
+/* 0x003c	 232 */		ldd	[%o7],%f0
+/* 0x0040	 239 */		add	%g4,%lo(TwoTo16),%g3
+/* 0x0044	 223 */		or	%g0,%i4,%o0
+/* 0x0048	 232 */		sllx	%g5,3,%g4
+/* 0x004c	 239 */		ldx	[%o4+%g2],%o5
+/* 0x0050	 223 */		or	%g0,%i5,%l3
+/* 0x0054	     */		or	%g0,%i0,%l2
+/* 0x0058	 239 */		ldx	[%o4+%g3],%o4
+/* 0x005c	 234 */		cmp	%l0,16
+/* 0x0060	 232 */		std	%f0,[%i2+%g4]
+/* 0x0064	 234 */		be,pn	%icc,.L77000279
+/* 0x0068	     */		or	%g0,%i3,%l4
+/* 0x006c	 236 */		sll	%l0,2,%g2
+/* 0x0070	 223 */		or	%g0,%o0,%i5
+/* 0x0074	 236 */		add	%g2,2,%o0
+/* 0x0078	 223 */		or	%g0,%i1,%i4
+/* 0x007c	 236 */		cmp	%o0,0
+/* 0x0080	 223 */		or	%g0,%i2,%l1
+/* 0x0084	 236 */		ble,a,pt	%icc,.L900000657
+/* 0x0088	     */		ldd	[%i1],%f6
+
+!  241		      !     pdtj=&(dt[0]);
+!  242		      !     for(j=jj=0;j<2*nlen;j++,jj++,pdtj++)
+!  243		      !       {
+!  244		      !	 m2j=pdm2[j];
+!  245		      !	 a=pdtj[0]+pdn[0]*digit;
+!  246		      !	 b=pdtj[1]+pdm1[0]*pdm2[j+1]+a*TwoToMinus16;
+!  247		      !	 pdtj[1]=b;
+!  249		      !#pragma pipeloop(0)
+!  250		      !	 for(i=1;i<nlen;i++)
+!  251		      !	   {
+!  252		      !	     pdtj[2*i]+=pdm1[i]*m2j+pdn[i]*digit;
+!  253		      !	   }
+!  254		      ! 	 if((jj==30)) {cleanup(dt,j/2+1,2*nlen+1); jj=0;}
+!  255		      !	 
+!  256		      !	 digit=mod(lower32(b,Zero)*dn0,TwoToMinus16,TwoTo16);
+!  257		      !       }
+!  258		      !   }
+!  259		      ! else
+!  260		      !   {
+!  261		      !     a=dt[0]=pdm1[0]*pdm2[0];
+!  263		      !     dt[65]=     dt[64]=     dt[63]=     dt[62]=     dt[61]=     dt[60]=
+!  264		      !     dt[59]=     dt[58]=     dt[57]=     dt[56]=     dt[55]=     dt[54]=
+!  265		      !     dt[53]=     dt[52]=     dt[51]=     dt[50]=     dt[49]=     dt[48]=
+!  266		      !     dt[47]=     dt[46]=     dt[45]=     dt[44]=     dt[43]=     dt[42]=
+!  267		      !     dt[41]=     dt[40]=     dt[39]=     dt[38]=     dt[37]=     dt[36]=
+!  268		      !     dt[35]=     dt[34]=     dt[33]=     dt[32]=     dt[31]=     dt[30]=
+!  269		      !     dt[29]=     dt[28]=     dt[27]=     dt[26]=     dt[25]=     dt[24]=
+!  270		      !     dt[23]=     dt[22]=     dt[21]=     dt[20]=     dt[19]=     dt[18]=
+!  271		      !     dt[17]=     dt[16]=     dt[15]=     dt[14]=     dt[13]=     dt[12]=
+!  272		      !     dt[11]=     dt[10]=     dt[ 9]=     dt[ 8]=     dt[ 7]=     dt[ 6]=
+!  273		      !     dt[ 5]=     dt[ 4]=     dt[ 3]=     dt[ 2]=     dt[ 1]=Zero;
+!  275		      !     pdn_0=pdn[0];
+!  276		      !     pdm1_0=pdm1[0];
+!  278		      !     digit=mod(lower32(a,Zero)*dn0,TwoToMinus16,TwoTo16);
+!  279		      !     pdtj=&(dt[0]);
+!  281		      !     for(j=0;j<32;j++,pdtj++)
+
+/* 0x008c	 281 */		or	%g0,%o0,%o1
+/* 0x0090	 236 */		sub	%o0,1,%g1
+/* 0x0094	     */		or	%g0,0,%g2
+/* 0x0098	 281 */		cmp	%o1,5
+/* 0x009c	     */		bl,pn	%icc,.L77000280
+/* 0x00a0	     */		or	%g0,8,%o0
+/* 0x00a4	     */		std	%f0,[%i3]
+/* 0x00a8	     */		or	%g0,2,%g2
+/* 0x00ac	     */		sub	%g1,2,%o1
+                       .L900000627:
+/* 0x00b0	     */		add	%o0,8,%g3
+/* 0x00b4	     */		std	%f0,[%i3+%o0]
+/* 0x00b8	     */		add	%g2,3,%g2
+/* 0x00bc	     */		add	%o0,16,%o2
+/* 0x00c0	     */		std	%f0,[%i3+%g3]
+/* 0x00c4	     */		cmp	%g2,%o1
+/* 0x00c8	     */		add	%o0,24,%o0
+/* 0x00cc	     */		ble,pt	%icc,.L900000627
+/* 0x00d0	     */		std	%f0,[%i3+%o2]
+                       .L900000630:
+/* 0x00d4	     */		cmp	%g2,%g1
+/* 0x00d8	     */		bg,pn	%icc,.L77000285
+/* 0x00dc	     */		std	%f0,[%i3+%o0]
+                       .L77000280:
+/* 0x00e0	     */		ldd	[%o7],%f0
+                       .L900000656:
+/* 0x00e4	     */		sra	%g2,0,%o0
+/* 0x00e8	     */		add	%g2,1,%g2
+/* 0x00ec	     */		sllx	%o0,3,%o0
+/* 0x00f0	     */		cmp	%g2,%g1
+/* 0x00f4	     */		std	%f0,[%i3+%o0]
+/* 0x00f8	     */		ble,a,pt	%icc,.L900000656
+/* 0x00fc	     */		ldd	[%o7],%f0
+                       .L77000285:
+/* 0x0100	 238 */		ldd	[%i1],%f6
+                       .L900000657:
+/* 0x0104	 238 */		ldd	[%i2],%f8
+/* 0x0108	 242 */		cmp	%o3,0
+/* 0x010c	     */		sub	%o3,1,%o1
+/* 0x0110	 239 */		ldd	[%o7],%f10
+/* 0x0114	     */		add	%o3,1,%o2
+/* 0x0118	   0 */		or	%g0,0,%i2
+/* 0x011c	 238 */		fmuld	%f6,%f8,%f6
+/* 0x0120	     */		std	%f6,[%i3]
+/* 0x0124	   0 */		or	%g0,0,%g3
+/* 0x0128	 239 */		ldd	[%o5],%f8
+/* 0x012c	   0 */		or	%g0,%o2,%g1
+/* 0x0130	 236 */		sub	%l0,1,%i1
+/* 0x0134	 239 */		ldd	[%o4],%f12
+/* 0x0138	 236 */		or	%g0,1,%g4
+/* 0x013c	     */		fdtox	%f6,%f0
+/* 0x0140	     */		fmovs	%f10,%f0
+/* 0x0144	     */		fxtod	%f0,%f6
+/* 0x0148	 239 */		fmuld	%f6,%f14,%f6
+/* 0x014c	     */		fmuld	%f6,%f8,%f8
+/* 0x0150	     */		fdtox	%f8,%f8
+/* 0x0154	     */		fxtod	%f8,%f8
+/* 0x0158	     */		fmuld	%f8,%f12,%f8
+/* 0x015c	     */		fsubd	%f6,%f8,%f20
+/* 0x0160	 242 */		ble,pt	%icc,.L900000650
+/* 0x0164	     */		sllx	%g5,3,%g2
+/* 0x0168	   0 */		st	%o1,[%sp+2223]
+/* 0x016c	 246 */		ldd	[%i5],%f6
+                       .L900000651:
+/* 0x0170	 246 */		sra	%g4,0,%g2
+/* 0x0174	     */		fmuld	%f6,%f20,%f6
+/* 0x0178	     */		ldd	[%i3],%f12
+/* 0x017c	     */		sllx	%g2,3,%g2
+/* 0x0180	     */		ldd	[%i4],%f8
+/* 0x0184	 250 */		cmp	%l0,1
+/* 0x0188	 246 */		ldd	[%l1+%g2],%f10
+/* 0x018c	 244 */		sra	%i2,0,%g2
+/* 0x0190	     */		add	%i2,1,%i0
+/* 0x0194	 246 */		faddd	%f12,%f6,%f6
+/* 0x0198	     */		ldd	[%o5],%f12
+/* 0x019c	 244 */		sllx	%g2,3,%g2
+/* 0x01a0	 246 */		fmuld	%f8,%f10,%f8
+/* 0x01a4	     */		ldd	[%i3+8],%f10
+/* 0x01a8	     */		srl	%i2,31,%o3
+/* 0x01ac	 244 */		ldd	[%l1+%g2],%f18
+/* 0x01b0	   0 */		or	%g0,1,%l5
+/* 0x01b4	 236 */		or	%g0,2,%g2
+/* 0x01b8	 246 */		fmuld	%f6,%f12,%f6
+/* 0x01bc	 250 */		or	%g0,32,%o1
+/* 0x01c0	     */		or	%g0,48,%o2
+/* 0x01c4	 246 */		faddd	%f10,%f8,%f8
+/* 0x01c8	     */		faddd	%f8,%f6,%f16
+/* 0x01cc	 250 */		ble,pn	%icc,.L77000213
+/* 0x01d0	     */		std	%f16,[%i3+8]
+/* 0x01d4	     */		cmp	%i1,8
+/* 0x01d8	     */		sub	%l0,3,%o3
+/* 0x01dc	     */		bl,pn	%icc,.L77000284
+/* 0x01e0	     */		or	%g0,8,%o0
+/* 0x01e4	 252 */		ldd	[%i5+8],%f0
+/* 0x01e8	     */		or	%g0,6,%l5
+/* 0x01ec	     */		ldd	[%i4+8],%f2
+/* 0x01f0	     */		or	%g0,4,%g2
+/* 0x01f4	 250 */		or	%g0,40,%o0
+/* 0x01f8	 252 */		ldd	[%i5+16],%f8
+/* 0x01fc	     */		fmuld	%f0,%f20,%f10
+/* 0x0200	     */		ldd	[%i4+16],%f4
+/* 0x0204	     */		fmuld	%f2,%f18,%f2
+/* 0x0208	     */		ldd	[%i3+16],%f0
+/* 0x020c	     */		fmuld	%f8,%f20,%f12
+/* 0x0210	     */		ldd	[%i4+24],%f6
+/* 0x0214	     */		fmuld	%f4,%f18,%f4
+/* 0x0218	     */		ldd	[%i5+24],%f8
+/* 0x021c	     */		faddd	%f2,%f10,%f2
+/* 0x0220	     */		ldd	[%i4+32],%f14
+/* 0x0224	     */		fmuld	%f6,%f18,%f10
+/* 0x0228	     */		ldd	[%i5+32],%f6
+/* 0x022c	     */		faddd	%f4,%f12,%f4
+/* 0x0230	     */		ldd	[%i4+40],%f12
+/* 0x0234	     */		faddd	%f0,%f2,%f0
+/* 0x0238	     */		std	%f0,[%i3+16]
+/* 0x023c	     */		ldd	[%i3+32],%f0
+/* 0x0240	     */		ldd	[%i3+48],%f2
+                       .L900000639:
+/* 0x0244	     */		add	%o2,16,%l6
+/* 0x0248	 252 */		ldd	[%i5+%o0],%f22
+/* 0x024c	     */		add	%l5,3,%l5
+/* 0x0250	     */		fmuld	%f8,%f20,%f8
+/* 0x0254	 250 */		add	%o0,8,%o0
+/* 0x0258	 252 */		ldd	[%l6+%i3],%f26
+/* 0x025c	     */		cmp	%l5,%o3
+/* 0x0260	     */		ldd	[%i4+%o0],%f24
+/* 0x0264	     */		faddd	%f0,%f4,%f0
+/* 0x0268	     */		add	%g2,6,%g2
+/* 0x026c	     */		faddd	%f10,%f8,%f10
+/* 0x0270	     */		fmuld	%f14,%f18,%f4
+/* 0x0274	     */		std	%f0,[%o1+%i3]
+/* 0x0278	 250 */		add	%o2,32,%o1
+/* 0x027c	 252 */		ldd	[%i5+%o0],%f8
+/* 0x0280	     */		fmuld	%f6,%f20,%f6
+/* 0x0284	 250 */		add	%o0,8,%o0
+/* 0x0288	 252 */		ldd	[%o1+%i3],%f0
+/* 0x028c	     */		ldd	[%i4+%o0],%f14
+/* 0x0290	     */		faddd	%f2,%f10,%f2
+/* 0x0294	     */		faddd	%f4,%f6,%f10
+/* 0x0298	     */		fmuld	%f12,%f18,%f4
+/* 0x029c	     */		std	%f2,[%o2+%i3]
+/* 0x02a0	 250 */		add	%o2,48,%o2
+/* 0x02a4	 252 */		ldd	[%i5+%o0],%f6
+/* 0x02a8	     */		fmuld	%f22,%f20,%f22
+/* 0x02ac	 250 */		add	%o0,8,%o0
+/* 0x02b0	 252 */		ldd	[%o2+%i3],%f2
+/* 0x02b4	     */		ldd	[%i4+%o0],%f12
+/* 0x02b8	     */		faddd	%f26,%f10,%f10
+/* 0x02bc	     */		std	%f10,[%l6+%i3]
+/* 0x02c0	     */		fmuld	%f24,%f18,%f10
+/* 0x02c4	     */		ble,pt	%icc,.L900000639
+/* 0x02c8	     */		faddd	%f4,%f22,%f4
+                       .L900000642:
+/* 0x02cc	 252 */		fmuld	%f8,%f20,%f24
+/* 0x02d0	     */		faddd	%f0,%f4,%f8
+/* 0x02d4	 250 */		add	%o2,16,%o3
+/* 0x02d8	 252 */		ldd	[%o3+%i3],%f4
+/* 0x02dc	     */		fmuld	%f14,%f18,%f0
+/* 0x02e0	     */		cmp	%l5,%i1
+/* 0x02e4	     */		std	%f8,[%o1+%i3]
+/* 0x02e8	     */		fmuld	%f12,%f18,%f8
+/* 0x02ec	 250 */		add	%o2,32,%o1
+/* 0x02f0	 252 */		faddd	%f10,%f24,%f12
+/* 0x02f4	     */		ldd	[%i5+%o0],%f22
+/* 0x02f8	     */		fmuld	%f6,%f20,%f6
+/* 0x02fc	     */		add	%g2,8,%g2
+/* 0x0300	     */		fmuld	%f22,%f20,%f10
+/* 0x0304	     */		faddd	%f2,%f12,%f2
+/* 0x0308	     */		faddd	%f0,%f6,%f6
+/* 0x030c	     */		ldd	[%o1+%i3],%f0
+/* 0x0310	     */		std	%f2,[%o2+%i3]
+/* 0x0314	     */		faddd	%f8,%f10,%f2
+/* 0x0318	     */		sra	%l5,0,%o2
+/* 0x031c	     */		sllx	%o2,3,%o0
+/* 0x0320	     */		faddd	%f4,%f6,%f4
+/* 0x0324	     */		std	%f4,[%o3+%i3]
+/* 0x0328	     */		faddd	%f0,%f2,%f0
+/* 0x032c	     */		std	%f0,[%o1+%i3]
+/* 0x0330	     */		bg,a,pn	%icc,.L77000213
+/* 0x0334	     */		srl	%i2,31,%o3
+                       .L77000284:
+/* 0x0338	 252 */		ldd	[%i4+%o0],%f2
+                       .L900000655:
+/* 0x033c	 252 */		ldd	[%i5+%o0],%f0
+/* 0x0340	     */		fmuld	%f2,%f18,%f2
+/* 0x0344	     */		sra	%g2,0,%o0
+/* 0x0348	     */		sllx	%o0,3,%o1
+/* 0x034c	     */		add	%l5,1,%l5
+/* 0x0350	     */		fmuld	%f0,%f20,%f4
+/* 0x0354	     */		ldd	[%o1+%i3],%f0
+/* 0x0358	     */		sra	%l5,0,%o2
+/* 0x035c	     */		sllx	%o2,3,%o0
+/* 0x0360	     */		add	%g2,2,%g2
+/* 0x0364	     */		cmp	%l5,%i1
+/* 0x0368	     */		faddd	%f2,%f4,%f2
+/* 0x036c	     */		faddd	%f0,%f2,%f0
+/* 0x0370	     */		std	%f0,[%o1+%i3]
+/* 0x0374	     */		ble,a,pt	%icc,.L900000655
+/* 0x0378	     */		ldd	[%i4+%o0],%f2
+                       .L900000626:
+/* 0x037c	     */		srl	%i2,31,%o3
+/* 0x0380	 252 */		ba	.L900000654
+/* 0x0384	     */		cmp	%g3,30
+                       .L77000213:
+/* 0x0388	 254 */		cmp	%g3,30
+                       .L900000654:
+/* 0x038c	     */		add	%i2,%o3,%o0
+/* 0x0390	 254 */		bne,a,pt	%icc,.L900000653
+/* 0x0394	     */		fdtox	%f16,%f0
+/* 0x0398	 281 */		sra	%o0,1,%g2
+/* 0x039c	     */		add	%g2,1,%g2
+/* 0x03a0	     */		ldd	[%o7],%f0
+/* 0x03a4	     */		sll	%g2,1,%o1
+/* 0x03a8	     */		sll	%g1,1,%g2
+/* 0x03ac	     */		or	%g0,%o1,%o2
+/* 0x03b0	     */		fmovd	%f0,%f2
+/* 0x03b4	     */		or	%g0,%g2,%o0
+/* 0x03b8	     */		cmp	%o1,%o0
+/* 0x03bc	     */		sub	%g2,1,%o0
+/* 0x03c0	     */		bge,pt	%icc,.L77000215
+/* 0x03c4	     */		or	%g0,0,%g3
+/* 0x03c8	 254 */		add	%o1,1,%o1
+/* 0x03cc	 281 */		sra	%o2,0,%g2
+                       .L900000652:
+/* 0x03d0	     */		sllx	%g2,3,%g2
+/* 0x03d4	     */		ldd	[%o7],%f6
+/* 0x03d8	     */		add	%o2,2,%o2
+/* 0x03dc	     */		sra	%o1,0,%g3
+/* 0x03e0	     */		ldd	[%g2+%l4],%f8
+/* 0x03e4	     */		cmp	%o2,%o0
+/* 0x03e8	     */		sllx	%g3,3,%g3
+/* 0x03ec	     */		add	%o1,2,%o1
+/* 0x03f0	     */		ldd	[%l4+%g3],%f10
+/* 0x03f4	     */		fdtox	%f8,%f12
+/* 0x03f8	     */		fdtox	%f10,%f4
+/* 0x03fc	     */		fmovd	%f12,%f8
+/* 0x0400	     */		fmovs	%f6,%f12
+/* 0x0404	     */		fmovs	%f6,%f4
+/* 0x0408	     */		fxtod	%f12,%f6
+/* 0x040c	     */		fxtod	%f4,%f12
+/* 0x0410	     */		fdtox	%f10,%f4
+/* 0x0414	     */		faddd	%f6,%f2,%f6
+/* 0x0418	     */		std	%f6,[%g2+%l4]
+/* 0x041c	     */		faddd	%f12,%f0,%f6
+/* 0x0420	     */		std	%f6,[%l4+%g3]
+/* 0x0424	     */		fitod	%f8,%f2
+/* 0x0428	     */		fitod	%f4,%f0
+/* 0x042c	     */		ble,pt	%icc,.L900000652
+/* 0x0430	     */		sra	%o2,0,%g2
+                       .L77000233:
+/* 0x0434	     */		or	%g0,0,%g3
+                       .L77000215:
+/* 0x0438	     */		fdtox	%f16,%f0
+                       .L900000653:
+/* 0x043c	 256 */		ldd	[%o7],%f6
+/* 0x0440	     */		add	%g4,1,%g4
+/* 0x0444	     */		or	%g0,%i0,%i2
+/* 0x0448	     */		ldd	[%o5],%f8
+/* 0x044c	     */		add	%g3,1,%g3
+/* 0x0450	     */		add	%i3,8,%i3
+/* 0x0454	     */		fmovs	%f6,%f0
+/* 0x0458	     */		ldd	[%o4],%f10
+/* 0x045c	     */		ld	[%sp+2223],%o0
+/* 0x0460	     */		fxtod	%f0,%f6
+/* 0x0464	     */		cmp	%i0,%o0
+/* 0x0468	     */		fmuld	%f6,%f30,%f6
+/* 0x046c	     */		fmuld	%f6,%f8,%f8
+/* 0x0470	     */		fdtox	%f8,%f8
+/* 0x0474	     */		fxtod	%f8,%f8
+/* 0x0478	     */		fmuld	%f8,%f10,%f8
+/* 0x047c	     */		fsubd	%f6,%f8,%f20
+/* 0x0480	     */		ble,a,pt	%icc,.L900000651
+/* 0x0484	     */		ldd	[%i5],%f6
+                       .L900000625:
+/* 0x0488	 256 */		ba	.L900000650
+/* 0x048c	     */		sllx	%g5,3,%g2
+                       .L77000279:
+/* 0x0490	 261 */		ldd	[%i1],%f4
+/* 0x0494	     */		ldd	[%i2],%f6
+/* 0x0498	 273 */		std	%f0,[%i3+8]
+/* 0x049c	     */		std	%f0,[%i3+16]
+/* 0x04a0	 261 */		fmuld	%f4,%f6,%f6
+/* 0x04a4	     */		std	%f6,[%i3]
+/* 0x04a8	 273 */		std	%f0,[%i3+24]
+/* 0x04ac	     */		std	%f0,[%i3+32]
+/* 0x04b0	     */		fdtox	%f6,%f2
+/* 0x04b4	     */		std	%f0,[%i3+40]
+/* 0x04b8	     */		std	%f0,[%i3+48]
+/* 0x04bc	     */		std	%f0,[%i3+56]
+/* 0x04c0	     */		std	%f0,[%i3+64]
+/* 0x04c4	     */		fmovs	%f0,%f2
+/* 0x04c8	     */		std	%f0,[%i3+72]
+/* 0x04cc	     */		std	%f0,[%i3+80]
+/* 0x04d0	     */		std	%f0,[%i3+88]
+/* 0x04d4	     */		std	%f0,[%i3+96]
+/* 0x04d8	     */		std	%f0,[%i3+104]
+/* 0x04dc	     */		std	%f0,[%i3+112]
+/* 0x04e0	     */		std	%f0,[%i3+120]
+/* 0x04e4	     */		std	%f0,[%i3+128]
+/* 0x04e8	     */		std	%f0,[%i3+136]
+/* 0x04ec	     */		std	%f0,[%i3+144]
+/* 0x04f0	     */		std	%f0,[%i3+152]
+/* 0x04f4	     */		std	%f0,[%i3+160]
+/* 0x04f8	     */		std	%f0,[%i3+168]
+/* 0x04fc	     */		fxtod	%f2,%f6
+/* 0x0500	     */		std	%f0,[%i3+176]
+/* 0x0504	 281 */		or	%g0,1,%o2
+/* 0x0508	 273 */		std	%f0,[%i3+184]
+
+!  282		      !       {
+!  284		      !	 m2j=pdm2[j];
+!  285		      !	 a=pdtj[0]+pdn_0*digit;
+!  286		      !	 b=pdtj[1]+pdm1_0*pdm2[j+1]+a*TwoToMinus16;
+
+/* 0x050c	 286 */		sra	%o2,0,%g2
+/* 0x0510	 279 */		or	%g0,%i3,%o3
+/* 0x0514	 273 */		std	%f0,[%i3+192]
+/* 0x0518	 278 */		fmuld	%f6,%f14,%f6
+/* 0x051c	 281 */		or	%g0,0,%g1
+/* 0x0520	 273 */		std	%f0,[%i3+200]
+/* 0x0524	     */		std	%f0,[%i3+208]
+/* 0x0528	     */		std	%f0,[%i3+216]
+/* 0x052c	     */		std	%f0,[%i3+224]
+/* 0x0530	     */		std	%f0,[%i3+232]
+/* 0x0534	     */		std	%f0,[%i3+240]
+/* 0x0538	     */		std	%f0,[%i3+248]
+/* 0x053c	     */		std	%f0,[%i3+256]
+/* 0x0540	     */		std	%f0,[%i3+264]
+/* 0x0544	     */		std	%f0,[%i3+272]
+/* 0x0548	     */		std	%f0,[%i3+280]
+/* 0x054c	     */		std	%f0,[%i3+288]
+/* 0x0550	     */		std	%f0,[%i3+296]
+/* 0x0554	     */		std	%f0,[%i3+304]
+/* 0x0558	     */		std	%f0,[%i3+312]
+/* 0x055c	     */		std	%f0,[%i3+320]
+/* 0x0560	     */		std	%f0,[%i3+328]
+/* 0x0564	     */		std	%f0,[%i3+336]
+/* 0x0568	     */		std	%f0,[%i3+344]
+/* 0x056c	     */		std	%f0,[%i3+352]
+/* 0x0570	     */		std	%f0,[%i3+360]
+/* 0x0574	     */		std	%f0,[%i3+368]
+/* 0x0578	     */		std	%f0,[%i3+376]
+/* 0x057c	     */		std	%f0,[%i3+384]
+/* 0x0580	     */		std	%f0,[%i3+392]
+/* 0x0584	     */		std	%f0,[%i3+400]
+/* 0x0588	     */		std	%f0,[%i3+408]
+/* 0x058c	     */		std	%f0,[%i3+416]
+/* 0x0590	     */		std	%f0,[%i3+424]
+/* 0x0594	     */		std	%f0,[%i3+432]
+/* 0x0598	     */		std	%f0,[%i3+440]
+/* 0x059c	     */		std	%f0,[%i3+448]
+/* 0x05a0	     */		std	%f0,[%i3+456]
+/* 0x05a4	     */		std	%f0,[%i3+464]
+/* 0x05a8	     */		std	%f0,[%i3+472]
+/* 0x05ac	     */		std	%f0,[%i3+480]
+/* 0x05b0	     */		std	%f0,[%i3+488]
+/* 0x05b4	     */		std	%f0,[%i3+496]
+/* 0x05b8	 278 */		ldd	[%o5],%f8
+/* 0x05bc	     */		ldd	[%o4],%f10
+/* 0x05c0	     */		fmuld	%f6,%f8,%f8
+/* 0x05c4	 273 */		std	%f0,[%i3+504]
+/* 0x05c8	     */		std	%f0,[%i3+512]
+/* 0x05cc	     */		std	%f0,[%i3+520]
+/* 0x05d0	     */		fdtox	%f8,%f8
+/* 0x05d4	 275 */		ldd	[%o0],%f0
+/* 0x05d8	     */		fxtod	%f8,%f8
+/* 0x05dc	     */		fmuld	%f8,%f10,%f8
+/* 0x05e0	     */		fsubd	%f6,%f8,%f2
+
+!  287		      !	 pdtj[1]=b;
+!  289		      !	 /**** this loop will be fully unrolled:
+!  290		      !	 for(i=1;i<16;i++)
+!  291		      !	   {
+!  292		      !	     pdtj[2*i]+=pdm1[i]*m2j+pdn[i]*digit;
+!  293		      !	   }
+!  294		      !	 *************************************/
+!  295		      !	     pdtj[2]+=pdm1[1]*m2j+pdn[1]*digit;
+!  296		      !	     pdtj[4]+=pdm1[2]*m2j+pdn[2]*digit;
+!  297		      !	     pdtj[6]+=pdm1[3]*m2j+pdn[3]*digit;
+!  298		      !	     pdtj[8]+=pdm1[4]*m2j+pdn[4]*digit;
+!  299		      !	     pdtj[10]+=pdm1[5]*m2j+pdn[5]*digit;
+!  300		      !	     pdtj[12]+=pdm1[6]*m2j+pdn[6]*digit;
+!  301		      !	     pdtj[14]+=pdm1[7]*m2j+pdn[7]*digit;
+!  302		      !	     pdtj[16]+=pdm1[8]*m2j+pdn[8]*digit;
+!  303		      !	     pdtj[18]+=pdm1[9]*m2j+pdn[9]*digit;
+!  304		      !	     pdtj[20]+=pdm1[10]*m2j+pdn[10]*digit;
+!  305		      !	     pdtj[22]+=pdm1[11]*m2j+pdn[11]*digit;
+!  306		      !	     pdtj[24]+=pdm1[12]*m2j+pdn[12]*digit;
+!  307		      !	     pdtj[26]+=pdm1[13]*m2j+pdn[13]*digit;
+!  308		      !	     pdtj[28]+=pdm1[14]*m2j+pdn[14]*digit;
+!  309		      !	     pdtj[30]+=pdm1[15]*m2j+pdn[15]*digit;
+!  310		      !	 /* no need for cleenup, cannot overflow */
+!  311		      !	 digit=mod(lower32(b,Zero)*dn0,TwoToMinus16,TwoTo16);
+
+
+	fmovd %f2,%f0		! hand modified
+	fmovd %f30,%f18		! hand modified
+	ldd [%o0],%f2
+	ldd [%o3],%f8
+	ldd [%i1],%f10
+	ldd [%o5],%f14		! hand modified
+	ldd [%o4],%f16		! hand modified
+	ldd [%i2],%f24
+
+	ldd [%i1+8],%f26
+	ldd [%i1+16],%f40
+	ldd [%i1+48],%f46
+	ldd [%i1+56],%f30
+	ldd [%i1+64],%f54
+	ldd [%i1+104],%f34
+	ldd [%i1+112],%f58
+
+	ldd [%o0+8],%f28	
+	ldd [%o0+104],%f38
+	ldd [%o0+112],%f60
+
+	.L99999999: 			!1
+	ldd	[%i1+24],%f32
+	fmuld	%f0,%f2,%f4 	!2
+	ldd	[%o0+24],%f36
+	fmuld	%f26,%f24,%f20 	!3
+	ldd	[%i1+40],%f42
+	fmuld	%f28,%f0,%f22 	!4
+	ldd	[%o0+40],%f44
+	fmuld	%f32,%f24,%f32 	!5
+	ldd	[%i2+8],%f6
+	faddd	%f4,%f8,%f4
+	fmuld	%f36,%f0,%f36 	!6
+	add	%i2,8,%i2
+	ldd	[%o0+56],%f50
+	fmuld	%f42,%f24,%f42 	!7
+	ldd	[%i1+72],%f52
+	faddd	%f20,%f22,%f20
+	fmuld	%f44,%f0,%f44 	!8
+	ldd	[%o3+16],%f22
+	fmuld	%f10,%f6,%f12 	!9
+	ldd	[%o0+72],%f56
+	faddd	%f32,%f36,%f32
+	fmuld	%f14,%f4,%f4 !10
+	ldd	[%o3+48],%f36
+	fmuld	%f30,%f24,%f48 	!11
+	ldd	[%o3+8],%f8
+	faddd	%f20,%f22,%f20
+	fmuld	%f50,%f0,%f50	!12
+	std	%f20,[%o3+16]
+	faddd	%f42,%f44,%f42
+	fmuld	%f52,%f24,%f52 	!13
+	ldd	[%o3+80],%f44
+	faddd	%f4,%f12,%f4
+	fmuld	%f56,%f0,%f56 	!14
+	ldd	[%i1+88],%f20
+	faddd	%f32,%f36,%f32 	!15
+	ldd	[%o0+88],%f22
+	faddd	%f48,%f50,%f48 	!16
+	ldd	[%o3+112],%f50
+	faddd	%f52,%f56,%f52 	!17
+	ldd	[%o3+144],%f56
+	faddd	%f4,%f8,%f8
+	fmuld	%f20,%f24,%f20 	!18
+	std	%f32,[%o3+48]
+	faddd	%f42,%f44,%f42
+	fmuld	%f22,%f0,%f22 	!19
+	std	%f42,[%o3+80]
+	faddd	%f48,%f50,%f48
+	fmuld	%f34,%f24,%f32 	!20
+	std	%f48,[%o3+112]
+	faddd	%f52,%f56,%f52
+	fmuld	%f38,%f0,%f36 	!21
+	ldd	[%i1+120],%f42
+	fdtox	%f8,%f4 		!22
+	std	%f52,[%o3+144]
+	faddd	%f20,%f22,%f20 	!23
+	ldd	[%o0+120],%f44 	!24
+	ldd	[%o3+176],%f22
+	faddd	%f32,%f36,%f32
+	fmuld	%f42,%f24,%f42 	!25
+	ldd	[%o0+16],%f50
+	fmovs	%f17,%f4 	!26
+	ldd	[%i1+32],%f52
+	fmuld	%f44,%f0,%f44 	!27
+	ldd	[%o0+32],%f56
+	fmuld	%f40,%f24,%f48 	!28
+	ldd	[%o3+208],%f36
+	faddd	%f20,%f22,%f20
+	fmuld	%f50,%f0,%f50 	!29
+	std	%f20,[%o3+176]
+	fxtod	%f4,%f4
+	fmuld	%f52,%f24,%f52 	!30
+	ldd	[%o0+48],%f22
+	faddd	%f42,%f44,%f42
+	fmuld	%f56,%f0,%f56 	!31
+	ldd	[%o3+240],%f44
+	faddd	%f32,%f36,%f32 	!32
+	std	%f32,[%o3+208]
+	faddd	%f48,%f50,%f48
+	fmuld	%f46,%f24,%f20 	!33
+	ldd	[%o3+32],%f50
+	fmuld	%f4,%f18,%f12 	!34
+	ldd	[%o0+64],%f36
+	faddd	%f52,%f56,%f52
+	fmuld	%f22,%f0,%f22 	!35
+	ldd	[%o3+64],%f56
+	faddd	%f42,%f44,%f42 	!36
+	std	%f42,[%o3+240]
+	faddd	%f48,%f50,%f48
+	fmuld	%f54,%f24,%f32 	!37
+	std	%f48,[%o3+32]
+	fmuld	%f12,%f14,%f4 !38
+	ldd	[%i1+80],%f42
+	faddd	%f52,%f56,%f56	! yes, tmp52!
+	fmuld	%f36,%f0,%f36 	!39
+	ldd	[%o0+80],%f44
+	faddd	%f20,%f22,%f20 	!40
+	ldd	[%i1+96],%f48
+	fmuld	%f58,%f24,%f52 	!41
+	ldd	[%o0+96],%f50
+	fdtox	%f4,%f4
+	fmuld	%f42,%f24,%f42 	!42
+	std	%f56,[%o3+64]	! yes, tmp52!
+	faddd	%f32,%f36,%f32
+	fmuld	%f44,%f0,%f44 	!43
+	ldd	[%o3+96],%f22
+	fmuld	%f48,%f24,%f48 	!44
+	ldd	[%o3+128],%f36
+	fmovd	%f6,%f24
+	fmuld	%f50,%f0,%f50 	!45
+	fxtod	%f4,%f4
+	fmuld	%f60,%f0,%f56 	!46
+	add	%o3,8,%o3
+	faddd	%f42,%f44,%f42 	!47
+	ldd	[%o3+160-8],%f44
+	faddd	%f20,%f22,%f20 	!48
+	std	%f20,[%o3+96-8]
+	faddd	%f48,%f50,%f48 	!49
+	ldd	[%o3+192-8],%f50
+	faddd	%f52,%f56,%f52
+	fmuld	%f4,%f16,%f4 	!50
+	ldd	[%o3+224-8],%f56
+	faddd	%f32,%f36,%f32 	!51
+	std	%f32,[%o3+128-8]
+	faddd	%f42,%f44,%f42 	!52
+	add	%g1,1,%g1
+	std	%f42,[%o3+160-8]
+	faddd	%f48,%f50,%f48 	!53
+	cmp	%g1,31
+	std	%f48,[%o3+192-8]
+	fsubd	%f12,%f4,%f0 	!54
+	faddd	%f52,%f56,%f52
+	ble,pt	%icc,.L99999999
+	std	%f52,[%o3+224-8] 	!55
+	std %f8,[%o3]
+!  312		      !       }
+!  313		      !   }
+!  315		      ! conv_d16_to_i32(result,dt+2*nlen,(long long *)dt,nlen+1);
+
+/* 0x0844	 315 */		sllx	%g5,3,%g2
+                       .L900000650:
+/* 0x0848	 315 */		ldd	[%g2+%l4],%f2
+/* 0x084c	     */		add	%l4,%g2,%o0
+/* 0x0850	     */		or	%g0,0,%g1
+/* 0x0854	     */		ldd	[%o0+8],%f4
+/* 0x0858	     */		or	%g0,0,%i2
+/* 0x085c	     */		cmp	%l0,0
+/* 0x0860	     */		fdtox	%f2,%f2
+/* 0x0864	     */		std	%f2,[%sp+2255]
+/* 0x0868	 311 */		sethi	%hi(0xfc00),%o3
+/* 0x086c	 315 */		fdtox	%f4,%f2
+/* 0x0870	     */		std	%f2,[%sp+2247]
+/* 0x0874	 311 */		or	%g0,-1,%o2
+/* 0x0878	     */		srl	%o2,0,%o5
+/* 0x087c	     */		or	%g0,2,%g5
+/* 0x0880	     */		sub	%l0,1,%g3
+/* 0x0884	     */		or	%g0,%o0,%o7
+/* 0x0888	     */		add	%o3,1023,%o4
+/* 0x088c	 315 */		or	%g0,64,%o3
+/* 0x0890	     */		ldx	[%sp+2255],%i0
+/* 0x0894	     */		sub	%l0,2,%o1
+/* 0x0898	     */		ldx	[%sp+2247],%i1
+/* 0x089c	     */		ble,pt	%icc,.L900000648
+/* 0x08a0	     */		sethi	%hi(0xfc00),%g2
+/* 0x08a4	     */		cmp	%l0,6
+/* 0x08a8	     */		and	%i0,%o5,%o2
+/* 0x08ac	     */		bl,pn	%icc,.L77000287
+/* 0x08b0	     */		or	%g0,3,%g4
+/* 0x08b4	     */		ldd	[%o7+16],%f0
+/* 0x08b8	     */		and	%i1,%o4,%i3
+/* 0x08bc	     */		sllx	%i3,16,%o0
+/* 0x08c0	     */		or	%g0,5,%g4
+/* 0x08c4	     */		srax	%i1,16,%i4
+/* 0x08c8	     */		fdtox	%f0,%f0
+/* 0x08cc	     */		std	%f0,[%sp+2239]
+/* 0x08d0	     */		srax	%i0,32,%i1
+/* 0x08d4	     */		add	%o2,%o0,%i5
+/* 0x08d8	     */		ldd	[%o7+24],%f0
+/* 0x08dc	     */		and	%i5,%o5,%l1
+/* 0x08e0	     */		or	%g0,72,%o2
+/* 0x08e4	     */		or	%g0,4,%o0
+/* 0x08e8	     */		or	%g0,4,%g5
+/* 0x08ec	     */		ldx	[%sp+2239],%g1
+/* 0x08f0	     */		fdtox	%f0,%f0
+/* 0x08f4	     */		or	%g0,4,%i2
+/* 0x08f8	     */		std	%f0,[%sp+2231]
+/* 0x08fc	     */		ldd	[%o7+40],%f2
+/* 0x0900	     */		and	%g1,%o5,%i3
+/* 0x0904	     */		ldd	[%o7+32],%f0
+/* 0x0908	     */		srax	%g1,32,%g1
+/* 0x090c	     */		ldd	[%o7+56],%f4
+/* 0x0910	     */		fdtox	%f2,%f2
+/* 0x0914	     */		ldx	[%sp+2231],%g2
+/* 0x0918	     */		fdtox	%f0,%f0
+/* 0x091c	     */		st	%l1,[%l2]
+/* 0x0920	     */		srax	%i5,32,%l1
+/* 0x0924	     */		fdtox	%f4,%f4
+/* 0x0928	     */		std	%f2,[%sp+2231]
+/* 0x092c	     */		and	%g2,%o4,%i5
+/* 0x0930	     */		add	%i4,%l1,%i4
+/* 0x0934	     */		std	%f0,[%sp+2239]
+/* 0x0938	     */		sllx	%i5,16,%i0
+/* 0x093c	     */		add	%i1,%i4,%i1
+/* 0x0940	     */		ldd	[%o7+48],%f2
+/* 0x0944	     */		srax	%g2,16,%g2
+/* 0x0948	     */		add	%i3,%i0,%i0
+/* 0x094c	     */		ldd	[%o7+72],%f0
+/* 0x0950	     */		add	%i0,%i1,%i3
+/* 0x0954	     */		srax	%i3,32,%i4
+/* 0x0958	     */		fdtox	%f2,%f2
+/* 0x095c	     */		and	%i3,%o5,%i3
+/* 0x0960	     */		ldx	[%sp+2231],%i1
+/* 0x0964	     */		add	%g2,%i4,%g2
+/* 0x0968	     */		ldx	[%sp+2239],%i0
+/* 0x096c	     */		add	%g1,%g2,%g1
+/* 0x0970	     */		std	%f2,[%sp+2239]
+/* 0x0974	     */		std	%f4,[%sp+2231]
+/* 0x0978	     */		ldd	[%o7+64],%f2
+/* 0x097c	     */		st	%i3,[%l2+4]
+                       .L900000631:
+/* 0x0980	     */		ldx	[%sp+2231],%i3
+/* 0x0984	     */		add	%i2,2,%i2
+/* 0x0988	     */		add	%g4,4,%g4
+/* 0x098c	     */		ldx	[%sp+2239],%i5
+/* 0x0990	     */		add	%o2,16,%o2
+/* 0x0994	     */		and	%i1,%o4,%g2
+/* 0x0998	     */		sllx	%g2,16,%i4
+/* 0x099c	     */		and	%i0,%o5,%g2
+/* 0x09a0	     */		ldd	[%o7+%o2],%f4
+/* 0x09a4	     */		fdtox	%f0,%f0
+/* 0x09a8	     */		std	%f0,[%sp+2231]
+/* 0x09ac	     */		srax	%i1,16,%i1
+/* 0x09b0	     */		add	%g2,%i4,%g2
+/* 0x09b4	     */		fdtox	%f2,%f0
+/* 0x09b8	     */		add	%o3,16,%o3
+/* 0x09bc	     */		std	%f0,[%sp+2239]
+/* 0x09c0	     */		add	%g2,%g1,%g1
+/* 0x09c4	     */		ldd	[%o7+%o3],%f2
+/* 0x09c8	     */		srax	%g1,32,%i4
+/* 0x09cc	     */		cmp	%i2,%o1
+/* 0x09d0	     */		srax	%i0,32,%g2
+/* 0x09d4	     */		add	%i1,%i4,%i0
+/* 0x09d8	     */		add	%g2,%i0,%i4
+/* 0x09dc	     */		add	%o0,4,%o0
+/* 0x09e0	     */		and	%g1,%o5,%g2
+/* 0x09e4	     */		or	%g0,%i5,%g1
+/* 0x09e8	     */		st	%g2,[%l2+%o0]
+/* 0x09ec	     */		add	%g5,4,%g5
+/* 0x09f0	     */		ldx	[%sp+2231],%i1
+/* 0x09f4	     */		ldx	[%sp+2239],%i0
+/* 0x09f8	     */		add	%o2,16,%o2
+/* 0x09fc	     */		and	%i3,%o4,%g2
+/* 0x0a00	     */		sllx	%g2,16,%i5
+/* 0x0a04	     */		and	%g1,%o5,%g2
+/* 0x0a08	     */		ldd	[%o7+%o2],%f0
+/* 0x0a0c	     */		fdtox	%f4,%f4
+/* 0x0a10	     */		std	%f4,[%sp+2231]
+/* 0x0a14	     */		srax	%i3,16,%i3
+/* 0x0a18	     */		add	%g2,%i5,%g2
+/* 0x0a1c	     */		fdtox	%f2,%f2
+/* 0x0a20	     */		add	%o3,16,%o3
+/* 0x0a24	     */		std	%f2,[%sp+2239]
+/* 0x0a28	     */		add	%g2,%i4,%g2
+/* 0x0a2c	     */		ldd	[%o7+%o3],%f2
+/* 0x0a30	     */		srax	%g2,32,%i4
+/* 0x0a34	     */		srax	%g1,32,%g1
+/* 0x0a38	     */		add	%i3,%i4,%i3
+/* 0x0a3c	     */		add	%g1,%i3,%g1
+/* 0x0a40	     */		add	%o0,4,%o0
+/* 0x0a44	     */		and	%g2,%o5,%g2
+/* 0x0a48	     */		ble,pt	%icc,.L900000631
+/* 0x0a4c	     */		st	%g2,[%l2+%o0]
+                       .L900000634:
+/* 0x0a50	     */		srax	%i1,16,%i5
+/* 0x0a54	     */		ldx	[%sp+2231],%o1
+/* 0x0a58	     */		and	%i1,%o4,%i3
+/* 0x0a5c	     */		sllx	%i3,16,%i3
+/* 0x0a60	     */		ldx	[%sp+2239],%i4
+/* 0x0a64	     */		and	%i0,%o5,%g2
+/* 0x0a68	     */		add	%g2,%i3,%g2
+/* 0x0a6c	     */		and	%o1,%o4,%i3
+/* 0x0a70	     */		fdtox	%f0,%f4
+/* 0x0a74	     */		sllx	%i3,16,%i3
+/* 0x0a78	     */		std	%f4,[%sp+2231]
+/* 0x0a7c	     */		add	%g2,%g1,%g2
+/* 0x0a80	     */		srax	%g2,32,%l1
+/* 0x0a84	     */		and	%i4,%o5,%i1
+/* 0x0a88	     */		fdtox	%f2,%f0
+/* 0x0a8c	     */		srax	%i0,32,%g1
+/* 0x0a90	     */		std	%f0,[%sp+2239]
+/* 0x0a94	     */		add	%i5,%l1,%i0
+/* 0x0a98	     */		srax	%o1,16,%o1
+/* 0x0a9c	     */		add	%g1,%i0,%i0
+/* 0x0aa0	     */		add	%o0,4,%g1
+/* 0x0aa4	     */		add	%i1,%i3,%o0
+/* 0x0aa8	     */		and	%g2,%o5,%g2
+/* 0x0aac	     */		st	%g2,[%l2+%g1]
+/* 0x0ab0	     */		add	%o0,%i0,%o0
+/* 0x0ab4	     */		srax	%o0,32,%i3
+/* 0x0ab8	     */		ldx	[%sp+2231],%i1
+/* 0x0abc	     */		add	%g1,4,%g1
+/* 0x0ac0	     */		ldx	[%sp+2239],%i0
+/* 0x0ac4	     */		and	%o0,%o5,%g2
+/* 0x0ac8	     */		add	%o1,%i3,%o1
+/* 0x0acc	     */		srax	%i4,32,%o0
+/* 0x0ad0	     */		cmp	%i2,%g3
+/* 0x0ad4	     */		st	%g2,[%l2+%g1]
+/* 0x0ad8	     */		bg,pn	%icc,.L77000236
+/* 0x0adc	     */		add	%o0,%o1,%g1
+/* 0x0ae0	     */		add	%g4,6,%g4
+/* 0x0ae4	     */		add	%g5,6,%g5
+                       .L77000287:
+/* 0x0ae8	     */		sra	%g5,0,%o1
+                       .L900000647:
+/* 0x0aec	     */		sllx	%o1,3,%o2
+/* 0x0af0	     */		and	%i0,%o5,%o0
+/* 0x0af4	     */		ldd	[%o7+%o2],%f0
+/* 0x0af8	     */		sra	%g4,0,%o2
+/* 0x0afc	     */		and	%i1,%o4,%o1
+/* 0x0b00	     */		sllx	%o2,3,%o2
+/* 0x0b04	     */		add	%g1,%o0,%o0
+/* 0x0b08	     */		fdtox	%f0,%f0
+/* 0x0b0c	     */		std	%f0,[%sp+2239]
+/* 0x0b10	     */		sllx	%o1,16,%o1
+/* 0x0b14	     */		add	%o0,%o1,%o1
+/* 0x0b18	     */		add	%g5,2,%g5
+/* 0x0b1c	     */		ldd	[%o7+%o2],%f0
+/* 0x0b20	     */		srax	%o1,32,%g1
+/* 0x0b24	     */		and	%o1,%o5,%o2
+/* 0x0b28	     */		srax	%i1,16,%o0
+/* 0x0b2c	     */		add	%g4,2,%g4
+/* 0x0b30	     */		fdtox	%f0,%f0
+/* 0x0b34	     */		std	%f0,[%sp+2231]
+/* 0x0b38	     */		sra	%i2,0,%o1
+/* 0x0b3c	     */		sllx	%o1,2,%o1
+/* 0x0b40	     */		add	%o0,%g1,%g2
+/* 0x0b44	     */		srax	%i0,32,%g1
+/* 0x0b48	     */		add	%i2,1,%i2
+/* 0x0b4c	     */		add	%g1,%g2,%g1
+/* 0x0b50	     */		cmp	%i2,%g3
+/* 0x0b54	     */		ldx	[%sp+2239],%o3
+/* 0x0b58	     */		ldx	[%sp+2231],%i1
+/* 0x0b5c	     */		st	%o2,[%l2+%o1]
+/* 0x0b60	     */		or	%g0,%o3,%i0
+/* 0x0b64	     */		ble,pt	%icc,.L900000647
+/* 0x0b68	     */		sra	%g5,0,%o1
+                       .L77000236:
+/* 0x0b6c	     */		sethi	%hi(0xfc00),%g2
+                       .L900000648:
+/* 0x0b70	     */		or	%g0,-1,%o0
+/* 0x0b74	     */		add	%g2,1023,%g2
+/* 0x0b78	     */		srl	%o0,0,%g3
+/* 0x0b7c	     */		and	%i1,%g2,%g2
+/* 0x0b80	     */		and	%i0,%g3,%g4
+/* 0x0b84	     */		sllx	%g2,16,%g2
+/* 0x0b88	     */		add	%g1,%g4,%g4
+/* 0x0b8c	     */		sra	%i2,0,%g5
+/* 0x0b90	     */		add	%g4,%g2,%g4
+/* 0x0b94	     */		sllx	%g5,2,%g2
+/* 0x0b98	     */		and	%g4,%g3,%g3
+/* 0x0b9c	     */		st	%g3,[%l2+%g2]
+
+!  317		      ! adjust_montf_result(result,nint,nlen); 
+
+/* 0x0ba0	 317 */		sra	%l0,0,%g4
+/* 0x0ba4	     */		sllx	%g4,2,%g2
+/* 0x0ba8	     */		ld	[%l2+%g2],%g2
+/* 0x0bac	     */		cmp	%g2,0
+/* 0x0bb0	     */		bleu,pn	%icc,.L77000241
+/* 0x0bb4	     */		or	%g0,-1,%o1
+/* 0x0bb8	     */		ba	.L900000646
+/* 0x0bbc	     */		cmp	%o1,0
+                       .L77000241:
+/* 0x0bc0	     */		sub	%l0,1,%o1
+/* 0x0bc4	     */		cmp	%o1,0
+/* 0x0bc8	     */		bl,pn	%icc,.L77000244
+/* 0x0bcc	     */		sra	%o1,0,%g2
+                       .L900000645:
+/* 0x0bd0	     */		sllx	%g2,2,%g2
+/* 0x0bd4	     */		sub	%o1,1,%o0
+/* 0x0bd8	     */		ld	[%l3+%g2],%g3
+/* 0x0bdc	     */		ld	[%l2+%g2],%g2
+/* 0x0be0	     */		cmp	%g2,%g3
+/* 0x0be4	     */		bne,pn	%icc,.L77000244
+/* 0x0be8	     */		nop
+/* 0x0bec	   0 */		or	%g0,%o0,%o1
+/* 0x0bf0	 317 */		cmp	%o0,0
+/* 0x0bf4	     */		bge,pt	%icc,.L900000645
+/* 0x0bf8	     */		sra	%o1,0,%g2
+                       .L77000244:
+/* 0x0bfc	     */		cmp	%o1,0
+                       .L900000646:
+/* 0x0c00	     */		bl,pn	%icc,.L77000288
+/* 0x0c04	     */		sra	%o1,0,%g2
+/* 0x0c08	     */		sllx	%g2,2,%g2
+/* 0x0c0c	     */		ld	[%l3+%g2],%g3
+/* 0x0c10	     */		ld	[%l2+%g2],%g2
+/* 0x0c14	     */		cmp	%g2,%g3
+/* 0x0c18	     */		bleu,pt	%icc,.L77000224
+/* 0x0c1c	     */		nop
+                       .L77000288:
+/* 0x0c20	     */		cmp	%l0,0
+/* 0x0c24	     */		ble,pt	%icc,.L77000224
+/* 0x0c28	     */		nop
+/* 0x0c2c	 317 */		or	%g0,-1,%g2
+/* 0x0c30	 315 */		or	%g0,0,%i0
+/* 0x0c34	 317 */		srl	%g2,0,%g2
+/* 0x0c38	 315 */		or	%g0,0,%g4
+/* 0x0c3c	     */		or	%g0,0,%o1
+/* 0x0c40	 317 */		sub	%l0,1,%g5
+/* 0x0c44	     */		cmp	%l0,9
+/* 0x0c48	 315 */		or	%g0,8,%o5
+/* 0x0c4c	     */		bl,pn	%icc,.L77000289
+/* 0x0c50	     */		sub	%l0,4,%o7
+/* 0x0c54	     */		ld	[%l2],%o1
+/* 0x0c58	     */		or	%g0,5,%i0
+/* 0x0c5c	     */		ld	[%l3],%o2
+/* 0x0c60	     */		or	%g0,12,%o4
+/* 0x0c64	     */		or	%g0,16,%g1
+/* 0x0c68	     */		ld	[%l3+4],%o3
+/* 0x0c6c	     */		ld	[%l2+4],%o0
+/* 0x0c70	     */		sub	%o1,%o2,%o1
+/* 0x0c74	     */		ld	[%l3+8],%i1
+/* 0x0c78	     */		and	%o1,%g2,%g4
+/* 0x0c7c	     */		st	%g4,[%l2]
+/* 0x0c80	     */		srax	%o1,32,%g4
+/* 0x0c84	     */		sub	%o0,%o3,%o0
+/* 0x0c88	     */		ld	[%l3+12],%o2
+/* 0x0c8c	     */		add	%o0,%g4,%o0
+/* 0x0c90	     */		and	%o0,%g2,%g4
+/* 0x0c94	     */		st	%g4,[%l2+4]
+/* 0x0c98	     */		srax	%o0,32,%o0
+/* 0x0c9c	     */		ld	[%l2+8],%o1
+/* 0x0ca0	     */		ld	[%l2+12],%o3
+/* 0x0ca4	     */		sub	%o1,%i1,%o1
+                       .L900000635:
+/* 0x0ca8	     */		add	%g1,4,%g3
+/* 0x0cac	     */		ld	[%g1+%l2],%g4
+/* 0x0cb0	     */		add	%o1,%o0,%o0
+/* 0x0cb4	     */		ld	[%l3+%g1],%i1
+/* 0x0cb8	     */		sub	%o3,%o2,%o1
+/* 0x0cbc	     */		and	%o0,%g2,%o2
+/* 0x0cc0	     */		st	%o2,[%o5+%l2]
+/* 0x0cc4	     */		srax	%o0,32,%o2
+/* 0x0cc8	     */		add	%i0,4,%i0
+/* 0x0ccc	     */		add	%g1,8,%o5
+/* 0x0cd0	     */		ld	[%g3+%l2],%o0
+/* 0x0cd4	     */		add	%o1,%o2,%o1
+/* 0x0cd8	     */		ld	[%l3+%g3],%o3
+/* 0x0cdc	     */		sub	%g4,%i1,%o2
+/* 0x0ce0	     */		and	%o1,%g2,%g4
+/* 0x0ce4	     */		st	%g4,[%o4+%l2]
+/* 0x0ce8	     */		srax	%o1,32,%g4
+/* 0x0cec	     */		cmp	%i0,%o7
+/* 0x0cf0	     */		add	%g1,12,%o4
+/* 0x0cf4	     */		ld	[%o5+%l2],%o1
+/* 0x0cf8	     */		add	%o2,%g4,%o2
+/* 0x0cfc	     */		ld	[%l3+%o5],%i1
+/* 0x0d00	     */		sub	%o0,%o3,%o0
+/* 0x0d04	     */		and	%o2,%g2,%o3
+/* 0x0d08	     */		st	%o3,[%g1+%l2]
+/* 0x0d0c	     */		srax	%o2,32,%g4
+/* 0x0d10	     */		ld	[%o4+%l2],%o3
+/* 0x0d14	     */		add	%g1,16,%g1
+/* 0x0d18	     */		add	%o0,%g4,%o0
+/* 0x0d1c	     */		ld	[%l3+%o4],%o2
+/* 0x0d20	     */		sub	%o1,%i1,%o1
+/* 0x0d24	     */		and	%o0,%g2,%g4
+/* 0x0d28	     */		st	%g4,[%g3+%l2]
+/* 0x0d2c	     */		ble,pt	%icc,.L900000635
+/* 0x0d30	     */		srax	%o0,32,%o0
+                       .L900000638:
+/* 0x0d34	     */		add	%o1,%o0,%g3
+/* 0x0d38	     */		sub	%o3,%o2,%o1
+/* 0x0d3c	     */		ld	[%g1+%l2],%o0
+/* 0x0d40	     */		ld	[%l3+%g1],%o2
+/* 0x0d44	     */		srax	%g3,32,%o7
+/* 0x0d48	     */		and	%g3,%g2,%o3
+/* 0x0d4c	     */		add	%o1,%o7,%o1
+/* 0x0d50	     */		st	%o3,[%o5+%l2]
+/* 0x0d54	     */		cmp	%i0,%g5
+/* 0x0d58	     */		sub	%o0,%o2,%o0
+/* 0x0d5c	     */		and	%o1,%g2,%o2
+/* 0x0d60	     */		st	%o2,[%o4+%l2]
+/* 0x0d64	     */		srax	%o1,32,%o1
+/* 0x0d68	     */		sra	%i0,0,%o2
+/* 0x0d6c	     */		add	%o0,%o1,%o0
+/* 0x0d70	     */		srax	%o0,32,%g4
+/* 0x0d74	     */		and	%o0,%g2,%o1
+/* 0x0d78	     */		st	%o1,[%g1+%l2]
+/* 0x0d7c	     */		bg,pn	%icc,.L77000224
+/* 0x0d80	     */		sllx	%o2,2,%o1
+                       .L77000289:
+/* 0x0d84	   0 */		or	%g0,%o1,%g1
+                       .L900000644:
+/* 0x0d88	     */		ld	[%o1+%l2],%o0
+/* 0x0d8c	     */		add	%i0,1,%i0
+/* 0x0d90	     */		ld	[%l3+%o1],%o1
+/* 0x0d94	     */		sra	%i0,0,%o2
+/* 0x0d98	     */		cmp	%i0,%g5
+/* 0x0d9c	     */		add	%g4,%o0,%o0
+/* 0x0da0	     */		sub	%o0,%o1,%o0
+/* 0x0da4	     */		srax	%o0,32,%g4
+/* 0x0da8	     */		and	%o0,%g2,%o1
+/* 0x0dac	     */		st	%o1,[%g1+%l2]
+/* 0x0db0	     */		sllx	%o2,2,%o1
+/* 0x0db4	     */		ble,pt	%icc,.L900000644
+/* 0x0db8	     */		or	%g0,%o1,%g1
+                       .L77000224:
+/* 0x0dbc	     */		ret	! Result = 
+/* 0x0dc0	     */		restore	%g0,%g0,%g0
+/* 0x0dc4	   0 */		.type	mont_mulf_noconv,2
+/* 0x0dc4	     */		.size	mont_mulf_noconv,(.-mont_mulf_noconv)
+
diff --git a/security/nss/lib/freebl/mpi/mp_comba.c b/security/nss/lib/freebl/mpi/mp_comba.c
new file mode 100644
index 000000000..af87c6045
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mp_comba.c
@@ -0,0 +1,1298 @@
+/*
+ * The below file is derived from TFM v0.03.
+ * It contains code from fp_mul_comba.c and
+ * fp_sqr_comba.c, which contained the following license.
+ *
+ * Right now, the assembly in this file limits
+ * this code to AMD 64.
+ *
+ * This file is public domain.
+ */
+
+/* TomsFastMath, a fast ISO C bignum library.
+ * 
+ * This project is meant to fill in where LibTomMath
+ * falls short.  That is speed ;-)
+ *
+ * This project is public domain and free for all purposes.
+ * 
+ * Tom St Denis, tomstdenis@iahu.ca
+ */
+
+
+#include "mpi-priv.h"
+
+
+
+/* clamp digits */
+#define mp_clamp(a)   { while ((a)->used && (a)->dp[(a)->used-1] == 0) --((a)->used); (a)->sign = (a)->used ? (a)->sign : ZPOS; }
+
+/* anything you need at the start */
+#define COMBA_START
+
+/* clear the chaining variables */
+#define COMBA_CLEAR \
+   c0 = c1 = c2 = 0;
+
+/* forward the carry to the next digit */
+#define COMBA_FORWARD \
+   do { c0 = c1; c1 = c2; c2 = 0; } while (0);
+
+/* anything you need at the end */
+#define COMBA_FINI
+
+/* this should multiply i and j  */
+#define MULADD(i, j)                                      \
+__asm__  (                                                    \
+     "movq  %6,%%rax     \n\t"                            \
+     "mulq  %7           \n\t"                            \
+     "addq  %%rax,%0     \n\t"                            \
+     "adcq  %%rdx,%1     \n\t"                            \
+     "adcq  $0,%2        \n\t"                            \
+     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "g"(i), "g"(j)  :"%rax","%rdx","%cc");
+
+
+
+
+/* sqr macros only */
+#define CLEAR_CARRY \
+   c0 = c1 = c2 = 0;
+
+#define COMBA_STORE(x) \
+   x = c0;
+
+#define COMBA_STORE2(x) \
+   x = c1;
+
+#define CARRY_FORWARD \
+   do { c0 = c1; c1 = c2; c2 = 0; } while (0);
+
+#define COMBA_FINI
+
+#define SQRADD(i, j)                                      \
+__asm__ (                                                     \
+     "movq  %6,%%rax     \n\t"                            \
+     "mulq  %%rax        \n\t"                            \
+     "addq  %%rax,%0     \n\t"                            \
+     "adcq  %%rdx,%1     \n\t"                            \
+     "adcq  $0,%2        \n\t"                            \
+     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "g"(i) :"%rax","%rdx","%cc");
+
+#define SQRADD2(i, j)                                     \
+__asm__ (                                                     \
+     "movq  %6,%%rax     \n\t"                            \
+     "mulq  %7           \n\t"                            \
+     "addq  %%rax,%0     \n\t"                            \
+     "adcq  %%rdx,%1     \n\t"                            \
+     "adcq  $0,%2        \n\t"                            \
+     "addq  %%rax,%0     \n\t"                            \
+     "adcq  %%rdx,%1     \n\t"                            \
+     "adcq  $0,%2        \n\t"                            \
+     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "g"(i), "g"(j)  :"%rax","%rdx","%cc");
+
+#define SQRADDSC(i, j)                                    \
+__asm__ (                                                     \
+     "movq  %3,%%rax     \n\t"                            \
+     "mulq  %4           \n\t"                            \
+     "movq  %%rax,%0     \n\t"                            \
+     "movq  %%rdx,%1     \n\t"                            \
+     "xorq  %2,%2        \n\t"                            \
+     :"=r"(sc0), "=r"(sc1), "=r"(sc2): "g"(i), "g"(j) :"%rax","%rdx","%cc");
+
+#define SQRADDAC(i, j)                                                         \
+__asm__ (                                                     \
+     "movq  %6,%%rax     \n\t"                            \
+     "mulq  %7           \n\t"                            \
+     "addq  %%rax,%0     \n\t"                            \
+     "adcq  %%rdx,%1     \n\t"                            \
+     "adcq  $0,%2        \n\t"                            \
+     :"=r"(sc0), "=r"(sc1), "=r"(sc2): "0"(sc0), "1"(sc1), "2"(sc2), "g"(i), "g"(j) :"%rax","%rdx","%cc");
+
+#define SQRADDDB                                                               \
+__asm__ (                                                     \
+     "addq %6,%0         \n\t"                            \
+     "adcq %7,%1         \n\t"                            \
+     "adcq %8,%2         \n\t"                            \
+     "addq %6,%0         \n\t"                            \
+     "adcq %7,%1         \n\t"                            \
+     "adcq %8,%2         \n\t"                            \
+     :"=&r"(c0), "=&r"(c1), "=&r"(c2) : "0"(c0), "1"(c1), "2"(c2), "r"(sc0), "r"(sc1), "r"(sc2) : "%cc");
+
+
+
+
+
+void s_mp_mul_comba_4(const mp_int *A, const mp_int *B, mp_int *C)
+{
+   mp_digit c0, c1, c2, at[8];
+
+   memcpy(at, A->dp, 4 * sizeof(mp_digit));
+   memcpy(at+4, B->dp, 4 * sizeof(mp_digit));
+   COMBA_START;
+   
+   COMBA_CLEAR;
+   /* 0 */
+   MULADD(at[0], at[4]); 
+   COMBA_STORE(C->dp[0]);
+   /* 1 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[5]);       MULADD(at[1], at[4]); 
+   COMBA_STORE(C->dp[1]);
+   /* 2 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[6]);       MULADD(at[1], at[5]);       MULADD(at[2], at[4]); 
+   COMBA_STORE(C->dp[2]);
+   /* 3 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[7]);       MULADD(at[1], at[6]);       MULADD(at[2], at[5]);       MULADD(at[3], at[4]); 
+   COMBA_STORE(C->dp[3]);
+   /* 4 */
+   COMBA_FORWARD;
+   MULADD(at[1], at[7]);       MULADD(at[2], at[6]);       MULADD(at[3], at[5]); 
+   COMBA_STORE(C->dp[4]);
+   /* 5 */
+   COMBA_FORWARD;
+   MULADD(at[2], at[7]);       MULADD(at[3], at[6]); 
+   COMBA_STORE(C->dp[5]);
+   /* 6 */
+   COMBA_FORWARD;
+   MULADD(at[3], at[7]); 
+   COMBA_STORE(C->dp[6]);
+   COMBA_STORE2(C->dp[7]);
+   C->used = 8;
+   C->sign = A->sign ^ B->sign;
+   mp_clamp(C);
+   COMBA_FINI;
+}
+
+void s_mp_mul_comba_8(const mp_int *A, const mp_int *B, mp_int *C)
+{
+   mp_digit c0, c1, c2, at[16];
+
+   memcpy(at, A->dp, 8 * sizeof(mp_digit));
+   memcpy(at+8, B->dp, 8 * sizeof(mp_digit));
+   COMBA_START;
+
+   COMBA_CLEAR;
+   /* 0 */
+   MULADD(at[0], at[8]); 
+   COMBA_STORE(C->dp[0]);
+   /* 1 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[9]);       MULADD(at[1], at[8]); 
+   COMBA_STORE(C->dp[1]);
+   /* 2 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[10]);       MULADD(at[1], at[9]);       MULADD(at[2], at[8]); 
+   COMBA_STORE(C->dp[2]);
+   /* 3 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[11]);       MULADD(at[1], at[10]);       MULADD(at[2], at[9]);       MULADD(at[3], at[8]); 
+   COMBA_STORE(C->dp[3]);
+   /* 4 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[12]);       MULADD(at[1], at[11]);       MULADD(at[2], at[10]);       MULADD(at[3], at[9]);       MULADD(at[4], at[8]); 
+   COMBA_STORE(C->dp[4]);
+   /* 5 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[13]);       MULADD(at[1], at[12]);       MULADD(at[2], at[11]);       MULADD(at[3], at[10]);       MULADD(at[4], at[9]);       MULADD(at[5], at[8]); 
+   COMBA_STORE(C->dp[5]);
+   /* 6 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[14]);       MULADD(at[1], at[13]);       MULADD(at[2], at[12]);       MULADD(at[3], at[11]);       MULADD(at[4], at[10]);       MULADD(at[5], at[9]);       MULADD(at[6], at[8]); 
+   COMBA_STORE(C->dp[6]);
+   /* 7 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[15]);       MULADD(at[1], at[14]);       MULADD(at[2], at[13]);       MULADD(at[3], at[12]);       MULADD(at[4], at[11]);       MULADD(at[5], at[10]);       MULADD(at[6], at[9]);       MULADD(at[7], at[8]); 
+   COMBA_STORE(C->dp[7]);
+   /* 8 */
+   COMBA_FORWARD;
+   MULADD(at[1], at[15]);       MULADD(at[2], at[14]);       MULADD(at[3], at[13]);       MULADD(at[4], at[12]);       MULADD(at[5], at[11]);       MULADD(at[6], at[10]);       MULADD(at[7], at[9]); 
+   COMBA_STORE(C->dp[8]);
+   /* 9 */
+   COMBA_FORWARD;
+   MULADD(at[2], at[15]);       MULADD(at[3], at[14]);       MULADD(at[4], at[13]);       MULADD(at[5], at[12]);       MULADD(at[6], at[11]);       MULADD(at[7], at[10]); 
+   COMBA_STORE(C->dp[9]);
+   /* 10 */
+   COMBA_FORWARD;
+   MULADD(at[3], at[15]);       MULADD(at[4], at[14]);       MULADD(at[5], at[13]);       MULADD(at[6], at[12]);       MULADD(at[7], at[11]); 
+   COMBA_STORE(C->dp[10]);
+   /* 11 */
+   COMBA_FORWARD;
+   MULADD(at[4], at[15]);       MULADD(at[5], at[14]);       MULADD(at[6], at[13]);       MULADD(at[7], at[12]); 
+   COMBA_STORE(C->dp[11]);
+   /* 12 */
+   COMBA_FORWARD;
+   MULADD(at[5], at[15]);       MULADD(at[6], at[14]);       MULADD(at[7], at[13]); 
+   COMBA_STORE(C->dp[12]);
+   /* 13 */
+   COMBA_FORWARD;
+   MULADD(at[6], at[15]);       MULADD(at[7], at[14]); 
+   COMBA_STORE(C->dp[13]);
+   /* 14 */
+   COMBA_FORWARD;
+   MULADD(at[7], at[15]); 
+   COMBA_STORE(C->dp[14]);
+   COMBA_STORE2(C->dp[15]);
+   C->used = 16;
+   C->sign = A->sign ^ B->sign;
+   mp_clamp(C);
+   COMBA_FINI;
+}
+
+void s_mp_mul_comba_16(const mp_int *A, const mp_int *B, mp_int *C)
+{
+   mp_digit c0, c1, c2, at[32];
+
+   memcpy(at, A->dp, 16 * sizeof(mp_digit));
+   memcpy(at+16, B->dp, 16 * sizeof(mp_digit));
+   COMBA_START;
+
+   COMBA_CLEAR;
+   /* 0 */
+   MULADD(at[0], at[16]); 
+   COMBA_STORE(C->dp[0]);
+   /* 1 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[17]);       MULADD(at[1], at[16]); 
+   COMBA_STORE(C->dp[1]);
+   /* 2 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[18]);       MULADD(at[1], at[17]);       MULADD(at[2], at[16]); 
+   COMBA_STORE(C->dp[2]);
+   /* 3 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[19]);       MULADD(at[1], at[18]);       MULADD(at[2], at[17]);       MULADD(at[3], at[16]); 
+   COMBA_STORE(C->dp[3]);
+   /* 4 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[20]);       MULADD(at[1], at[19]);       MULADD(at[2], at[18]);       MULADD(at[3], at[17]);       MULADD(at[4], at[16]); 
+   COMBA_STORE(C->dp[4]);
+   /* 5 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[21]);       MULADD(at[1], at[20]);       MULADD(at[2], at[19]);       MULADD(at[3], at[18]);       MULADD(at[4], at[17]);       MULADD(at[5], at[16]); 
+   COMBA_STORE(C->dp[5]);
+   /* 6 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[22]);       MULADD(at[1], at[21]);       MULADD(at[2], at[20]);       MULADD(at[3], at[19]);       MULADD(at[4], at[18]);       MULADD(at[5], at[17]);       MULADD(at[6], at[16]); 
+   COMBA_STORE(C->dp[6]);
+   /* 7 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[23]);       MULADD(at[1], at[22]);       MULADD(at[2], at[21]);       MULADD(at[3], at[20]);       MULADD(at[4], at[19]);       MULADD(at[5], at[18]);       MULADD(at[6], at[17]);       MULADD(at[7], at[16]); 
+   COMBA_STORE(C->dp[7]);
+   /* 8 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[24]);       MULADD(at[1], at[23]);       MULADD(at[2], at[22]);       MULADD(at[3], at[21]);       MULADD(at[4], at[20]);       MULADD(at[5], at[19]);       MULADD(at[6], at[18]);       MULADD(at[7], at[17]);       MULADD(at[8], at[16]); 
+   COMBA_STORE(C->dp[8]);
+   /* 9 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[25]);       MULADD(at[1], at[24]);       MULADD(at[2], at[23]);       MULADD(at[3], at[22]);       MULADD(at[4], at[21]);       MULADD(at[5], at[20]);       MULADD(at[6], at[19]);       MULADD(at[7], at[18]);       MULADD(at[8], at[17]);       MULADD(at[9], at[16]); 
+   COMBA_STORE(C->dp[9]);
+   /* 10 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[26]);       MULADD(at[1], at[25]);       MULADD(at[2], at[24]);       MULADD(at[3], at[23]);       MULADD(at[4], at[22]);       MULADD(at[5], at[21]);       MULADD(at[6], at[20]);       MULADD(at[7], at[19]);       MULADD(at[8], at[18]);       MULADD(at[9], at[17]);       MULADD(at[10], at[16]); 
+   COMBA_STORE(C->dp[10]);
+   /* 11 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[27]);       MULADD(at[1], at[26]);       MULADD(at[2], at[25]);       MULADD(at[3], at[24]);       MULADD(at[4], at[23]);       MULADD(at[5], at[22]);       MULADD(at[6], at[21]);       MULADD(at[7], at[20]);       MULADD(at[8], at[19]);       MULADD(at[9], at[18]);       MULADD(at[10], at[17]);       MULADD(at[11], at[16]); 
+   COMBA_STORE(C->dp[11]);
+   /* 12 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[28]);       MULADD(at[1], at[27]);       MULADD(at[2], at[26]);       MULADD(at[3], at[25]);       MULADD(at[4], at[24]);       MULADD(at[5], at[23]);       MULADD(at[6], at[22]);       MULADD(at[7], at[21]);       MULADD(at[8], at[20]);       MULADD(at[9], at[19]);       MULADD(at[10], at[18]);       MULADD(at[11], at[17]);       MULADD(at[12], at[16]); 
+   COMBA_STORE(C->dp[12]);
+   /* 13 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[29]);       MULADD(at[1], at[28]);       MULADD(at[2], at[27]);       MULADD(at[3], at[26]);       MULADD(at[4], at[25]);       MULADD(at[5], at[24]);       MULADD(at[6], at[23]);       MULADD(at[7], at[22]);       MULADD(at[8], at[21]);       MULADD(at[9], at[20]);       MULADD(at[10], at[19]);       MULADD(at[11], at[18]);       MULADD(at[12], at[17]);       MULADD(at[13], at[16]); 
+   COMBA_STORE(C->dp[13]);
+   /* 14 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[30]);       MULADD(at[1], at[29]);       MULADD(at[2], at[28]);       MULADD(at[3], at[27]);       MULADD(at[4], at[26]);       MULADD(at[5], at[25]);       MULADD(at[6], at[24]);       MULADD(at[7], at[23]);       MULADD(at[8], at[22]);       MULADD(at[9], at[21]);       MULADD(at[10], at[20]);       MULADD(at[11], at[19]);       MULADD(at[12], at[18]);       MULADD(at[13], at[17]);       MULADD(at[14], at[16]); 
+   COMBA_STORE(C->dp[14]);
+   /* 15 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[31]);       MULADD(at[1], at[30]);       MULADD(at[2], at[29]);       MULADD(at[3], at[28]);       MULADD(at[4], at[27]);       MULADD(at[5], at[26]);       MULADD(at[6], at[25]);       MULADD(at[7], at[24]);       MULADD(at[8], at[23]);       MULADD(at[9], at[22]);       MULADD(at[10], at[21]);       MULADD(at[11], at[20]);       MULADD(at[12], at[19]);       MULADD(at[13], at[18]);       MULADD(at[14], at[17]);       MULADD(at[15], at[16]); 
+   COMBA_STORE(C->dp[15]);
+   /* 16 */
+   COMBA_FORWARD;
+   MULADD(at[1], at[31]);       MULADD(at[2], at[30]);       MULADD(at[3], at[29]);       MULADD(at[4], at[28]);       MULADD(at[5], at[27]);       MULADD(at[6], at[26]);       MULADD(at[7], at[25]);       MULADD(at[8], at[24]);       MULADD(at[9], at[23]);       MULADD(at[10], at[22]);       MULADD(at[11], at[21]);       MULADD(at[12], at[20]);       MULADD(at[13], at[19]);       MULADD(at[14], at[18]);       MULADD(at[15], at[17]); 
+   COMBA_STORE(C->dp[16]);
+   /* 17 */
+   COMBA_FORWARD;
+   MULADD(at[2], at[31]);       MULADD(at[3], at[30]);       MULADD(at[4], at[29]);       MULADD(at[5], at[28]);       MULADD(at[6], at[27]);       MULADD(at[7], at[26]);       MULADD(at[8], at[25]);       MULADD(at[9], at[24]);       MULADD(at[10], at[23]);       MULADD(at[11], at[22]);       MULADD(at[12], at[21]);       MULADD(at[13], at[20]);       MULADD(at[14], at[19]);       MULADD(at[15], at[18]); 
+   COMBA_STORE(C->dp[17]);
+   /* 18 */
+   COMBA_FORWARD;
+   MULADD(at[3], at[31]);       MULADD(at[4], at[30]);       MULADD(at[5], at[29]);       MULADD(at[6], at[28]);       MULADD(at[7], at[27]);       MULADD(at[8], at[26]);       MULADD(at[9], at[25]);       MULADD(at[10], at[24]);       MULADD(at[11], at[23]);       MULADD(at[12], at[22]);       MULADD(at[13], at[21]);       MULADD(at[14], at[20]);       MULADD(at[15], at[19]); 
+   COMBA_STORE(C->dp[18]);
+   /* 19 */
+   COMBA_FORWARD;
+   MULADD(at[4], at[31]);       MULADD(at[5], at[30]);       MULADD(at[6], at[29]);       MULADD(at[7], at[28]);       MULADD(at[8], at[27]);       MULADD(at[9], at[26]);       MULADD(at[10], at[25]);       MULADD(at[11], at[24]);       MULADD(at[12], at[23]);       MULADD(at[13], at[22]);       MULADD(at[14], at[21]);       MULADD(at[15], at[20]); 
+   COMBA_STORE(C->dp[19]);
+   /* 20 */
+   COMBA_FORWARD;
+   MULADD(at[5], at[31]);       MULADD(at[6], at[30]);       MULADD(at[7], at[29]);       MULADD(at[8], at[28]);       MULADD(at[9], at[27]);       MULADD(at[10], at[26]);       MULADD(at[11], at[25]);       MULADD(at[12], at[24]);       MULADD(at[13], at[23]);       MULADD(at[14], at[22]);       MULADD(at[15], at[21]); 
+   COMBA_STORE(C->dp[20]);
+   /* 21 */
+   COMBA_FORWARD;
+   MULADD(at[6], at[31]);       MULADD(at[7], at[30]);       MULADD(at[8], at[29]);       MULADD(at[9], at[28]);       MULADD(at[10], at[27]);       MULADD(at[11], at[26]);       MULADD(at[12], at[25]);       MULADD(at[13], at[24]);       MULADD(at[14], at[23]);       MULADD(at[15], at[22]); 
+   COMBA_STORE(C->dp[21]);
+   /* 22 */
+   COMBA_FORWARD;
+   MULADD(at[7], at[31]);       MULADD(at[8], at[30]);       MULADD(at[9], at[29]);       MULADD(at[10], at[28]);       MULADD(at[11], at[27]);       MULADD(at[12], at[26]);       MULADD(at[13], at[25]);       MULADD(at[14], at[24]);       MULADD(at[15], at[23]); 
+   COMBA_STORE(C->dp[22]);
+   /* 23 */
+   COMBA_FORWARD;
+   MULADD(at[8], at[31]);       MULADD(at[9], at[30]);       MULADD(at[10], at[29]);       MULADD(at[11], at[28]);       MULADD(at[12], at[27]);       MULADD(at[13], at[26]);       MULADD(at[14], at[25]);       MULADD(at[15], at[24]); 
+   COMBA_STORE(C->dp[23]);
+   /* 24 */
+   COMBA_FORWARD;
+   MULADD(at[9], at[31]);       MULADD(at[10], at[30]);       MULADD(at[11], at[29]);       MULADD(at[12], at[28]);       MULADD(at[13], at[27]);       MULADD(at[14], at[26]);       MULADD(at[15], at[25]); 
+   COMBA_STORE(C->dp[24]);
+   /* 25 */
+   COMBA_FORWARD;
+   MULADD(at[10], at[31]);       MULADD(at[11], at[30]);       MULADD(at[12], at[29]);       MULADD(at[13], at[28]);       MULADD(at[14], at[27]);       MULADD(at[15], at[26]); 
+   COMBA_STORE(C->dp[25]);
+   /* 26 */
+   COMBA_FORWARD;
+   MULADD(at[11], at[31]);       MULADD(at[12], at[30]);       MULADD(at[13], at[29]);       MULADD(at[14], at[28]);       MULADD(at[15], at[27]); 
+   COMBA_STORE(C->dp[26]);
+   /* 27 */
+   COMBA_FORWARD;
+   MULADD(at[12], at[31]);       MULADD(at[13], at[30]);       MULADD(at[14], at[29]);       MULADD(at[15], at[28]); 
+   COMBA_STORE(C->dp[27]);
+   /* 28 */
+   COMBA_FORWARD;
+   MULADD(at[13], at[31]);       MULADD(at[14], at[30]);       MULADD(at[15], at[29]); 
+   COMBA_STORE(C->dp[28]);
+   /* 29 */
+   COMBA_FORWARD;
+   MULADD(at[14], at[31]);       MULADD(at[15], at[30]); 
+   COMBA_STORE(C->dp[29]);
+   /* 30 */
+   COMBA_FORWARD;
+   MULADD(at[15], at[31]); 
+   COMBA_STORE(C->dp[30]);
+   COMBA_STORE2(C->dp[31]);
+   C->used = 32;
+   C->sign = A->sign ^ B->sign;
+   mp_clamp(C);
+   COMBA_FINI;
+}
+
+void s_mp_mul_comba_32(const mp_int *A, const mp_int *B, mp_int *C)
+{
+   mp_digit c0, c1, c2, at[64];
+
+   memcpy(at, A->dp, 32 * sizeof(mp_digit));
+   memcpy(at+32, B->dp, 32 * sizeof(mp_digit));
+   COMBA_START;
+
+   COMBA_CLEAR;
+   /* 0 */
+   MULADD(at[0], at[32]); 
+   COMBA_STORE(C->dp[0]);
+   /* 1 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[33]);    MULADD(at[1], at[32]); 
+   COMBA_STORE(C->dp[1]);
+   /* 2 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[34]);    MULADD(at[1], at[33]);    MULADD(at[2], at[32]); 
+   COMBA_STORE(C->dp[2]);
+   /* 3 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[35]);    MULADD(at[1], at[34]);    MULADD(at[2], at[33]);    MULADD(at[3], at[32]); 
+   COMBA_STORE(C->dp[3]);
+   /* 4 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[36]);    MULADD(at[1], at[35]);    MULADD(at[2], at[34]);    MULADD(at[3], at[33]);    MULADD(at[4], at[32]); 
+   COMBA_STORE(C->dp[4]);
+   /* 5 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[37]);    MULADD(at[1], at[36]);    MULADD(at[2], at[35]);    MULADD(at[3], at[34]);    MULADD(at[4], at[33]);    MULADD(at[5], at[32]); 
+   COMBA_STORE(C->dp[5]);
+   /* 6 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[38]);    MULADD(at[1], at[37]);    MULADD(at[2], at[36]);    MULADD(at[3], at[35]);    MULADD(at[4], at[34]);    MULADD(at[5], at[33]);    MULADD(at[6], at[32]); 
+   COMBA_STORE(C->dp[6]);
+   /* 7 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[39]);    MULADD(at[1], at[38]);    MULADD(at[2], at[37]);    MULADD(at[3], at[36]);    MULADD(at[4], at[35]);    MULADD(at[5], at[34]);    MULADD(at[6], at[33]);    MULADD(at[7], at[32]); 
+   COMBA_STORE(C->dp[7]);
+   /* 8 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[40]);    MULADD(at[1], at[39]);    MULADD(at[2], at[38]);    MULADD(at[3], at[37]);    MULADD(at[4], at[36]);    MULADD(at[5], at[35]);    MULADD(at[6], at[34]);    MULADD(at[7], at[33]);    MULADD(at[8], at[32]); 
+   COMBA_STORE(C->dp[8]);
+   /* 9 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[41]);    MULADD(at[1], at[40]);    MULADD(at[2], at[39]);    MULADD(at[3], at[38]);    MULADD(at[4], at[37]);    MULADD(at[5], at[36]);    MULADD(at[6], at[35]);    MULADD(at[7], at[34]);    MULADD(at[8], at[33]);    MULADD(at[9], at[32]); 
+   COMBA_STORE(C->dp[9]);
+   /* 10 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[42]);    MULADD(at[1], at[41]);    MULADD(at[2], at[40]);    MULADD(at[3], at[39]);    MULADD(at[4], at[38]);    MULADD(at[5], at[37]);    MULADD(at[6], at[36]);    MULADD(at[7], at[35]);    MULADD(at[8], at[34]);    MULADD(at[9], at[33]);    MULADD(at[10], at[32]); 
+   COMBA_STORE(C->dp[10]);
+   /* 11 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[43]);    MULADD(at[1], at[42]);    MULADD(at[2], at[41]);    MULADD(at[3], at[40]);    MULADD(at[4], at[39]);    MULADD(at[5], at[38]);    MULADD(at[6], at[37]);    MULADD(at[7], at[36]);    MULADD(at[8], at[35]);    MULADD(at[9], at[34]);    MULADD(at[10], at[33]);    MULADD(at[11], at[32]); 
+   COMBA_STORE(C->dp[11]);
+   /* 12 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[44]);    MULADD(at[1], at[43]);    MULADD(at[2], at[42]);    MULADD(at[3], at[41]);    MULADD(at[4], at[40]);    MULADD(at[5], at[39]);    MULADD(at[6], at[38]);    MULADD(at[7], at[37]);    MULADD(at[8], at[36]);    MULADD(at[9], at[35]);    MULADD(at[10], at[34]);    MULADD(at[11], at[33]);    MULADD(at[12], at[32]); 
+   COMBA_STORE(C->dp[12]);
+   /* 13 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[45]);    MULADD(at[1], at[44]);    MULADD(at[2], at[43]);    MULADD(at[3], at[42]);    MULADD(at[4], at[41]);    MULADD(at[5], at[40]);    MULADD(at[6], at[39]);    MULADD(at[7], at[38]);    MULADD(at[8], at[37]);    MULADD(at[9], at[36]);    MULADD(at[10], at[35]);    MULADD(at[11], at[34]);    MULADD(at[12], at[33]);    MULADD(at[13], at[32]); 
+   COMBA_STORE(C->dp[13]);
+   /* 14 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[46]);    MULADD(at[1], at[45]);    MULADD(at[2], at[44]);    MULADD(at[3], at[43]);    MULADD(at[4], at[42]);    MULADD(at[5], at[41]);    MULADD(at[6], at[40]);    MULADD(at[7], at[39]);    MULADD(at[8], at[38]);    MULADD(at[9], at[37]);    MULADD(at[10], at[36]);    MULADD(at[11], at[35]);    MULADD(at[12], at[34]);    MULADD(at[13], at[33]);    MULADD(at[14], at[32]); 
+   COMBA_STORE(C->dp[14]);
+   /* 15 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[47]);    MULADD(at[1], at[46]);    MULADD(at[2], at[45]);    MULADD(at[3], at[44]);    MULADD(at[4], at[43]);    MULADD(at[5], at[42]);    MULADD(at[6], at[41]);    MULADD(at[7], at[40]);    MULADD(at[8], at[39]);    MULADD(at[9], at[38]);    MULADD(at[10], at[37]);    MULADD(at[11], at[36]);    MULADD(at[12], at[35]);    MULADD(at[13], at[34]);    MULADD(at[14], at[33]);    MULADD(at[15], at[32]); 
+   COMBA_STORE(C->dp[15]);
+   /* 16 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[48]);    MULADD(at[1], at[47]);    MULADD(at[2], at[46]);    MULADD(at[3], at[45]);    MULADD(at[4], at[44]);    MULADD(at[5], at[43]);    MULADD(at[6], at[42]);    MULADD(at[7], at[41]);    MULADD(at[8], at[40]);    MULADD(at[9], at[39]);    MULADD(at[10], at[38]);    MULADD(at[11], at[37]);    MULADD(at[12], at[36]);    MULADD(at[13], at[35]);    MULADD(at[14], at[34]);    MULADD(at[15], at[33]);    MULADD(at[16], at[32]); 
+   COMBA_STORE(C->dp[16]);
+   /* 17 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[49]);    MULADD(at[1], at[48]);    MULADD(at[2], at[47]);    MULADD(at[3], at[46]);    MULADD(at[4], at[45]);    MULADD(at[5], at[44]);    MULADD(at[6], at[43]);    MULADD(at[7], at[42]);    MULADD(at[8], at[41]);    MULADD(at[9], at[40]);    MULADD(at[10], at[39]);    MULADD(at[11], at[38]);    MULADD(at[12], at[37]);    MULADD(at[13], at[36]);    MULADD(at[14], at[35]);    MULADD(at[15], at[34]);    MULADD(at[16], at[33]);    MULADD(at[17], at[32]); 
+   COMBA_STORE(C->dp[17]);
+   /* 18 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[50]);    MULADD(at[1], at[49]);    MULADD(at[2], at[48]);    MULADD(at[3], at[47]);    MULADD(at[4], at[46]);    MULADD(at[5], at[45]);    MULADD(at[6], at[44]);    MULADD(at[7], at[43]);    MULADD(at[8], at[42]);    MULADD(at[9], at[41]);    MULADD(at[10], at[40]);    MULADD(at[11], at[39]);    MULADD(at[12], at[38]);    MULADD(at[13], at[37]);    MULADD(at[14], at[36]);    MULADD(at[15], at[35]);    MULADD(at[16], at[34]);    MULADD(at[17], at[33]);    MULADD(at[18], at[32]); 
+   COMBA_STORE(C->dp[18]);
+   /* 19 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[51]);    MULADD(at[1], at[50]);    MULADD(at[2], at[49]);    MULADD(at[3], at[48]);    MULADD(at[4], at[47]);    MULADD(at[5], at[46]);    MULADD(at[6], at[45]);    MULADD(at[7], at[44]);    MULADD(at[8], at[43]);    MULADD(at[9], at[42]);    MULADD(at[10], at[41]);    MULADD(at[11], at[40]);    MULADD(at[12], at[39]);    MULADD(at[13], at[38]);    MULADD(at[14], at[37]);    MULADD(at[15], at[36]);    MULADD(at[16], at[35]);    MULADD(at[17], at[34]);    MULADD(at[18], at[33]);    MULADD(at[19], at[32]); 
+   COMBA_STORE(C->dp[19]);
+   /* 20 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[52]);    MULADD(at[1], at[51]);    MULADD(at[2], at[50]);    MULADD(at[3], at[49]);    MULADD(at[4], at[48]);    MULADD(at[5], at[47]);    MULADD(at[6], at[46]);    MULADD(at[7], at[45]);    MULADD(at[8], at[44]);    MULADD(at[9], at[43]);    MULADD(at[10], at[42]);    MULADD(at[11], at[41]);    MULADD(at[12], at[40]);    MULADD(at[13], at[39]);    MULADD(at[14], at[38]);    MULADD(at[15], at[37]);    MULADD(at[16], at[36]);    MULADD(at[17], at[35]);    MULADD(at[18], at[34]);    MULADD(at[19], at[33]);    MULADD(at[20], at[32]); 
+   COMBA_STORE(C->dp[20]);
+   /* 21 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[53]);    MULADD(at[1], at[52]);    MULADD(at[2], at[51]);    MULADD(at[3], at[50]);    MULADD(at[4], at[49]);    MULADD(at[5], at[48]);    MULADD(at[6], at[47]);    MULADD(at[7], at[46]);    MULADD(at[8], at[45]);    MULADD(at[9], at[44]);    MULADD(at[10], at[43]);    MULADD(at[11], at[42]);    MULADD(at[12], at[41]);    MULADD(at[13], at[40]);    MULADD(at[14], at[39]);    MULADD(at[15], at[38]);    MULADD(at[16], at[37]);    MULADD(at[17], at[36]);    MULADD(at[18], at[35]);    MULADD(at[19], at[34]);    MULADD(at[20], at[33]);    MULADD(at[21], at[32]); 
+   COMBA_STORE(C->dp[21]);
+   /* 22 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[54]);    MULADD(at[1], at[53]);    MULADD(at[2], at[52]);    MULADD(at[3], at[51]);    MULADD(at[4], at[50]);    MULADD(at[5], at[49]);    MULADD(at[6], at[48]);    MULADD(at[7], at[47]);    MULADD(at[8], at[46]);    MULADD(at[9], at[45]);    MULADD(at[10], at[44]);    MULADD(at[11], at[43]);    MULADD(at[12], at[42]);    MULADD(at[13], at[41]);    MULADD(at[14], at[40]);    MULADD(at[15], at[39]);    MULADD(at[16], at[38]);    MULADD(at[17], at[37]);    MULADD(at[18], at[36]);    MULADD(at[19], at[35]);    MULADD(at[20], at[34]);    MULADD(at[21], at[33]);    MULADD(at[22], at[32]); 
+   COMBA_STORE(C->dp[22]);
+   /* 23 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[55]);    MULADD(at[1], at[54]);    MULADD(at[2], at[53]);    MULADD(at[3], at[52]);    MULADD(at[4], at[51]);    MULADD(at[5], at[50]);    MULADD(at[6], at[49]);    MULADD(at[7], at[48]);    MULADD(at[8], at[47]);    MULADD(at[9], at[46]);    MULADD(at[10], at[45]);    MULADD(at[11], at[44]);    MULADD(at[12], at[43]);    MULADD(at[13], at[42]);    MULADD(at[14], at[41]);    MULADD(at[15], at[40]);    MULADD(at[16], at[39]);    MULADD(at[17], at[38]);    MULADD(at[18], at[37]);    MULADD(at[19], at[36]);    MULADD(at[20], at[35]);    MULADD(at[21], at[34]);    MULADD(at[22], at[33]);    MULADD(at[23], at[32]); 
+   COMBA_STORE(C->dp[23]);
+   /* 24 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[56]);    MULADD(at[1], at[55]);    MULADD(at[2], at[54]);    MULADD(at[3], at[53]);    MULADD(at[4], at[52]);    MULADD(at[5], at[51]);    MULADD(at[6], at[50]);    MULADD(at[7], at[49]);    MULADD(at[8], at[48]);    MULADD(at[9], at[47]);    MULADD(at[10], at[46]);    MULADD(at[11], at[45]);    MULADD(at[12], at[44]);    MULADD(at[13], at[43]);    MULADD(at[14], at[42]);    MULADD(at[15], at[41]);    MULADD(at[16], at[40]);    MULADD(at[17], at[39]);    MULADD(at[18], at[38]);    MULADD(at[19], at[37]);    MULADD(at[20], at[36]);    MULADD(at[21], at[35]);    MULADD(at[22], at[34]);    MULADD(at[23], at[33]);    MULADD(at[24], at[32]); 
+   COMBA_STORE(C->dp[24]);
+   /* 25 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[57]);    MULADD(at[1], at[56]);    MULADD(at[2], at[55]);    MULADD(at[3], at[54]);    MULADD(at[4], at[53]);    MULADD(at[5], at[52]);    MULADD(at[6], at[51]);    MULADD(at[7], at[50]);    MULADD(at[8], at[49]);    MULADD(at[9], at[48]);    MULADD(at[10], at[47]);    MULADD(at[11], at[46]);    MULADD(at[12], at[45]);    MULADD(at[13], at[44]);    MULADD(at[14], at[43]);    MULADD(at[15], at[42]);    MULADD(at[16], at[41]);    MULADD(at[17], at[40]);    MULADD(at[18], at[39]);    MULADD(at[19], at[38]);    MULADD(at[20], at[37]);    MULADD(at[21], at[36]);    MULADD(at[22], at[35]);    MULADD(at[23], at[34]);    MULADD(at[24], at[33]);    MULADD(at[25], at[32]); 
+   COMBA_STORE(C->dp[25]);
+   /* 26 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[58]);    MULADD(at[1], at[57]);    MULADD(at[2], at[56]);    MULADD(at[3], at[55]);    MULADD(at[4], at[54]);    MULADD(at[5], at[53]);    MULADD(at[6], at[52]);    MULADD(at[7], at[51]);    MULADD(at[8], at[50]);    MULADD(at[9], at[49]);    MULADD(at[10], at[48]);    MULADD(at[11], at[47]);    MULADD(at[12], at[46]);    MULADD(at[13], at[45]);    MULADD(at[14], at[44]);    MULADD(at[15], at[43]);    MULADD(at[16], at[42]);    MULADD(at[17], at[41]);    MULADD(at[18], at[40]);    MULADD(at[19], at[39]);    MULADD(at[20], at[38]);    MULADD(at[21], at[37]);    MULADD(at[22], at[36]);    MULADD(at[23], at[35]);    MULADD(at[24], at[34]);    MULADD(at[25], at[33]);    MULADD(at[26], at[32]); 
+   COMBA_STORE(C->dp[26]);
+   /* 27 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[59]);    MULADD(at[1], at[58]);    MULADD(at[2], at[57]);    MULADD(at[3], at[56]);    MULADD(at[4], at[55]);    MULADD(at[5], at[54]);    MULADD(at[6], at[53]);    MULADD(at[7], at[52]);    MULADD(at[8], at[51]);    MULADD(at[9], at[50]);    MULADD(at[10], at[49]);    MULADD(at[11], at[48]);    MULADD(at[12], at[47]);    MULADD(at[13], at[46]);    MULADD(at[14], at[45]);    MULADD(at[15], at[44]);    MULADD(at[16], at[43]);    MULADD(at[17], at[42]);    MULADD(at[18], at[41]);    MULADD(at[19], at[40]);    MULADD(at[20], at[39]);    MULADD(at[21], at[38]);    MULADD(at[22], at[37]);    MULADD(at[23], at[36]);    MULADD(at[24], at[35]);    MULADD(at[25], at[34]);    MULADD(at[26], at[33]);    MULADD(at[27], at[32]); 
+   COMBA_STORE(C->dp[27]);
+   /* 28 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[60]);    MULADD(at[1], at[59]);    MULADD(at[2], at[58]);    MULADD(at[3], at[57]);    MULADD(at[4], at[56]);    MULADD(at[5], at[55]);    MULADD(at[6], at[54]);    MULADD(at[7], at[53]);    MULADD(at[8], at[52]);    MULADD(at[9], at[51]);    MULADD(at[10], at[50]);    MULADD(at[11], at[49]);    MULADD(at[12], at[48]);    MULADD(at[13], at[47]);    MULADD(at[14], at[46]);    MULADD(at[15], at[45]);    MULADD(at[16], at[44]);    MULADD(at[17], at[43]);    MULADD(at[18], at[42]);    MULADD(at[19], at[41]);    MULADD(at[20], at[40]);    MULADD(at[21], at[39]);    MULADD(at[22], at[38]);    MULADD(at[23], at[37]);    MULADD(at[24], at[36]);    MULADD(at[25], at[35]);    MULADD(at[26], at[34]);    MULADD(at[27], at[33]);    MULADD(at[28], at[32]); 
+   COMBA_STORE(C->dp[28]);
+   /* 29 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[61]);    MULADD(at[1], at[60]);    MULADD(at[2], at[59]);    MULADD(at[3], at[58]);    MULADD(at[4], at[57]);    MULADD(at[5], at[56]);    MULADD(at[6], at[55]);    MULADD(at[7], at[54]);    MULADD(at[8], at[53]);    MULADD(at[9], at[52]);    MULADD(at[10], at[51]);    MULADD(at[11], at[50]);    MULADD(at[12], at[49]);    MULADD(at[13], at[48]);    MULADD(at[14], at[47]);    MULADD(at[15], at[46]);    MULADD(at[16], at[45]);    MULADD(at[17], at[44]);    MULADD(at[18], at[43]);    MULADD(at[19], at[42]);    MULADD(at[20], at[41]);    MULADD(at[21], at[40]);    MULADD(at[22], at[39]);    MULADD(at[23], at[38]);    MULADD(at[24], at[37]);    MULADD(at[25], at[36]);    MULADD(at[26], at[35]);    MULADD(at[27], at[34]);    MULADD(at[28], at[33]);    MULADD(at[29], at[32]); 
+   COMBA_STORE(C->dp[29]);
+   /* 30 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[62]);    MULADD(at[1], at[61]);    MULADD(at[2], at[60]);    MULADD(at[3], at[59]);    MULADD(at[4], at[58]);    MULADD(at[5], at[57]);    MULADD(at[6], at[56]);    MULADD(at[7], at[55]);    MULADD(at[8], at[54]);    MULADD(at[9], at[53]);    MULADD(at[10], at[52]);    MULADD(at[11], at[51]);    MULADD(at[12], at[50]);    MULADD(at[13], at[49]);    MULADD(at[14], at[48]);    MULADD(at[15], at[47]);    MULADD(at[16], at[46]);    MULADD(at[17], at[45]);    MULADD(at[18], at[44]);    MULADD(at[19], at[43]);    MULADD(at[20], at[42]);    MULADD(at[21], at[41]);    MULADD(at[22], at[40]);    MULADD(at[23], at[39]);    MULADD(at[24], at[38]);    MULADD(at[25], at[37]);    MULADD(at[26], at[36]);    MULADD(at[27], at[35]);    MULADD(at[28], at[34]);    MULADD(at[29], at[33]);    MULADD(at[30], at[32]); 
+   COMBA_STORE(C->dp[30]);
+   /* 31 */
+   COMBA_FORWARD;
+   MULADD(at[0], at[63]);    MULADD(at[1], at[62]);    MULADD(at[2], at[61]);    MULADD(at[3], at[60]);    MULADD(at[4], at[59]);    MULADD(at[5], at[58]);    MULADD(at[6], at[57]);    MULADD(at[7], at[56]);    MULADD(at[8], at[55]);    MULADD(at[9], at[54]);    MULADD(at[10], at[53]);    MULADD(at[11], at[52]);    MULADD(at[12], at[51]);    MULADD(at[13], at[50]);    MULADD(at[14], at[49]);    MULADD(at[15], at[48]);    MULADD(at[16], at[47]);    MULADD(at[17], at[46]);    MULADD(at[18], at[45]);    MULADD(at[19], at[44]);    MULADD(at[20], at[43]);    MULADD(at[21], at[42]);    MULADD(at[22], at[41]);    MULADD(at[23], at[40]);    MULADD(at[24], at[39]);    MULADD(at[25], at[38]);    MULADD(at[26], at[37]);    MULADD(at[27], at[36]);    MULADD(at[28], at[35]);    MULADD(at[29], at[34]);    MULADD(at[30], at[33]);    MULADD(at[31], at[32]); 
+   COMBA_STORE(C->dp[31]);
+   /* 32 */
+   COMBA_FORWARD;
+   MULADD(at[1], at[63]);    MULADD(at[2], at[62]);    MULADD(at[3], at[61]);    MULADD(at[4], at[60]);    MULADD(at[5], at[59]);    MULADD(at[6], at[58]);    MULADD(at[7], at[57]);    MULADD(at[8], at[56]);    MULADD(at[9], at[55]);    MULADD(at[10], at[54]);    MULADD(at[11], at[53]);    MULADD(at[12], at[52]);    MULADD(at[13], at[51]);    MULADD(at[14], at[50]);    MULADD(at[15], at[49]);    MULADD(at[16], at[48]);    MULADD(at[17], at[47]);    MULADD(at[18], at[46]);    MULADD(at[19], at[45]);    MULADD(at[20], at[44]);    MULADD(at[21], at[43]);    MULADD(at[22], at[42]);    MULADD(at[23], at[41]);    MULADD(at[24], at[40]);    MULADD(at[25], at[39]);    MULADD(at[26], at[38]);    MULADD(at[27], at[37]);    MULADD(at[28], at[36]);    MULADD(at[29], at[35]);    MULADD(at[30], at[34]);    MULADD(at[31], at[33]); 
+   COMBA_STORE(C->dp[32]);
+   /* 33 */
+   COMBA_FORWARD;
+   MULADD(at[2], at[63]);    MULADD(at[3], at[62]);    MULADD(at[4], at[61]);    MULADD(at[5], at[60]);    MULADD(at[6], at[59]);    MULADD(at[7], at[58]);    MULADD(at[8], at[57]);    MULADD(at[9], at[56]);    MULADD(at[10], at[55]);    MULADD(at[11], at[54]);    MULADD(at[12], at[53]);    MULADD(at[13], at[52]);    MULADD(at[14], at[51]);    MULADD(at[15], at[50]);    MULADD(at[16], at[49]);    MULADD(at[17], at[48]);    MULADD(at[18], at[47]);    MULADD(at[19], at[46]);    MULADD(at[20], at[45]);    MULADD(at[21], at[44]);    MULADD(at[22], at[43]);    MULADD(at[23], at[42]);    MULADD(at[24], at[41]);    MULADD(at[25], at[40]);    MULADD(at[26], at[39]);    MULADD(at[27], at[38]);    MULADD(at[28], at[37]);    MULADD(at[29], at[36]);    MULADD(at[30], at[35]);    MULADD(at[31], at[34]); 
+   COMBA_STORE(C->dp[33]);
+   /* 34 */
+   COMBA_FORWARD;
+   MULADD(at[3], at[63]);    MULADD(at[4], at[62]);    MULADD(at[5], at[61]);    MULADD(at[6], at[60]);    MULADD(at[7], at[59]);    MULADD(at[8], at[58]);    MULADD(at[9], at[57]);    MULADD(at[10], at[56]);    MULADD(at[11], at[55]);    MULADD(at[12], at[54]);    MULADD(at[13], at[53]);    MULADD(at[14], at[52]);    MULADD(at[15], at[51]);    MULADD(at[16], at[50]);    MULADD(at[17], at[49]);    MULADD(at[18], at[48]);    MULADD(at[19], at[47]);    MULADD(at[20], at[46]);    MULADD(at[21], at[45]);    MULADD(at[22], at[44]);    MULADD(at[23], at[43]);    MULADD(at[24], at[42]);    MULADD(at[25], at[41]);    MULADD(at[26], at[40]);    MULADD(at[27], at[39]);    MULADD(at[28], at[38]);    MULADD(at[29], at[37]);    MULADD(at[30], at[36]);    MULADD(at[31], at[35]); 
+   COMBA_STORE(C->dp[34]);
+   /* 35 */
+   COMBA_FORWARD;
+   MULADD(at[4], at[63]);    MULADD(at[5], at[62]);    MULADD(at[6], at[61]);    MULADD(at[7], at[60]);    MULADD(at[8], at[59]);    MULADD(at[9], at[58]);    MULADD(at[10], at[57]);    MULADD(at[11], at[56]);    MULADD(at[12], at[55]);    MULADD(at[13], at[54]);    MULADD(at[14], at[53]);    MULADD(at[15], at[52]);    MULADD(at[16], at[51]);    MULADD(at[17], at[50]);    MULADD(at[18], at[49]);    MULADD(at[19], at[48]);    MULADD(at[20], at[47]);    MULADD(at[21], at[46]);    MULADD(at[22], at[45]);    MULADD(at[23], at[44]);    MULADD(at[24], at[43]);    MULADD(at[25], at[42]);    MULADD(at[26], at[41]);    MULADD(at[27], at[40]);    MULADD(at[28], at[39]);    MULADD(at[29], at[38]);    MULADD(at[30], at[37]);    MULADD(at[31], at[36]); 
+   COMBA_STORE(C->dp[35]);
+   /* 36 */
+   COMBA_FORWARD;
+   MULADD(at[5], at[63]);    MULADD(at[6], at[62]);    MULADD(at[7], at[61]);    MULADD(at[8], at[60]);    MULADD(at[9], at[59]);    MULADD(at[10], at[58]);    MULADD(at[11], at[57]);    MULADD(at[12], at[56]);    MULADD(at[13], at[55]);    MULADD(at[14], at[54]);    MULADD(at[15], at[53]);    MULADD(at[16], at[52]);    MULADD(at[17], at[51]);    MULADD(at[18], at[50]);    MULADD(at[19], at[49]);    MULADD(at[20], at[48]);    MULADD(at[21], at[47]);    MULADD(at[22], at[46]);    MULADD(at[23], at[45]);    MULADD(at[24], at[44]);    MULADD(at[25], at[43]);    MULADD(at[26], at[42]);    MULADD(at[27], at[41]);    MULADD(at[28], at[40]);    MULADD(at[29], at[39]);    MULADD(at[30], at[38]);    MULADD(at[31], at[37]); 
+   COMBA_STORE(C->dp[36]);
+   /* 37 */
+   COMBA_FORWARD;
+   MULADD(at[6], at[63]);    MULADD(at[7], at[62]);    MULADD(at[8], at[61]);    MULADD(at[9], at[60]);    MULADD(at[10], at[59]);    MULADD(at[11], at[58]);    MULADD(at[12], at[57]);    MULADD(at[13], at[56]);    MULADD(at[14], at[55]);    MULADD(at[15], at[54]);    MULADD(at[16], at[53]);    MULADD(at[17], at[52]);    MULADD(at[18], at[51]);    MULADD(at[19], at[50]);    MULADD(at[20], at[49]);    MULADD(at[21], at[48]);    MULADD(at[22], at[47]);    MULADD(at[23], at[46]);    MULADD(at[24], at[45]);    MULADD(at[25], at[44]);    MULADD(at[26], at[43]);    MULADD(at[27], at[42]);    MULADD(at[28], at[41]);    MULADD(at[29], at[40]);    MULADD(at[30], at[39]);    MULADD(at[31], at[38]); 
+   COMBA_STORE(C->dp[37]);
+   /* 38 */
+   COMBA_FORWARD;
+   MULADD(at[7], at[63]);    MULADD(at[8], at[62]);    MULADD(at[9], at[61]);    MULADD(at[10], at[60]);    MULADD(at[11], at[59]);    MULADD(at[12], at[58]);    MULADD(at[13], at[57]);    MULADD(at[14], at[56]);    MULADD(at[15], at[55]);    MULADD(at[16], at[54]);    MULADD(at[17], at[53]);    MULADD(at[18], at[52]);    MULADD(at[19], at[51]);    MULADD(at[20], at[50]);    MULADD(at[21], at[49]);    MULADD(at[22], at[48]);    MULADD(at[23], at[47]);    MULADD(at[24], at[46]);    MULADD(at[25], at[45]);    MULADD(at[26], at[44]);    MULADD(at[27], at[43]);    MULADD(at[28], at[42]);    MULADD(at[29], at[41]);    MULADD(at[30], at[40]);    MULADD(at[31], at[39]); 
+   COMBA_STORE(C->dp[38]);
+   /* 39 */
+   COMBA_FORWARD;
+   MULADD(at[8], at[63]);    MULADD(at[9], at[62]);    MULADD(at[10], at[61]);    MULADD(at[11], at[60]);    MULADD(at[12], at[59]);    MULADD(at[13], at[58]);    MULADD(at[14], at[57]);    MULADD(at[15], at[56]);    MULADD(at[16], at[55]);    MULADD(at[17], at[54]);    MULADD(at[18], at[53]);    MULADD(at[19], at[52]);    MULADD(at[20], at[51]);    MULADD(at[21], at[50]);    MULADD(at[22], at[49]);    MULADD(at[23], at[48]);    MULADD(at[24], at[47]);    MULADD(at[25], at[46]);    MULADD(at[26], at[45]);    MULADD(at[27], at[44]);    MULADD(at[28], at[43]);    MULADD(at[29], at[42]);    MULADD(at[30], at[41]);    MULADD(at[31], at[40]); 
+   COMBA_STORE(C->dp[39]);
+   /* 40 */
+   COMBA_FORWARD;
+   MULADD(at[9], at[63]);    MULADD(at[10], at[62]);    MULADD(at[11], at[61]);    MULADD(at[12], at[60]);    MULADD(at[13], at[59]);    MULADD(at[14], at[58]);    MULADD(at[15], at[57]);    MULADD(at[16], at[56]);    MULADD(at[17], at[55]);    MULADD(at[18], at[54]);    MULADD(at[19], at[53]);    MULADD(at[20], at[52]);    MULADD(at[21], at[51]);    MULADD(at[22], at[50]);    MULADD(at[23], at[49]);    MULADD(at[24], at[48]);    MULADD(at[25], at[47]);    MULADD(at[26], at[46]);    MULADD(at[27], at[45]);    MULADD(at[28], at[44]);    MULADD(at[29], at[43]);    MULADD(at[30], at[42]);    MULADD(at[31], at[41]); 
+   COMBA_STORE(C->dp[40]);
+   /* 41 */
+   COMBA_FORWARD;
+   MULADD(at[10], at[63]);    MULADD(at[11], at[62]);    MULADD(at[12], at[61]);    MULADD(at[13], at[60]);    MULADD(at[14], at[59]);    MULADD(at[15], at[58]);    MULADD(at[16], at[57]);    MULADD(at[17], at[56]);    MULADD(at[18], at[55]);    MULADD(at[19], at[54]);    MULADD(at[20], at[53]);    MULADD(at[21], at[52]);    MULADD(at[22], at[51]);    MULADD(at[23], at[50]);    MULADD(at[24], at[49]);    MULADD(at[25], at[48]);    MULADD(at[26], at[47]);    MULADD(at[27], at[46]);    MULADD(at[28], at[45]);    MULADD(at[29], at[44]);    MULADD(at[30], at[43]);    MULADD(at[31], at[42]); 
+   COMBA_STORE(C->dp[41]);
+   /* 42 */
+   COMBA_FORWARD;
+   MULADD(at[11], at[63]);    MULADD(at[12], at[62]);    MULADD(at[13], at[61]);    MULADD(at[14], at[60]);    MULADD(at[15], at[59]);    MULADD(at[16], at[58]);    MULADD(at[17], at[57]);    MULADD(at[18], at[56]);    MULADD(at[19], at[55]);    MULADD(at[20], at[54]);    MULADD(at[21], at[53]);    MULADD(at[22], at[52]);    MULADD(at[23], at[51]);    MULADD(at[24], at[50]);    MULADD(at[25], at[49]);    MULADD(at[26], at[48]);    MULADD(at[27], at[47]);    MULADD(at[28], at[46]);    MULADD(at[29], at[45]);    MULADD(at[30], at[44]);    MULADD(at[31], at[43]); 
+   COMBA_STORE(C->dp[42]);
+   /* 43 */
+   COMBA_FORWARD;
+   MULADD(at[12], at[63]);    MULADD(at[13], at[62]);    MULADD(at[14], at[61]);    MULADD(at[15], at[60]);    MULADD(at[16], at[59]);    MULADD(at[17], at[58]);    MULADD(at[18], at[57]);    MULADD(at[19], at[56]);    MULADD(at[20], at[55]);    MULADD(at[21], at[54]);    MULADD(at[22], at[53]);    MULADD(at[23], at[52]);    MULADD(at[24], at[51]);    MULADD(at[25], at[50]);    MULADD(at[26], at[49]);    MULADD(at[27], at[48]);    MULADD(at[28], at[47]);    MULADD(at[29], at[46]);    MULADD(at[30], at[45]);    MULADD(at[31], at[44]); 
+   COMBA_STORE(C->dp[43]);
+   /* 44 */
+   COMBA_FORWARD;
+   MULADD(at[13], at[63]);    MULADD(at[14], at[62]);    MULADD(at[15], at[61]);    MULADD(at[16], at[60]);    MULADD(at[17], at[59]);    MULADD(at[18], at[58]);    MULADD(at[19], at[57]);    MULADD(at[20], at[56]);    MULADD(at[21], at[55]);    MULADD(at[22], at[54]);    MULADD(at[23], at[53]);    MULADD(at[24], at[52]);    MULADD(at[25], at[51]);    MULADD(at[26], at[50]);    MULADD(at[27], at[49]);    MULADD(at[28], at[48]);    MULADD(at[29], at[47]);    MULADD(at[30], at[46]);    MULADD(at[31], at[45]); 
+   COMBA_STORE(C->dp[44]);
+   /* 45 */
+   COMBA_FORWARD;
+   MULADD(at[14], at[63]);    MULADD(at[15], at[62]);    MULADD(at[16], at[61]);    MULADD(at[17], at[60]);    MULADD(at[18], at[59]);    MULADD(at[19], at[58]);    MULADD(at[20], at[57]);    MULADD(at[21], at[56]);    MULADD(at[22], at[55]);    MULADD(at[23], at[54]);    MULADD(at[24], at[53]);    MULADD(at[25], at[52]);    MULADD(at[26], at[51]);    MULADD(at[27], at[50]);    MULADD(at[28], at[49]);    MULADD(at[29], at[48]);    MULADD(at[30], at[47]);    MULADD(at[31], at[46]); 
+   COMBA_STORE(C->dp[45]);
+   /* 46 */
+   COMBA_FORWARD;
+   MULADD(at[15], at[63]);    MULADD(at[16], at[62]);    MULADD(at[17], at[61]);    MULADD(at[18], at[60]);    MULADD(at[19], at[59]);    MULADD(at[20], at[58]);    MULADD(at[21], at[57]);    MULADD(at[22], at[56]);    MULADD(at[23], at[55]);    MULADD(at[24], at[54]);    MULADD(at[25], at[53]);    MULADD(at[26], at[52]);    MULADD(at[27], at[51]);    MULADD(at[28], at[50]);    MULADD(at[29], at[49]);    MULADD(at[30], at[48]);    MULADD(at[31], at[47]); 
+   COMBA_STORE(C->dp[46]);
+   /* 47 */
+   COMBA_FORWARD;
+   MULADD(at[16], at[63]);    MULADD(at[17], at[62]);    MULADD(at[18], at[61]);    MULADD(at[19], at[60]);    MULADD(at[20], at[59]);    MULADD(at[21], at[58]);    MULADD(at[22], at[57]);    MULADD(at[23], at[56]);    MULADD(at[24], at[55]);    MULADD(at[25], at[54]);    MULADD(at[26], at[53]);    MULADD(at[27], at[52]);    MULADD(at[28], at[51]);    MULADD(at[29], at[50]);    MULADD(at[30], at[49]);    MULADD(at[31], at[48]); 
+   COMBA_STORE(C->dp[47]);
+   /* 48 */
+   COMBA_FORWARD;
+   MULADD(at[17], at[63]);    MULADD(at[18], at[62]);    MULADD(at[19], at[61]);    MULADD(at[20], at[60]);    MULADD(at[21], at[59]);    MULADD(at[22], at[58]);    MULADD(at[23], at[57]);    MULADD(at[24], at[56]);    MULADD(at[25], at[55]);    MULADD(at[26], at[54]);    MULADD(at[27], at[53]);    MULADD(at[28], at[52]);    MULADD(at[29], at[51]);    MULADD(at[30], at[50]);    MULADD(at[31], at[49]); 
+   COMBA_STORE(C->dp[48]);
+   /* 49 */
+   COMBA_FORWARD;
+   MULADD(at[18], at[63]);    MULADD(at[19], at[62]);    MULADD(at[20], at[61]);    MULADD(at[21], at[60]);    MULADD(at[22], at[59]);    MULADD(at[23], at[58]);    MULADD(at[24], at[57]);    MULADD(at[25], at[56]);    MULADD(at[26], at[55]);    MULADD(at[27], at[54]);    MULADD(at[28], at[53]);    MULADD(at[29], at[52]);    MULADD(at[30], at[51]);    MULADD(at[31], at[50]); 
+   COMBA_STORE(C->dp[49]);
+   /* 50 */
+   COMBA_FORWARD;
+   MULADD(at[19], at[63]);    MULADD(at[20], at[62]);    MULADD(at[21], at[61]);    MULADD(at[22], at[60]);    MULADD(at[23], at[59]);    MULADD(at[24], at[58]);    MULADD(at[25], at[57]);    MULADD(at[26], at[56]);    MULADD(at[27], at[55]);    MULADD(at[28], at[54]);    MULADD(at[29], at[53]);    MULADD(at[30], at[52]);    MULADD(at[31], at[51]); 
+   COMBA_STORE(C->dp[50]);
+   /* 51 */
+   COMBA_FORWARD;
+   MULADD(at[20], at[63]);    MULADD(at[21], at[62]);    MULADD(at[22], at[61]);    MULADD(at[23], at[60]);    MULADD(at[24], at[59]);    MULADD(at[25], at[58]);    MULADD(at[26], at[57]);    MULADD(at[27], at[56]);    MULADD(at[28], at[55]);    MULADD(at[29], at[54]);    MULADD(at[30], at[53]);    MULADD(at[31], at[52]); 
+   COMBA_STORE(C->dp[51]);
+   /* 52 */
+   COMBA_FORWARD;
+   MULADD(at[21], at[63]);    MULADD(at[22], at[62]);    MULADD(at[23], at[61]);    MULADD(at[24], at[60]);    MULADD(at[25], at[59]);    MULADD(at[26], at[58]);    MULADD(at[27], at[57]);    MULADD(at[28], at[56]);    MULADD(at[29], at[55]);    MULADD(at[30], at[54]);    MULADD(at[31], at[53]); 
+   COMBA_STORE(C->dp[52]);
+   /* 53 */
+   COMBA_FORWARD;
+   MULADD(at[22], at[63]);    MULADD(at[23], at[62]);    MULADD(at[24], at[61]);    MULADD(at[25], at[60]);    MULADD(at[26], at[59]);    MULADD(at[27], at[58]);    MULADD(at[28], at[57]);    MULADD(at[29], at[56]);    MULADD(at[30], at[55]);    MULADD(at[31], at[54]); 
+   COMBA_STORE(C->dp[53]);
+   /* 54 */
+   COMBA_FORWARD;
+   MULADD(at[23], at[63]);    MULADD(at[24], at[62]);    MULADD(at[25], at[61]);    MULADD(at[26], at[60]);    MULADD(at[27], at[59]);    MULADD(at[28], at[58]);    MULADD(at[29], at[57]);    MULADD(at[30], at[56]);    MULADD(at[31], at[55]); 
+   COMBA_STORE(C->dp[54]);
+   /* 55 */
+   COMBA_FORWARD;
+   MULADD(at[24], at[63]);    MULADD(at[25], at[62]);    MULADD(at[26], at[61]);    MULADD(at[27], at[60]);    MULADD(at[28], at[59]);    MULADD(at[29], at[58]);    MULADD(at[30], at[57]);    MULADD(at[31], at[56]); 
+   COMBA_STORE(C->dp[55]);
+   /* 56 */
+   COMBA_FORWARD;
+   MULADD(at[25], at[63]);    MULADD(at[26], at[62]);    MULADD(at[27], at[61]);    MULADD(at[28], at[60]);    MULADD(at[29], at[59]);    MULADD(at[30], at[58]);    MULADD(at[31], at[57]); 
+   COMBA_STORE(C->dp[56]);
+   /* 57 */
+   COMBA_FORWARD;
+   MULADD(at[26], at[63]);    MULADD(at[27], at[62]);    MULADD(at[28], at[61]);    MULADD(at[29], at[60]);    MULADD(at[30], at[59]);    MULADD(at[31], at[58]); 
+   COMBA_STORE(C->dp[57]);
+   /* 58 */
+   COMBA_FORWARD;
+   MULADD(at[27], at[63]);    MULADD(at[28], at[62]);    MULADD(at[29], at[61]);    MULADD(at[30], at[60]);    MULADD(at[31], at[59]); 
+   COMBA_STORE(C->dp[58]);
+   /* 59 */
+   COMBA_FORWARD;
+   MULADD(at[28], at[63]);    MULADD(at[29], at[62]);    MULADD(at[30], at[61]);    MULADD(at[31], at[60]); 
+   COMBA_STORE(C->dp[59]);
+   /* 60 */
+   COMBA_FORWARD;
+   MULADD(at[29], at[63]);    MULADD(at[30], at[62]);    MULADD(at[31], at[61]); 
+   COMBA_STORE(C->dp[60]);
+   /* 61 */
+   COMBA_FORWARD;
+   MULADD(at[30], at[63]);    MULADD(at[31], at[62]); 
+   COMBA_STORE(C->dp[61]);
+   /* 62 */
+   COMBA_FORWARD;
+   MULADD(at[31], at[63]); 
+   COMBA_STORE(C->dp[62]);
+   COMBA_STORE2(C->dp[63]);
+   C->used = 64;
+   C->sign = A->sign ^ B->sign;
+   mp_clamp(C);
+   COMBA_FINI;
+}
+
+
+
+void s_mp_sqr_comba_4(const mp_int *A, mp_int *B)
+{
+   mp_digit *a, b[8], c0, c1, c2;
+
+   a = A->dp;
+   COMBA_START; 
+
+   /* clear carries */
+   CLEAR_CARRY;
+
+   /* output 0 */
+   SQRADD(a[0],a[0]);
+   COMBA_STORE(b[0]);
+
+   /* output 1 */
+   CARRY_FORWARD;
+   SQRADD2(a[0], a[1]); 
+   COMBA_STORE(b[1]);
+
+   /* output 2 */
+   CARRY_FORWARD;
+   SQRADD2(a[0], a[2]);    SQRADD(a[1], a[1]); 
+   COMBA_STORE(b[2]);
+
+   /* output 3 */
+   CARRY_FORWARD;
+   SQRADD2(a[0], a[3]);    SQRADD2(a[1], a[2]); 
+   COMBA_STORE(b[3]);
+
+   /* output 4 */
+   CARRY_FORWARD;
+   SQRADD2(a[1], a[3]);    SQRADD(a[2], a[2]); 
+   COMBA_STORE(b[4]);
+
+   /* output 5 */
+   CARRY_FORWARD;
+   SQRADD2(a[2], a[3]); 
+   COMBA_STORE(b[5]);
+
+   /* output 6 */
+   CARRY_FORWARD;
+   SQRADD(a[3], a[3]); 
+   COMBA_STORE(b[6]);
+   COMBA_STORE2(b[7]);
+   COMBA_FINI;
+
+   B->used = 8;
+   B->sign = ZPOS;
+   memcpy(B->dp, b, 8 * sizeof(mp_digit));
+   mp_clamp(B);
+}
+
+void s_mp_sqr_comba_8(const mp_int *A, mp_int *B)
+{
+   mp_digit *a, b[16], c0, c1, c2, sc0, sc1, sc2;
+
+   a = A->dp;
+   COMBA_START; 
+
+   /* clear carries */
+   CLEAR_CARRY;
+
+   /* output 0 */
+   SQRADD(a[0],a[0]);
+   COMBA_STORE(b[0]);
+
+   /* output 1 */
+   CARRY_FORWARD;
+   SQRADD2(a[0], a[1]); 
+   COMBA_STORE(b[1]);
+
+   /* output 2 */
+   CARRY_FORWARD;
+   SQRADD2(a[0], a[2]);    SQRADD(a[1], a[1]); 
+   COMBA_STORE(b[2]);
+
+   /* output 3 */
+   CARRY_FORWARD;
+   SQRADD2(a[0], a[3]);    SQRADD2(a[1], a[2]); 
+   COMBA_STORE(b[3]);
+
+   /* output 4 */
+   CARRY_FORWARD;
+   SQRADD2(a[0], a[4]);    SQRADD2(a[1], a[3]);    SQRADD(a[2], a[2]); 
+   COMBA_STORE(b[4]);
+
+   /* output 5 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[5]); SQRADDAC(a[1], a[4]); SQRADDAC(a[2], a[3]); SQRADDDB; 
+   COMBA_STORE(b[5]);
+
+   /* output 6 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[6]); SQRADDAC(a[1], a[5]); SQRADDAC(a[2], a[4]); SQRADDDB; SQRADD(a[3], a[3]); 
+   COMBA_STORE(b[6]);
+
+   /* output 7 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[7]); SQRADDAC(a[1], a[6]); SQRADDAC(a[2], a[5]); SQRADDAC(a[3], a[4]); SQRADDDB; 
+   COMBA_STORE(b[7]);
+
+   /* output 8 */
+   CARRY_FORWARD;
+   SQRADDSC(a[1], a[7]); SQRADDAC(a[2], a[6]); SQRADDAC(a[3], a[5]); SQRADDDB; SQRADD(a[4], a[4]); 
+   COMBA_STORE(b[8]);
+
+   /* output 9 */
+   CARRY_FORWARD;
+   SQRADDSC(a[2], a[7]); SQRADDAC(a[3], a[6]); SQRADDAC(a[4], a[5]); SQRADDDB; 
+   COMBA_STORE(b[9]);
+
+   /* output 10 */
+   CARRY_FORWARD;
+   SQRADD2(a[3], a[7]);    SQRADD2(a[4], a[6]);    SQRADD(a[5], a[5]); 
+   COMBA_STORE(b[10]);
+
+   /* output 11 */
+   CARRY_FORWARD;
+   SQRADD2(a[4], a[7]);    SQRADD2(a[5], a[6]); 
+   COMBA_STORE(b[11]);
+
+   /* output 12 */
+   CARRY_FORWARD;
+   SQRADD2(a[5], a[7]);    SQRADD(a[6], a[6]); 
+   COMBA_STORE(b[12]);
+
+   /* output 13 */
+   CARRY_FORWARD;
+   SQRADD2(a[6], a[7]); 
+   COMBA_STORE(b[13]);
+
+   /* output 14 */
+   CARRY_FORWARD;
+   SQRADD(a[7], a[7]); 
+   COMBA_STORE(b[14]);
+   COMBA_STORE2(b[15]);
+   COMBA_FINI;
+
+   B->used = 16;
+   B->sign = ZPOS;
+   memcpy(B->dp, b, 16 * sizeof(mp_digit));
+   mp_clamp(B);
+}
+
+void s_mp_sqr_comba_16(const mp_int *A, mp_int *B)
+{
+   mp_digit *a, b[32], c0, c1, c2, sc0, sc1, sc2;
+
+   a = A->dp;
+   COMBA_START; 
+
+   /* clear carries */
+   CLEAR_CARRY;
+
+   /* output 0 */
+   SQRADD(a[0],a[0]);
+   COMBA_STORE(b[0]);
+
+   /* output 1 */
+   CARRY_FORWARD;
+   SQRADD2(a[0], a[1]); 
+   COMBA_STORE(b[1]);
+
+   /* output 2 */
+   CARRY_FORWARD;
+   SQRADD2(a[0], a[2]);    SQRADD(a[1], a[1]); 
+   COMBA_STORE(b[2]);
+
+   /* output 3 */
+   CARRY_FORWARD;
+   SQRADD2(a[0], a[3]);    SQRADD2(a[1], a[2]); 
+   COMBA_STORE(b[3]);
+
+   /* output 4 */
+   CARRY_FORWARD;
+   SQRADD2(a[0], a[4]);    SQRADD2(a[1], a[3]);    SQRADD(a[2], a[2]); 
+   COMBA_STORE(b[4]);
+
+   /* output 5 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[5]); SQRADDAC(a[1], a[4]); SQRADDAC(a[2], a[3]); SQRADDDB; 
+   COMBA_STORE(b[5]);
+
+   /* output 6 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[6]); SQRADDAC(a[1], a[5]); SQRADDAC(a[2], a[4]); SQRADDDB; SQRADD(a[3], a[3]); 
+   COMBA_STORE(b[6]);
+
+   /* output 7 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[7]); SQRADDAC(a[1], a[6]); SQRADDAC(a[2], a[5]); SQRADDAC(a[3], a[4]); SQRADDDB; 
+   COMBA_STORE(b[7]);
+
+   /* output 8 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[8]); SQRADDAC(a[1], a[7]); SQRADDAC(a[2], a[6]); SQRADDAC(a[3], a[5]); SQRADDDB; SQRADD(a[4], a[4]); 
+   COMBA_STORE(b[8]);
+
+   /* output 9 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[9]); SQRADDAC(a[1], a[8]); SQRADDAC(a[2], a[7]); SQRADDAC(a[3], a[6]); SQRADDAC(a[4], a[5]); SQRADDDB; 
+   COMBA_STORE(b[9]);
+
+   /* output 10 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[10]); SQRADDAC(a[1], a[9]); SQRADDAC(a[2], a[8]); SQRADDAC(a[3], a[7]); SQRADDAC(a[4], a[6]); SQRADDDB; SQRADD(a[5], a[5]); 
+   COMBA_STORE(b[10]);
+
+   /* output 11 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[11]); SQRADDAC(a[1], a[10]); SQRADDAC(a[2], a[9]); SQRADDAC(a[3], a[8]); SQRADDAC(a[4], a[7]); SQRADDAC(a[5], a[6]); SQRADDDB; 
+   COMBA_STORE(b[11]);
+
+   /* output 12 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[12]); SQRADDAC(a[1], a[11]); SQRADDAC(a[2], a[10]); SQRADDAC(a[3], a[9]); SQRADDAC(a[4], a[8]); SQRADDAC(a[5], a[7]); SQRADDDB; SQRADD(a[6], a[6]); 
+   COMBA_STORE(b[12]);
+
+   /* output 13 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[13]); SQRADDAC(a[1], a[12]); SQRADDAC(a[2], a[11]); SQRADDAC(a[3], a[10]); SQRADDAC(a[4], a[9]); SQRADDAC(a[5], a[8]); SQRADDAC(a[6], a[7]); SQRADDDB; 
+   COMBA_STORE(b[13]);
+
+   /* output 14 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[14]); SQRADDAC(a[1], a[13]); SQRADDAC(a[2], a[12]); SQRADDAC(a[3], a[11]); SQRADDAC(a[4], a[10]); SQRADDAC(a[5], a[9]); SQRADDAC(a[6], a[8]); SQRADDDB; SQRADD(a[7], a[7]); 
+   COMBA_STORE(b[14]);
+
+   /* output 15 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[15]); SQRADDAC(a[1], a[14]); SQRADDAC(a[2], a[13]); SQRADDAC(a[3], a[12]); SQRADDAC(a[4], a[11]); SQRADDAC(a[5], a[10]); SQRADDAC(a[6], a[9]); SQRADDAC(a[7], a[8]); SQRADDDB; 
+   COMBA_STORE(b[15]);
+
+   /* output 16 */
+   CARRY_FORWARD;
+   SQRADDSC(a[1], a[15]); SQRADDAC(a[2], a[14]); SQRADDAC(a[3], a[13]); SQRADDAC(a[4], a[12]); SQRADDAC(a[5], a[11]); SQRADDAC(a[6], a[10]); SQRADDAC(a[7], a[9]); SQRADDDB; SQRADD(a[8], a[8]); 
+   COMBA_STORE(b[16]);
+
+   /* output 17 */
+   CARRY_FORWARD;
+   SQRADDSC(a[2], a[15]); SQRADDAC(a[3], a[14]); SQRADDAC(a[4], a[13]); SQRADDAC(a[5], a[12]); SQRADDAC(a[6], a[11]); SQRADDAC(a[7], a[10]); SQRADDAC(a[8], a[9]); SQRADDDB; 
+   COMBA_STORE(b[17]);
+
+   /* output 18 */
+   CARRY_FORWARD;
+   SQRADDSC(a[3], a[15]); SQRADDAC(a[4], a[14]); SQRADDAC(a[5], a[13]); SQRADDAC(a[6], a[12]); SQRADDAC(a[7], a[11]); SQRADDAC(a[8], a[10]); SQRADDDB; SQRADD(a[9], a[9]); 
+   COMBA_STORE(b[18]);
+
+   /* output 19 */
+   CARRY_FORWARD;
+   SQRADDSC(a[4], a[15]); SQRADDAC(a[5], a[14]); SQRADDAC(a[6], a[13]); SQRADDAC(a[7], a[12]); SQRADDAC(a[8], a[11]); SQRADDAC(a[9], a[10]); SQRADDDB; 
+   COMBA_STORE(b[19]);
+
+   /* output 20 */
+   CARRY_FORWARD;
+   SQRADDSC(a[5], a[15]); SQRADDAC(a[6], a[14]); SQRADDAC(a[7], a[13]); SQRADDAC(a[8], a[12]); SQRADDAC(a[9], a[11]); SQRADDDB; SQRADD(a[10], a[10]); 
+   COMBA_STORE(b[20]);
+
+   /* output 21 */
+   CARRY_FORWARD;
+   SQRADDSC(a[6], a[15]); SQRADDAC(a[7], a[14]); SQRADDAC(a[8], a[13]); SQRADDAC(a[9], a[12]); SQRADDAC(a[10], a[11]); SQRADDDB; 
+   COMBA_STORE(b[21]);
+
+   /* output 22 */
+   CARRY_FORWARD;
+   SQRADDSC(a[7], a[15]); SQRADDAC(a[8], a[14]); SQRADDAC(a[9], a[13]); SQRADDAC(a[10], a[12]); SQRADDDB; SQRADD(a[11], a[11]); 
+   COMBA_STORE(b[22]);
+
+   /* output 23 */
+   CARRY_FORWARD;
+   SQRADDSC(a[8], a[15]); SQRADDAC(a[9], a[14]); SQRADDAC(a[10], a[13]); SQRADDAC(a[11], a[12]); SQRADDDB; 
+   COMBA_STORE(b[23]);
+
+   /* output 24 */
+   CARRY_FORWARD;
+   SQRADDSC(a[9], a[15]); SQRADDAC(a[10], a[14]); SQRADDAC(a[11], a[13]); SQRADDDB; SQRADD(a[12], a[12]); 
+   COMBA_STORE(b[24]);
+
+   /* output 25 */
+   CARRY_FORWARD;
+   SQRADDSC(a[10], a[15]); SQRADDAC(a[11], a[14]); SQRADDAC(a[12], a[13]); SQRADDDB; 
+   COMBA_STORE(b[25]);
+
+   /* output 26 */
+   CARRY_FORWARD;
+   SQRADD2(a[11], a[15]);    SQRADD2(a[12], a[14]);    SQRADD(a[13], a[13]); 
+   COMBA_STORE(b[26]);
+
+   /* output 27 */
+   CARRY_FORWARD;
+   SQRADD2(a[12], a[15]);    SQRADD2(a[13], a[14]); 
+   COMBA_STORE(b[27]);
+
+   /* output 28 */
+   CARRY_FORWARD;
+   SQRADD2(a[13], a[15]);    SQRADD(a[14], a[14]); 
+   COMBA_STORE(b[28]);
+
+   /* output 29 */
+   CARRY_FORWARD;
+   SQRADD2(a[14], a[15]); 
+   COMBA_STORE(b[29]);
+
+   /* output 30 */
+   CARRY_FORWARD;
+   SQRADD(a[15], a[15]); 
+   COMBA_STORE(b[30]);
+   COMBA_STORE2(b[31]);
+   COMBA_FINI;
+
+   B->used = 32;
+   B->sign = ZPOS;
+   memcpy(B->dp, b, 32 * sizeof(mp_digit));
+   mp_clamp(B);
+}
+
+
+void s_mp_sqr_comba_32(const mp_int *A, mp_int *B)
+{
+   mp_digit *a, b[64], c0, c1, c2, sc0, sc1, sc2;
+
+   a = A->dp;
+   COMBA_START; 
+
+   /* clear carries */
+   CLEAR_CARRY;
+
+   /* output 0 */
+   SQRADD(a[0],a[0]);
+   COMBA_STORE(b[0]);
+
+   /* output 1 */
+   CARRY_FORWARD;
+   SQRADD2(a[0], a[1]); 
+   COMBA_STORE(b[1]);
+
+   /* output 2 */
+   CARRY_FORWARD;
+   SQRADD2(a[0], a[2]); SQRADD(a[1], a[1]); 
+   COMBA_STORE(b[2]);
+
+   /* output 3 */
+   CARRY_FORWARD;
+   SQRADD2(a[0], a[3]); SQRADD2(a[1], a[2]); 
+   COMBA_STORE(b[3]);
+
+   /* output 4 */
+   CARRY_FORWARD;
+   SQRADD2(a[0], a[4]); SQRADD2(a[1], a[3]); SQRADD(a[2], a[2]); 
+   COMBA_STORE(b[4]);
+
+   /* output 5 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[5]); SQRADDAC(a[1], a[4]); SQRADDAC(a[2], a[3]); SQRADDDB; 
+   COMBA_STORE(b[5]);
+
+   /* output 6 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[6]); SQRADDAC(a[1], a[5]); SQRADDAC(a[2], a[4]); SQRADDDB; SQRADD(a[3], a[3]); 
+   COMBA_STORE(b[6]);
+
+   /* output 7 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[7]); SQRADDAC(a[1], a[6]); SQRADDAC(a[2], a[5]); SQRADDAC(a[3], a[4]); SQRADDDB; 
+   COMBA_STORE(b[7]);
+
+   /* output 8 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[8]); SQRADDAC(a[1], a[7]); SQRADDAC(a[2], a[6]); SQRADDAC(a[3], a[5]); SQRADDDB; SQRADD(a[4], a[4]); 
+   COMBA_STORE(b[8]);
+
+   /* output 9 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[9]); SQRADDAC(a[1], a[8]); SQRADDAC(a[2], a[7]); SQRADDAC(a[3], a[6]); SQRADDAC(a[4], a[5]); SQRADDDB; 
+   COMBA_STORE(b[9]);
+
+   /* output 10 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[10]); SQRADDAC(a[1], a[9]); SQRADDAC(a[2], a[8]); SQRADDAC(a[3], a[7]); SQRADDAC(a[4], a[6]); SQRADDDB; SQRADD(a[5], a[5]); 
+   COMBA_STORE(b[10]);
+
+   /* output 11 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[11]); SQRADDAC(a[1], a[10]); SQRADDAC(a[2], a[9]); SQRADDAC(a[3], a[8]); SQRADDAC(a[4], a[7]); SQRADDAC(a[5], a[6]); SQRADDDB; 
+   COMBA_STORE(b[11]);
+
+   /* output 12 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[12]); SQRADDAC(a[1], a[11]); SQRADDAC(a[2], a[10]); SQRADDAC(a[3], a[9]); SQRADDAC(a[4], a[8]); SQRADDAC(a[5], a[7]); SQRADDDB; SQRADD(a[6], a[6]); 
+   COMBA_STORE(b[12]);
+
+   /* output 13 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[13]); SQRADDAC(a[1], a[12]); SQRADDAC(a[2], a[11]); SQRADDAC(a[3], a[10]); SQRADDAC(a[4], a[9]); SQRADDAC(a[5], a[8]); SQRADDAC(a[6], a[7]); SQRADDDB; 
+   COMBA_STORE(b[13]);
+
+   /* output 14 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[14]); SQRADDAC(a[1], a[13]); SQRADDAC(a[2], a[12]); SQRADDAC(a[3], a[11]); SQRADDAC(a[4], a[10]); SQRADDAC(a[5], a[9]); SQRADDAC(a[6], a[8]); SQRADDDB; SQRADD(a[7], a[7]); 
+   COMBA_STORE(b[14]);
+
+   /* output 15 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[15]); SQRADDAC(a[1], a[14]); SQRADDAC(a[2], a[13]); SQRADDAC(a[3], a[12]); SQRADDAC(a[4], a[11]); SQRADDAC(a[5], a[10]); SQRADDAC(a[6], a[9]); SQRADDAC(a[7], a[8]); SQRADDDB; 
+   COMBA_STORE(b[15]);
+
+   /* output 16 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[16]); SQRADDAC(a[1], a[15]); SQRADDAC(a[2], a[14]); SQRADDAC(a[3], a[13]); SQRADDAC(a[4], a[12]); SQRADDAC(a[5], a[11]); SQRADDAC(a[6], a[10]); SQRADDAC(a[7], a[9]); SQRADDDB; SQRADD(a[8], a[8]); 
+   COMBA_STORE(b[16]);
+
+   /* output 17 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[17]); SQRADDAC(a[1], a[16]); SQRADDAC(a[2], a[15]); SQRADDAC(a[3], a[14]); SQRADDAC(a[4], a[13]); SQRADDAC(a[5], a[12]); SQRADDAC(a[6], a[11]); SQRADDAC(a[7], a[10]); SQRADDAC(a[8], a[9]); SQRADDDB; 
+   COMBA_STORE(b[17]);
+
+   /* output 18 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[18]); SQRADDAC(a[1], a[17]); SQRADDAC(a[2], a[16]); SQRADDAC(a[3], a[15]); SQRADDAC(a[4], a[14]); SQRADDAC(a[5], a[13]); SQRADDAC(a[6], a[12]); SQRADDAC(a[7], a[11]); SQRADDAC(a[8], a[10]); SQRADDDB; SQRADD(a[9], a[9]); 
+   COMBA_STORE(b[18]);
+
+   /* output 19 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[19]); SQRADDAC(a[1], a[18]); SQRADDAC(a[2], a[17]); SQRADDAC(a[3], a[16]); SQRADDAC(a[4], a[15]); SQRADDAC(a[5], a[14]); SQRADDAC(a[6], a[13]); SQRADDAC(a[7], a[12]); SQRADDAC(a[8], a[11]); SQRADDAC(a[9], a[10]); SQRADDDB; 
+   COMBA_STORE(b[19]);
+
+   /* output 20 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[20]); SQRADDAC(a[1], a[19]); SQRADDAC(a[2], a[18]); SQRADDAC(a[3], a[17]); SQRADDAC(a[4], a[16]); SQRADDAC(a[5], a[15]); SQRADDAC(a[6], a[14]); SQRADDAC(a[7], a[13]); SQRADDAC(a[8], a[12]); SQRADDAC(a[9], a[11]); SQRADDDB; SQRADD(a[10], a[10]); 
+   COMBA_STORE(b[20]);
+
+   /* output 21 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[21]); SQRADDAC(a[1], a[20]); SQRADDAC(a[2], a[19]); SQRADDAC(a[3], a[18]); SQRADDAC(a[4], a[17]); SQRADDAC(a[5], a[16]); SQRADDAC(a[6], a[15]); SQRADDAC(a[7], a[14]); SQRADDAC(a[8], a[13]); SQRADDAC(a[9], a[12]); SQRADDAC(a[10], a[11]); SQRADDDB; 
+   COMBA_STORE(b[21]);
+
+   /* output 22 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[22]); SQRADDAC(a[1], a[21]); SQRADDAC(a[2], a[20]); SQRADDAC(a[3], a[19]); SQRADDAC(a[4], a[18]); SQRADDAC(a[5], a[17]); SQRADDAC(a[6], a[16]); SQRADDAC(a[7], a[15]); SQRADDAC(a[8], a[14]); SQRADDAC(a[9], a[13]); SQRADDAC(a[10], a[12]); SQRADDDB; SQRADD(a[11], a[11]); 
+   COMBA_STORE(b[22]);
+
+   /* output 23 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[23]); SQRADDAC(a[1], a[22]); SQRADDAC(a[2], a[21]); SQRADDAC(a[3], a[20]); SQRADDAC(a[4], a[19]); SQRADDAC(a[5], a[18]); SQRADDAC(a[6], a[17]); SQRADDAC(a[7], a[16]); SQRADDAC(a[8], a[15]); SQRADDAC(a[9], a[14]); SQRADDAC(a[10], a[13]); SQRADDAC(a[11], a[12]); SQRADDDB; 
+   COMBA_STORE(b[23]);
+
+   /* output 24 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[24]); SQRADDAC(a[1], a[23]); SQRADDAC(a[2], a[22]); SQRADDAC(a[3], a[21]); SQRADDAC(a[4], a[20]); SQRADDAC(a[5], a[19]); SQRADDAC(a[6], a[18]); SQRADDAC(a[7], a[17]); SQRADDAC(a[8], a[16]); SQRADDAC(a[9], a[15]); SQRADDAC(a[10], a[14]); SQRADDAC(a[11], a[13]); SQRADDDB; SQRADD(a[12], a[12]); 
+   COMBA_STORE(b[24]);
+
+   /* output 25 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[25]); SQRADDAC(a[1], a[24]); SQRADDAC(a[2], a[23]); SQRADDAC(a[3], a[22]); SQRADDAC(a[4], a[21]); SQRADDAC(a[5], a[20]); SQRADDAC(a[6], a[19]); SQRADDAC(a[7], a[18]); SQRADDAC(a[8], a[17]); SQRADDAC(a[9], a[16]); SQRADDAC(a[10], a[15]); SQRADDAC(a[11], a[14]); SQRADDAC(a[12], a[13]); SQRADDDB; 
+   COMBA_STORE(b[25]);
+
+   /* output 26 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[26]); SQRADDAC(a[1], a[25]); SQRADDAC(a[2], a[24]); SQRADDAC(a[3], a[23]); SQRADDAC(a[4], a[22]); SQRADDAC(a[5], a[21]); SQRADDAC(a[6], a[20]); SQRADDAC(a[7], a[19]); SQRADDAC(a[8], a[18]); SQRADDAC(a[9], a[17]); SQRADDAC(a[10], a[16]); SQRADDAC(a[11], a[15]); SQRADDAC(a[12], a[14]); SQRADDDB; SQRADD(a[13], a[13]); 
+   COMBA_STORE(b[26]);
+
+   /* output 27 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[27]); SQRADDAC(a[1], a[26]); SQRADDAC(a[2], a[25]); SQRADDAC(a[3], a[24]); SQRADDAC(a[4], a[23]); SQRADDAC(a[5], a[22]); SQRADDAC(a[6], a[21]); SQRADDAC(a[7], a[20]); SQRADDAC(a[8], a[19]); SQRADDAC(a[9], a[18]); SQRADDAC(a[10], a[17]); SQRADDAC(a[11], a[16]); SQRADDAC(a[12], a[15]); SQRADDAC(a[13], a[14]); SQRADDDB; 
+   COMBA_STORE(b[27]);
+
+   /* output 28 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[28]); SQRADDAC(a[1], a[27]); SQRADDAC(a[2], a[26]); SQRADDAC(a[3], a[25]); SQRADDAC(a[4], a[24]); SQRADDAC(a[5], a[23]); SQRADDAC(a[6], a[22]); SQRADDAC(a[7], a[21]); SQRADDAC(a[8], a[20]); SQRADDAC(a[9], a[19]); SQRADDAC(a[10], a[18]); SQRADDAC(a[11], a[17]); SQRADDAC(a[12], a[16]); SQRADDAC(a[13], a[15]); SQRADDDB; SQRADD(a[14], a[14]); 
+   COMBA_STORE(b[28]);
+
+   /* output 29 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[29]); SQRADDAC(a[1], a[28]); SQRADDAC(a[2], a[27]); SQRADDAC(a[3], a[26]); SQRADDAC(a[4], a[25]); SQRADDAC(a[5], a[24]); SQRADDAC(a[6], a[23]); SQRADDAC(a[7], a[22]); SQRADDAC(a[8], a[21]); SQRADDAC(a[9], a[20]); SQRADDAC(a[10], a[19]); SQRADDAC(a[11], a[18]); SQRADDAC(a[12], a[17]); SQRADDAC(a[13], a[16]); SQRADDAC(a[14], a[15]); SQRADDDB; 
+   COMBA_STORE(b[29]);
+
+   /* output 30 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[30]); SQRADDAC(a[1], a[29]); SQRADDAC(a[2], a[28]); SQRADDAC(a[3], a[27]); SQRADDAC(a[4], a[26]); SQRADDAC(a[5], a[25]); SQRADDAC(a[6], a[24]); SQRADDAC(a[7], a[23]); SQRADDAC(a[8], a[22]); SQRADDAC(a[9], a[21]); SQRADDAC(a[10], a[20]); SQRADDAC(a[11], a[19]); SQRADDAC(a[12], a[18]); SQRADDAC(a[13], a[17]); SQRADDAC(a[14], a[16]); SQRADDDB; SQRADD(a[15], a[15]); 
+   COMBA_STORE(b[30]);
+
+   /* output 31 */
+   CARRY_FORWARD;
+   SQRADDSC(a[0], a[31]); SQRADDAC(a[1], a[30]); SQRADDAC(a[2], a[29]); SQRADDAC(a[3], a[28]); SQRADDAC(a[4], a[27]); SQRADDAC(a[5], a[26]); SQRADDAC(a[6], a[25]); SQRADDAC(a[7], a[24]); SQRADDAC(a[8], a[23]); SQRADDAC(a[9], a[22]); SQRADDAC(a[10], a[21]); SQRADDAC(a[11], a[20]); SQRADDAC(a[12], a[19]); SQRADDAC(a[13], a[18]); SQRADDAC(a[14], a[17]); SQRADDAC(a[15], a[16]); SQRADDDB; 
+   COMBA_STORE(b[31]);
+
+   /* output 32 */
+   CARRY_FORWARD;
+   SQRADDSC(a[1], a[31]); SQRADDAC(a[2], a[30]); SQRADDAC(a[3], a[29]); SQRADDAC(a[4], a[28]); SQRADDAC(a[5], a[27]); SQRADDAC(a[6], a[26]); SQRADDAC(a[7], a[25]); SQRADDAC(a[8], a[24]); SQRADDAC(a[9], a[23]); SQRADDAC(a[10], a[22]); SQRADDAC(a[11], a[21]); SQRADDAC(a[12], a[20]); SQRADDAC(a[13], a[19]); SQRADDAC(a[14], a[18]); SQRADDAC(a[15], a[17]); SQRADDDB; SQRADD(a[16], a[16]); 
+   COMBA_STORE(b[32]);
+
+   /* output 33 */
+   CARRY_FORWARD;
+   SQRADDSC(a[2], a[31]); SQRADDAC(a[3], a[30]); SQRADDAC(a[4], a[29]); SQRADDAC(a[5], a[28]); SQRADDAC(a[6], a[27]); SQRADDAC(a[7], a[26]); SQRADDAC(a[8], a[25]); SQRADDAC(a[9], a[24]); SQRADDAC(a[10], a[23]); SQRADDAC(a[11], a[22]); SQRADDAC(a[12], a[21]); SQRADDAC(a[13], a[20]); SQRADDAC(a[14], a[19]); SQRADDAC(a[15], a[18]); SQRADDAC(a[16], a[17]); SQRADDDB; 
+   COMBA_STORE(b[33]);
+
+   /* output 34 */
+   CARRY_FORWARD;
+   SQRADDSC(a[3], a[31]); SQRADDAC(a[4], a[30]); SQRADDAC(a[5], a[29]); SQRADDAC(a[6], a[28]); SQRADDAC(a[7], a[27]); SQRADDAC(a[8], a[26]); SQRADDAC(a[9], a[25]); SQRADDAC(a[10], a[24]); SQRADDAC(a[11], a[23]); SQRADDAC(a[12], a[22]); SQRADDAC(a[13], a[21]); SQRADDAC(a[14], a[20]); SQRADDAC(a[15], a[19]); SQRADDAC(a[16], a[18]); SQRADDDB; SQRADD(a[17], a[17]); 
+   COMBA_STORE(b[34]);
+
+   /* output 35 */
+   CARRY_FORWARD;
+   SQRADDSC(a[4], a[31]); SQRADDAC(a[5], a[30]); SQRADDAC(a[6], a[29]); SQRADDAC(a[7], a[28]); SQRADDAC(a[8], a[27]); SQRADDAC(a[9], a[26]); SQRADDAC(a[10], a[25]); SQRADDAC(a[11], a[24]); SQRADDAC(a[12], a[23]); SQRADDAC(a[13], a[22]); SQRADDAC(a[14], a[21]); SQRADDAC(a[15], a[20]); SQRADDAC(a[16], a[19]); SQRADDAC(a[17], a[18]); SQRADDDB; 
+   COMBA_STORE(b[35]);
+
+   /* output 36 */
+   CARRY_FORWARD;
+   SQRADDSC(a[5], a[31]); SQRADDAC(a[6], a[30]); SQRADDAC(a[7], a[29]); SQRADDAC(a[8], a[28]); SQRADDAC(a[9], a[27]); SQRADDAC(a[10], a[26]); SQRADDAC(a[11], a[25]); SQRADDAC(a[12], a[24]); SQRADDAC(a[13], a[23]); SQRADDAC(a[14], a[22]); SQRADDAC(a[15], a[21]); SQRADDAC(a[16], a[20]); SQRADDAC(a[17], a[19]); SQRADDDB; SQRADD(a[18], a[18]); 
+   COMBA_STORE(b[36]);
+
+   /* output 37 */
+   CARRY_FORWARD;
+   SQRADDSC(a[6], a[31]); SQRADDAC(a[7], a[30]); SQRADDAC(a[8], a[29]); SQRADDAC(a[9], a[28]); SQRADDAC(a[10], a[27]); SQRADDAC(a[11], a[26]); SQRADDAC(a[12], a[25]); SQRADDAC(a[13], a[24]); SQRADDAC(a[14], a[23]); SQRADDAC(a[15], a[22]); SQRADDAC(a[16], a[21]); SQRADDAC(a[17], a[20]); SQRADDAC(a[18], a[19]); SQRADDDB; 
+   COMBA_STORE(b[37]);
+
+   /* output 38 */
+   CARRY_FORWARD;
+   SQRADDSC(a[7], a[31]); SQRADDAC(a[8], a[30]); SQRADDAC(a[9], a[29]); SQRADDAC(a[10], a[28]); SQRADDAC(a[11], a[27]); SQRADDAC(a[12], a[26]); SQRADDAC(a[13], a[25]); SQRADDAC(a[14], a[24]); SQRADDAC(a[15], a[23]); SQRADDAC(a[16], a[22]); SQRADDAC(a[17], a[21]); SQRADDAC(a[18], a[20]); SQRADDDB; SQRADD(a[19], a[19]); 
+   COMBA_STORE(b[38]);
+
+   /* output 39 */
+   CARRY_FORWARD;
+   SQRADDSC(a[8], a[31]); SQRADDAC(a[9], a[30]); SQRADDAC(a[10], a[29]); SQRADDAC(a[11], a[28]); SQRADDAC(a[12], a[27]); SQRADDAC(a[13], a[26]); SQRADDAC(a[14], a[25]); SQRADDAC(a[15], a[24]); SQRADDAC(a[16], a[23]); SQRADDAC(a[17], a[22]); SQRADDAC(a[18], a[21]); SQRADDAC(a[19], a[20]); SQRADDDB; 
+   COMBA_STORE(b[39]);
+
+   /* output 40 */
+   CARRY_FORWARD;
+   SQRADDSC(a[9], a[31]); SQRADDAC(a[10], a[30]); SQRADDAC(a[11], a[29]); SQRADDAC(a[12], a[28]); SQRADDAC(a[13], a[27]); SQRADDAC(a[14], a[26]); SQRADDAC(a[15], a[25]); SQRADDAC(a[16], a[24]); SQRADDAC(a[17], a[23]); SQRADDAC(a[18], a[22]); SQRADDAC(a[19], a[21]); SQRADDDB; SQRADD(a[20], a[20]); 
+   COMBA_STORE(b[40]);
+
+   /* output 41 */
+   CARRY_FORWARD;
+   SQRADDSC(a[10], a[31]); SQRADDAC(a[11], a[30]); SQRADDAC(a[12], a[29]); SQRADDAC(a[13], a[28]); SQRADDAC(a[14], a[27]); SQRADDAC(a[15], a[26]); SQRADDAC(a[16], a[25]); SQRADDAC(a[17], a[24]); SQRADDAC(a[18], a[23]); SQRADDAC(a[19], a[22]); SQRADDAC(a[20], a[21]); SQRADDDB; 
+   COMBA_STORE(b[41]);
+
+   /* output 42 */
+   CARRY_FORWARD;
+   SQRADDSC(a[11], a[31]); SQRADDAC(a[12], a[30]); SQRADDAC(a[13], a[29]); SQRADDAC(a[14], a[28]); SQRADDAC(a[15], a[27]); SQRADDAC(a[16], a[26]); SQRADDAC(a[17], a[25]); SQRADDAC(a[18], a[24]); SQRADDAC(a[19], a[23]); SQRADDAC(a[20], a[22]); SQRADDDB; SQRADD(a[21], a[21]); 
+   COMBA_STORE(b[42]);
+
+   /* output 43 */
+   CARRY_FORWARD;
+   SQRADDSC(a[12], a[31]); SQRADDAC(a[13], a[30]); SQRADDAC(a[14], a[29]); SQRADDAC(a[15], a[28]); SQRADDAC(a[16], a[27]); SQRADDAC(a[17], a[26]); SQRADDAC(a[18], a[25]); SQRADDAC(a[19], a[24]); SQRADDAC(a[20], a[23]); SQRADDAC(a[21], a[22]); SQRADDDB; 
+   COMBA_STORE(b[43]);
+
+   /* output 44 */
+   CARRY_FORWARD;
+   SQRADDSC(a[13], a[31]); SQRADDAC(a[14], a[30]); SQRADDAC(a[15], a[29]); SQRADDAC(a[16], a[28]); SQRADDAC(a[17], a[27]); SQRADDAC(a[18], a[26]); SQRADDAC(a[19], a[25]); SQRADDAC(a[20], a[24]); SQRADDAC(a[21], a[23]); SQRADDDB; SQRADD(a[22], a[22]); 
+   COMBA_STORE(b[44]);
+
+   /* output 45 */
+   CARRY_FORWARD;
+   SQRADDSC(a[14], a[31]); SQRADDAC(a[15], a[30]); SQRADDAC(a[16], a[29]); SQRADDAC(a[17], a[28]); SQRADDAC(a[18], a[27]); SQRADDAC(a[19], a[26]); SQRADDAC(a[20], a[25]); SQRADDAC(a[21], a[24]); SQRADDAC(a[22], a[23]); SQRADDDB; 
+   COMBA_STORE(b[45]);
+
+   /* output 46 */
+   CARRY_FORWARD;
+   SQRADDSC(a[15], a[31]); SQRADDAC(a[16], a[30]); SQRADDAC(a[17], a[29]); SQRADDAC(a[18], a[28]); SQRADDAC(a[19], a[27]); SQRADDAC(a[20], a[26]); SQRADDAC(a[21], a[25]); SQRADDAC(a[22], a[24]); SQRADDDB; SQRADD(a[23], a[23]); 
+   COMBA_STORE(b[46]);
+
+   /* output 47 */
+   CARRY_FORWARD;
+   SQRADDSC(a[16], a[31]); SQRADDAC(a[17], a[30]); SQRADDAC(a[18], a[29]); SQRADDAC(a[19], a[28]); SQRADDAC(a[20], a[27]); SQRADDAC(a[21], a[26]); SQRADDAC(a[22], a[25]); SQRADDAC(a[23], a[24]); SQRADDDB; 
+   COMBA_STORE(b[47]);
+
+   /* output 48 */
+   CARRY_FORWARD;
+   SQRADDSC(a[17], a[31]); SQRADDAC(a[18], a[30]); SQRADDAC(a[19], a[29]); SQRADDAC(a[20], a[28]); SQRADDAC(a[21], a[27]); SQRADDAC(a[22], a[26]); SQRADDAC(a[23], a[25]); SQRADDDB; SQRADD(a[24], a[24]); 
+   COMBA_STORE(b[48]);
+
+   /* output 49 */
+   CARRY_FORWARD;
+   SQRADDSC(a[18], a[31]); SQRADDAC(a[19], a[30]); SQRADDAC(a[20], a[29]); SQRADDAC(a[21], a[28]); SQRADDAC(a[22], a[27]); SQRADDAC(a[23], a[26]); SQRADDAC(a[24], a[25]); SQRADDDB; 
+   COMBA_STORE(b[49]);
+
+   /* output 50 */
+   CARRY_FORWARD;
+   SQRADDSC(a[19], a[31]); SQRADDAC(a[20], a[30]); SQRADDAC(a[21], a[29]); SQRADDAC(a[22], a[28]); SQRADDAC(a[23], a[27]); SQRADDAC(a[24], a[26]); SQRADDDB; SQRADD(a[25], a[25]); 
+   COMBA_STORE(b[50]);
+
+   /* output 51 */
+   CARRY_FORWARD;
+   SQRADDSC(a[20], a[31]); SQRADDAC(a[21], a[30]); SQRADDAC(a[22], a[29]); SQRADDAC(a[23], a[28]); SQRADDAC(a[24], a[27]); SQRADDAC(a[25], a[26]); SQRADDDB; 
+   COMBA_STORE(b[51]);
+
+   /* output 52 */
+   CARRY_FORWARD;
+   SQRADDSC(a[21], a[31]); SQRADDAC(a[22], a[30]); SQRADDAC(a[23], a[29]); SQRADDAC(a[24], a[28]); SQRADDAC(a[25], a[27]); SQRADDDB; SQRADD(a[26], a[26]); 
+   COMBA_STORE(b[52]);
+
+   /* output 53 */
+   CARRY_FORWARD;
+   SQRADDSC(a[22], a[31]); SQRADDAC(a[23], a[30]); SQRADDAC(a[24], a[29]); SQRADDAC(a[25], a[28]); SQRADDAC(a[26], a[27]); SQRADDDB; 
+   COMBA_STORE(b[53]);
+
+   /* output 54 */
+   CARRY_FORWARD;
+   SQRADDSC(a[23], a[31]); SQRADDAC(a[24], a[30]); SQRADDAC(a[25], a[29]); SQRADDAC(a[26], a[28]); SQRADDDB; SQRADD(a[27], a[27]); 
+   COMBA_STORE(b[54]);
+
+   /* output 55 */
+   CARRY_FORWARD;
+   SQRADDSC(a[24], a[31]); SQRADDAC(a[25], a[30]); SQRADDAC(a[26], a[29]); SQRADDAC(a[27], a[28]); SQRADDDB; 
+   COMBA_STORE(b[55]);
+
+   /* output 56 */
+   CARRY_FORWARD;
+   SQRADDSC(a[25], a[31]); SQRADDAC(a[26], a[30]); SQRADDAC(a[27], a[29]); SQRADDDB; SQRADD(a[28], a[28]); 
+   COMBA_STORE(b[56]);
+
+   /* output 57 */
+   CARRY_FORWARD;
+   SQRADDSC(a[26], a[31]); SQRADDAC(a[27], a[30]); SQRADDAC(a[28], a[29]); SQRADDDB; 
+   COMBA_STORE(b[57]);
+
+   /* output 58 */
+   CARRY_FORWARD;
+   SQRADD2(a[27], a[31]); SQRADD2(a[28], a[30]); SQRADD(a[29], a[29]); 
+   COMBA_STORE(b[58]);
+
+   /* output 59 */
+   CARRY_FORWARD;
+   SQRADD2(a[28], a[31]); SQRADD2(a[29], a[30]); 
+   COMBA_STORE(b[59]);
+
+   /* output 60 */
+   CARRY_FORWARD;
+   SQRADD2(a[29], a[31]); SQRADD(a[30], a[30]); 
+   COMBA_STORE(b[60]);
+
+   /* output 61 */
+   CARRY_FORWARD;
+   SQRADD2(a[30], a[31]); 
+   COMBA_STORE(b[61]);
+
+   /* output 62 */
+   CARRY_FORWARD;
+   SQRADD(a[31], a[31]); 
+   COMBA_STORE(b[62]);
+   COMBA_STORE2(b[63]);
+   COMBA_FINI;
+
+   B->used = 64;
+   B->sign = ZPOS;
+   memcpy(B->dp, b, 64 * sizeof(mp_digit));
+   mp_clamp(B);
+}
diff --git a/security/nss/lib/freebl/mpi/mp_comba_amd64_sun.s b/security/nss/lib/freebl/mpi/mp_comba_amd64_sun.s
new file mode 100644
index 000000000..a5181df33
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mp_comba_amd64_sun.s
@@ -0,0 +1,16097 @@
+//* TomsFastMath, a fast ISO C bignum library.
+/ * 
+/ * This project is meant to fill in where LibTomMath
+/ * falls short.  That is speed ;-)
+/ *
+/ * This project is public domain and free for all purposes.
+/ * 
+/ * Tom St Denis, tomstdenis@iahu.ca
+/ */
+
+//*
+/ * The source file from which this assembly was derived
+/ * comes from TFM v0.03, which has the above license.
+/ * This source was compiled with an unnamed compiler at
+/ * the highest optimization level.  Afterwards, the
+/ * trailing .section was removed because it causes errors
+/ * in the Studio 10 compiler on AMD 64.
+/ */
+
+       	.file	"mp_comba.c"
+	.text
+	.align 16
+.globl s_mp_mul_comba_4
+	.type	s_mp_mul_comba_4, @function
+s_mp_mul_comba_4:
+.LFB2:
+	pushq	%r12
+.LCFI0:
+	pushq	%rbp
+.LCFI1:
+	pushq	%rbx
+.LCFI2:
+	movq	16(%rdi), %r9
+	movq	%rdx, %rbx
+	movq	16(%rsi), %rdx
+	movq	(%r9), %rax
+	movq	%rax, -64(%rsp)
+	movq	8(%r9), %r8
+	movq	%r8, -56(%rsp)
+	movq	16(%r9), %rbp
+	movq	%rbp, -48(%rsp)
+	movq	24(%r9), %r12
+	movq	%r12, -40(%rsp)
+	movq	(%rdx), %rcx
+	movq	%rcx, -32(%rsp)
+	movq	8(%rdx), %r10
+	movq	%r10, -24(%rsp)
+	movq	16(%rdx), %r11
+	xorl	%r10d, %r10d
+	movq	%r10, %r8
+	movq	%r10, %r9
+	movq	%r10, %rbp
+	movq	%r11, -16(%rsp)
+	movq	16(%rbx), %r11
+	movq	24(%rdx), %rax
+	movq	%rax, -8(%rsp)
+/APP
+	movq  -64(%rsp),%rax     
+	mulq  -32(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rbp        
+	
+/NO_APP
+	movq	%r8, (%r11)
+	movq	%rbp, %r8
+	movq	%r10, %rbp
+/APP
+	movq  -64(%rsp),%rax     
+	mulq  -24(%rsp)           
+	addq  %rax,%r9     
+	adcq  %rdx,%r8     
+	adcq  $0,%rbp        
+	
+/NO_APP
+	movq	%rbp, %r12
+/APP
+	movq  -56(%rsp),%rax     
+	mulq  -32(%rsp)           
+	addq  %rax,%r9     
+	adcq  %rdx,%r8     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r9, 8(%r11)
+	movq	%r12, %r9
+	movq	%r10, %r12
+/APP
+	movq  -64(%rsp),%rax     
+	mulq  -16(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r12, %rcx
+/APP
+	movq  -56(%rsp),%rax     
+	mulq  -24(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  -48(%rsp),%rax     
+	mulq  -32(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 16(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -64(%rsp),%rax     
+	mulq  -8(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -56(%rsp),%rax     
+	mulq  -16(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -48(%rsp),%rax     
+	mulq  -24(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  -40(%rsp),%rax     
+	mulq  -32(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 24(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -56(%rsp),%rax     
+	mulq  -8(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -48(%rsp),%rax     
+	mulq  -16(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  -40(%rsp),%rax     
+	mulq  -24(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 32(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -48(%rsp),%rax     
+	mulq  -8(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r8, %r12
+	movq	%r9, %rbp
+/APP
+	movq  -40(%rsp),%rax     
+	mulq  -16(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 40(%r11)
+	movq	%rbp, %r8
+	movq	%r12, %rcx
+/APP
+	movq  -40(%rsp),%rax     
+	mulq  -8(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rcx     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%r8, 48(%r11)
+	movl	(%rsi), %esi
+	xorl	(%rdi), %esi
+	testq	%rcx, %rcx
+	movq	%rcx, 56(%r11)
+	movl	$8, 8(%rbx)
+	jne	.L9
+	.align 16
+.L18:
+	movl	8(%rbx), %edx
+	leal	-1(%rdx), %edi
+	testl	%edi, %edi
+	movl	%edi, 8(%rbx)
+	je	.L9
+	leal	-2(%rdx), %r10d
+	cmpq	$0, (%r11,%r10,8)
+	je	.L18
+.L9:
+	movl	8(%rbx), %edx
+	xorl	%r11d, %r11d
+	testl	%edx, %edx
+	cmovne	%esi, %r11d
+	movl	%r11d, (%rbx)
+	popq	%rbx
+	popq	%rbp
+	popq	%r12
+	ret
+.LFE2:
+	.size	s_mp_mul_comba_4, .-s_mp_mul_comba_4
+	.align 16
+.globl s_mp_mul_comba_8
+	.type	s_mp_mul_comba_8, @function
+s_mp_mul_comba_8:
+.LFB3:
+	pushq	%r12
+.LCFI3:
+	pushq	%rbp
+.LCFI4:
+	pushq	%rbx
+.LCFI5:
+	movq	%rdx, %rbx
+	subq	$8, %rsp
+.LCFI6:
+	movq	16(%rdi), %rdx
+	movq	(%rdx), %r8
+	movq	%r8, -120(%rsp)
+	movq	8(%rdx), %rbp
+	movq	%rbp, -112(%rsp)
+	movq	16(%rdx), %r9
+	movq	%r9, -104(%rsp)
+	movq	24(%rdx), %r12
+	movq	%r12, -96(%rsp)
+	movq	32(%rdx), %rcx
+	movq	%rcx, -88(%rsp)
+	movq	40(%rdx), %r10
+	movq	%r10, -80(%rsp)
+	movq	48(%rdx), %r11
+	movq	%r11, -72(%rsp)
+	movq	56(%rdx), %rax
+	movq	16(%rsi), %rdx
+	movq	%rax, -64(%rsp)
+	movq	(%rdx), %r8
+	movq	%r8, -56(%rsp)
+	movq	8(%rdx), %rbp
+	movq	%rbp, -48(%rsp)
+	movq	16(%rdx), %r9
+	movq	%r9, -40(%rsp)
+	movq	24(%rdx), %r12
+	movq	%r12, -32(%rsp)
+	movq	32(%rdx), %rcx
+	movq	%rcx, -24(%rsp)
+	movq	40(%rdx), %r10
+	movq	%r10, -16(%rsp)
+	movq	48(%rdx), %r11
+	xorl	%r10d, %r10d
+	movq	%r10, %r8
+	movq	%r10, %r9
+	movq	%r10, %rbp
+	movq	%r11, -8(%rsp)
+	movq	16(%rbx), %r11
+	movq	56(%rdx), %rax
+	movq	%rax, (%rsp)
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  -56(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rbp        
+	
+/NO_APP
+	movq	%r8, (%r11)
+	movq	%rbp, %r8
+	movq	%r10, %rbp
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  -48(%rsp)           
+	addq  %rax,%r9     
+	adcq  %rdx,%r8     
+	adcq  $0,%rbp        
+	
+/NO_APP
+	movq	%rbp, %r12
+/APP
+	movq  -112(%rsp),%rax     
+	mulq  -56(%rsp)           
+	addq  %rax,%r9     
+	adcq  %rdx,%r8     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r9, 8(%r11)
+	movq	%r12, %r9
+	movq	%r10, %r12
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  -40(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r12, %rcx
+/APP
+	movq  -112(%rsp),%rax     
+	mulq  -48(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  -104(%rsp),%rax     
+	mulq  -56(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 16(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  -32(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -112(%rsp),%rax     
+	mulq  -40(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -104(%rsp),%rax     
+	mulq  -48(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  -96(%rsp),%rax     
+	mulq  -56(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 24(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  -24(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -112(%rsp),%rax     
+	mulq  -32(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -104(%rsp),%rax     
+	mulq  -40(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -96(%rsp),%rax     
+	mulq  -48(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  -88(%rsp),%rax     
+	mulq  -56(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 32(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  -16(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -112(%rsp),%rax     
+	mulq  -24(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -104(%rsp),%rax     
+	mulq  -32(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -96(%rsp),%rax     
+	mulq  -40(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -88(%rsp),%rax     
+	mulq  -48(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  -80(%rsp),%rax     
+	mulq  -56(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 40(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  -8(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -112(%rsp),%rax     
+	mulq  -16(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -104(%rsp),%rax     
+	mulq  -24(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -96(%rsp),%rax     
+	mulq  -32(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -88(%rsp),%rax     
+	mulq  -40(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -80(%rsp),%rax     
+	mulq  -48(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  -72(%rsp),%rax     
+	mulq  -56(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 48(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  (%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -112(%rsp),%rax     
+	mulq  -8(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -104(%rsp),%rax     
+	mulq  -16(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -96(%rsp),%rax     
+	mulq  -24(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -88(%rsp),%rax     
+	mulq  -32(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -80(%rsp),%rax     
+	mulq  -40(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -72(%rsp),%rax     
+	mulq  -48(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  -64(%rsp),%rax     
+	mulq  -56(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 56(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -112(%rsp),%rax     
+	mulq  (%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -104(%rsp),%rax     
+	mulq  -8(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -96(%rsp),%rax     
+	mulq  -16(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -88(%rsp),%rax     
+	mulq  -24(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -80(%rsp),%rax     
+	mulq  -32(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -72(%rsp),%rax     
+	mulq  -40(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  -64(%rsp),%rax     
+	mulq  -48(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 64(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -104(%rsp),%rax     
+	mulq  (%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -96(%rsp),%rax     
+	mulq  -8(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -88(%rsp),%rax     
+	mulq  -16(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -80(%rsp),%rax     
+	mulq  -24(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -72(%rsp),%rax     
+	mulq  -32(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  -64(%rsp),%rax     
+	mulq  -40(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 72(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -96(%rsp),%rax     
+	mulq  (%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -88(%rsp),%rax     
+	mulq  -8(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -80(%rsp),%rax     
+	mulq  -16(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -72(%rsp),%rax     
+	mulq  -24(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  -64(%rsp),%rax     
+	mulq  -32(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 80(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -88(%rsp),%rax     
+	mulq  (%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -80(%rsp),%rax     
+	mulq  -8(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -72(%rsp),%rax     
+	mulq  -16(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  -64(%rsp),%rax     
+	mulq  -24(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 88(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -80(%rsp),%rax     
+	mulq  (%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -72(%rsp),%rax     
+	mulq  -8(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  -64(%rsp),%rax     
+	mulq  -16(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 96(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -72(%rsp),%rax     
+	mulq  (%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r8, %r12
+	movq	%r9, %rbp
+/APP
+	movq  -64(%rsp),%rax     
+	mulq  -8(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 104(%r11)
+	movq	%rbp, %r8
+	movq	%r12, %rcx
+/APP
+	movq  -64(%rsp),%rax     
+	mulq  (%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rcx     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%r8, 112(%r11)
+	movl	(%rsi), %esi
+	xorl	(%rdi), %esi
+	testq	%rcx, %rcx
+	movq	%rcx, 120(%r11)
+	movl	$16, 8(%rbx)
+	jne	.L35
+	.align 16
+.L43:
+	movl	8(%rbx), %edx
+	leal	-1(%rdx), %edi
+	testl	%edi, %edi
+	movl	%edi, 8(%rbx)
+	je	.L35
+	leal	-2(%rdx), %eax
+	cmpq	$0, (%r11,%rax,8)
+	je	.L43
+.L35:
+	movl	8(%rbx), %r11d
+	xorl	%edx, %edx
+	testl	%r11d, %r11d
+	cmovne	%esi, %edx
+	movl	%edx, (%rbx)
+	addq	$8, %rsp
+	popq	%rbx
+	popq	%rbp
+	popq	%r12
+	ret
+.LFE3:
+	.size	s_mp_mul_comba_8, .-s_mp_mul_comba_8
+	.align 16
+.globl s_mp_mul_comba_16
+	.type	s_mp_mul_comba_16, @function
+s_mp_mul_comba_16:
+.LFB4:
+	pushq	%r12
+.LCFI7:
+	pushq	%rbp
+.LCFI8:
+	pushq	%rbx
+.LCFI9:
+	movq	%rdx, %rbx
+	subq	$136, %rsp
+.LCFI10:
+	movq	16(%rdi), %rax
+	movq	(%rax), %r8
+	movq	%r8, -120(%rsp)
+	movq	8(%rax), %rbp
+	movq	%rbp, -112(%rsp)
+	movq	16(%rax), %r9
+	movq	%r9, -104(%rsp)
+	movq	24(%rax), %r12
+	movq	%r12, -96(%rsp)
+	movq	32(%rax), %rcx
+	movq	%rcx, -88(%rsp)
+	movq	40(%rax), %r10
+	movq	%r10, -80(%rsp)
+	movq	48(%rax), %rdx
+	movq	%rdx, -72(%rsp)
+	movq	56(%rax), %r11
+	movq	%r11, -64(%rsp)
+	movq	64(%rax), %r8
+	movq	%r8, -56(%rsp)
+	movq	72(%rax), %rbp
+	movq	%rbp, -48(%rsp)
+	movq	80(%rax), %r9
+	movq	%r9, -40(%rsp)
+	movq	88(%rax), %r12
+	movq	%r12, -32(%rsp)
+	movq	96(%rax), %rcx
+	movq	%rcx, -24(%rsp)
+	movq	104(%rax), %r10
+	movq	%r10, -16(%rsp)
+	movq	112(%rax), %rdx
+	movq	%rdx, -8(%rsp)
+	movq	120(%rax), %r11
+	movq	%r11, (%rsp)
+	movq	16(%rsi), %r11
+	movq	(%r11), %r8
+	movq	%r8, 8(%rsp)
+	movq	8(%r11), %rbp
+	movq	%rbp, 16(%rsp)
+	movq	16(%r11), %r9
+	movq	%r9, 24(%rsp)
+	movq	24(%r11), %r12
+	movq	%r12, 32(%rsp)
+	movq	32(%r11), %rcx
+	movq	%rcx, 40(%rsp)
+	movq	40(%r11), %r10
+	movq	%r10, 48(%rsp)
+	movq	48(%r11), %rdx
+	movq	%rdx, 56(%rsp)
+	movq	56(%r11), %rax
+	movq	%rax, 64(%rsp)
+	movq	64(%r11), %r8
+	movq	%r8, 72(%rsp)
+	movq	72(%r11), %rbp
+	movq	%rbp, 80(%rsp)
+	movq	80(%r11), %r9
+	movq	%r9, 88(%rsp)
+	movq	88(%r11), %r12
+	movq	%r12, 96(%rsp)
+	movq	96(%r11), %rcx
+	movq	%rcx, 104(%rsp)
+	movq	104(%r11), %r10
+	movq	%r10, 112(%rsp)
+	movq	112(%r11), %rdx
+	xorl	%r10d, %r10d
+	movq	%r10, %r8
+	movq	%r10, %r9
+	movq	%r10, %rbp
+	movq	%rdx, 120(%rsp)
+	movq	120(%r11), %rax
+	movq	%rax, 128(%rsp)
+	movq	16(%rbx), %r11
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rbp        
+	
+/NO_APP
+	movq	%r8, (%r11)
+	movq	%rbp, %r8
+	movq	%r10, %rbp
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%r9     
+	adcq  %rdx,%r8     
+	adcq  $0,%rbp        
+	
+/NO_APP
+	movq	%rbp, %r12
+/APP
+	movq  -112(%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%r9     
+	adcq  %rdx,%r8     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r9, 8(%r11)
+	movq	%r12, %r9
+	movq	%r10, %r12
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r12, %rcx
+/APP
+	movq  -112(%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  -104(%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 16(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -112(%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -104(%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  -96(%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 24(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -112(%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -104(%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -96(%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  -88(%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 32(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -112(%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -104(%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -96(%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -88(%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  -80(%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 40(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -112(%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -104(%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -96(%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -88(%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -80(%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  -72(%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 48(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -112(%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -104(%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -96(%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -88(%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -80(%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -72(%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  -64(%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 56(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -112(%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -104(%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -96(%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -88(%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -80(%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -72(%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -64(%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  -56(%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 64(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -112(%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -104(%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -96(%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -88(%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -80(%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -72(%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -64(%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -56(%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  -48(%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 72(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -112(%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -104(%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -96(%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -88(%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -80(%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -72(%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -64(%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -56(%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -48(%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  -40(%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 80(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -112(%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -104(%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -96(%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -88(%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -80(%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -72(%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -64(%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -56(%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -48(%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -40(%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  -32(%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 88(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -112(%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -104(%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -96(%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -88(%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -80(%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -72(%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -64(%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -56(%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -48(%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -40(%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -32(%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  -24(%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 96(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -112(%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -104(%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -96(%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -88(%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -80(%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -72(%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -64(%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -56(%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -48(%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -40(%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -32(%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -24(%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  -16(%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 104(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -112(%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -104(%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -96(%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -88(%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -80(%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -72(%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -64(%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -56(%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -48(%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -40(%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -32(%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -24(%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -16(%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  -8(%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 112(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -112(%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -104(%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -96(%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -88(%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -80(%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -72(%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -64(%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -56(%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -48(%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -40(%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -32(%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -24(%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -16(%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -8(%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  (%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 120(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -112(%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -104(%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -96(%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -88(%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -80(%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -72(%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -64(%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -56(%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -48(%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -40(%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -32(%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -24(%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -16(%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -8(%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  (%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 128(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -104(%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -96(%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -88(%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -80(%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -72(%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -64(%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -56(%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -48(%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -40(%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -32(%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -24(%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -16(%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -8(%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  (%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 136(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -96(%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -88(%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -80(%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -72(%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -64(%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -56(%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -48(%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -40(%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -32(%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -24(%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -16(%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -8(%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  (%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 144(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -88(%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -80(%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -72(%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -64(%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -56(%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -48(%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -40(%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -32(%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -24(%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -16(%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -8(%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  (%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 152(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -80(%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -72(%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -64(%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -56(%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -48(%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -40(%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -32(%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -24(%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -16(%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -8(%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  (%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 160(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -72(%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -64(%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -56(%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -48(%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -40(%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -32(%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -24(%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -16(%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -8(%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  (%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 168(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -64(%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -56(%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -48(%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -40(%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -32(%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -24(%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -16(%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -8(%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  (%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 176(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -56(%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -48(%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -40(%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -32(%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -24(%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -16(%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -8(%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  (%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 184(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -48(%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -40(%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -32(%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -24(%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -16(%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -8(%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  (%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 192(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -40(%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -32(%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -24(%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -16(%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -8(%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  (%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 200(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -32(%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -24(%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -16(%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -8(%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  (%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 208(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -24(%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -16(%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -8(%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  (%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 216(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -16(%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -8(%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  (%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 224(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -8(%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r8, %r12
+	movq	%r9, %rbp
+/APP
+	movq  (%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 232(%r11)
+	movq	%rbp, %r8
+	movq	%r12, %rcx
+/APP
+	movq  (%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rcx     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%r8, 240(%r11)
+	movl	(%rsi), %esi
+	xorl	(%rdi), %esi
+	testq	%rcx, %rcx
+	movq	%rcx, 248(%r11)
+	movl	$32, 8(%rbx)
+	jne	.L76
+	.align 16
+.L84:
+	movl	8(%rbx), %edx
+	leal	-1(%rdx), %edi
+	testl	%edi, %edi
+	movl	%edi, 8(%rbx)
+	je	.L76
+	leal	-2(%rdx), %eax
+	cmpq	$0, (%r11,%rax,8)
+	je	.L84
+.L76:
+	movl	8(%rbx), %edx
+	xorl	%r11d, %r11d
+	testl	%edx, %edx
+	cmovne	%esi, %r11d
+	movl	%r11d, (%rbx)
+	addq	$136, %rsp
+	popq	%rbx
+	popq	%rbp
+	popq	%r12
+	ret
+.LFE4:
+	.size	s_mp_mul_comba_16, .-s_mp_mul_comba_16
+	.align 16
+.globl s_mp_mul_comba_32
+	.type	s_mp_mul_comba_32, @function
+s_mp_mul_comba_32:
+.LFB5:
+	pushq	%rbp
+.LCFI11:
+	movq	%rsp, %rbp
+.LCFI12:
+	pushq	%r13
+.LCFI13:
+	movq	%rdx, %r13
+	movl	$256, %edx
+	pushq	%r12
+.LCFI14:
+	movq	%rsi, %r12
+	pushq	%rbx
+.LCFI15:
+	movq	%rdi, %rbx
+	subq	$520, %rsp
+.LCFI16:
+	movq	16(%rdi), %rsi
+	leaq	-544(%rbp), %rdi
+	call	memcpy@PLT
+	movq	16(%r12), %rsi
+	leaq	-288(%rbp), %rdi
+	movl	$256, %edx
+	call	memcpy@PLT
+	movq	16(%r13), %r9
+	xorl	%r8d, %r8d
+	movq	%r8, %rsi
+	movq	%r8, %rdi
+	movq	%r8, %r10
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%rsi, (%r9)
+	movq	%r10, %rsi
+	movq	%r8, %r10
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%r10, %r11
+/APP
+	movq  -536(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rdi, 8(%r9)
+	movq	%r11, %rdi
+	movq	%r8, %r11
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r11, %rcx
+/APP
+	movq  -536(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -528(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 16(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -520(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 24(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -512(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 32(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -504(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 40(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -496(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 48(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -488(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 56(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -480(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 64(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -472(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 72(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -464(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 80(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -456(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 88(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -448(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 96(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -440(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 104(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -432(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 112(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -424(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 120(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -416(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 128(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -408(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 136(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -400(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 144(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -392(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 152(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -384(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 160(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -376(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 168(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -368(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 176(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -360(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 184(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -352(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 192(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -344(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 200(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -336(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 208(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -328(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 216(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -320(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 224(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -312(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 232(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -304(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 240(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 248(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -536(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 256(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -528(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 264(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -520(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 272(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -512(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 280(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -504(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 288(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -496(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 296(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -488(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 304(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -480(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 312(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -472(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 320(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -464(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 328(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %r11
+	movq	%r8, %r10
+/APP
+	movq  -456(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -296(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%r11, 336(%r9)
+	movq	%r10, %rsi
+	movq	%r8, %r10
+/APP
+	movq  -448(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%r10, %rcx
+/APP
+	movq  -440(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rsi, %r11
+	movq	%rcx, %r10
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%r11     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%rdi, 344(%r9)
+	movq	%r11, %rcx
+	movq	%r10, %rdi
+	movq	%r8, %r11
+/APP
+	movq  -440(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r11, %rsi
+/APP
+	movq  -432(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 352(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -432(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 360(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -424(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 368(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -416(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 376(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -408(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 384(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -400(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 392(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -392(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 400(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -384(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 408(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -376(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 416(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -368(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 424(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -360(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 432(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -352(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 440(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -344(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 448(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -336(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 456(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -328(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 464(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -320(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 472(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -312(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 480(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -304(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rcx, %r11
+	movq	%rdi, %r10
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 488(%r9)
+	movq	%r10, %rcx
+	movq	%r11, %rsi
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%rcx, 496(%r9)
+	movl	(%r12), %ecx
+	xorl	(%rbx), %ecx
+	testq	%rsi, %rsi
+	movq	%rsi, 504(%r9)
+	movl	$64, 8(%r13)
+	jne	.L149
+	.align 16
+.L157:
+	movl	8(%r13), %edx
+	leal	-1(%rdx), %ebx
+	testl	%ebx, %ebx
+	movl	%ebx, 8(%r13)
+	je	.L149
+	leal	-2(%rdx), %r12d
+	cmpq	$0, (%r9,%r12,8)
+	je	.L157
+.L149:
+	movl	8(%r13), %r9d
+	xorl	%edx, %edx
+	testl	%r9d, %r9d
+	cmovne	%ecx, %edx
+	movl	%edx, (%r13)
+	addq	$520, %rsp
+	popq	%rbx
+	popq	%r12
+	popq	%r13
+	leave
+	ret
+.LFE5:
+	.size	s_mp_mul_comba_32, .-s_mp_mul_comba_32
+	.align 16
+.globl s_mp_sqr_comba_4
+	.type	s_mp_sqr_comba_4, @function
+s_mp_sqr_comba_4:
+.LFB6:
+	pushq	%rbp
+.LCFI17:
+	movq	%rsi, %r11
+	xorl	%esi, %esi
+	movq	%rsi, %r10
+	movq	%rsi, %rbp
+	movq	%rsi, %r8
+	pushq	%rbx
+.LCFI18:
+	movq	%rsi, %rbx
+	movq	16(%rdi), %rcx
+	movq	%rsi, %rdi
+/APP
+	movq  (%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r10     
+	adcq  %rdx,%rbx     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%r10, -72(%rsp)
+/APP
+	movq  (%rcx),%rax     
+	mulq  8(%rcx)           
+	addq  %rax,%rbx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rbp        
+	addq  %rax,%rbx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rbp        
+	
+/NO_APP
+	movq	%rbx, -64(%rsp)
+/APP
+	movq  (%rcx),%rax     
+	mulq  16(%rcx)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r8        
+	addq  %rax,%rdi     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%rbp, %rbx
+	movq	%r8, %rbp
+/APP
+	movq  8(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%rdi     
+	adcq  %rdx,%rbx     
+	adcq  $0,%rbp        
+	
+/NO_APP
+	movq	%rdi, -56(%rsp)
+	movq	%rbp, %r9
+	movq	%rbx, %r8
+	movq	%rsi, %rdi
+/APP
+	movq  (%rcx),%rax     
+	mulq  24(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rdi        
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%r9, %rbx
+	movq	%rdi, %rbp
+/APP
+	movq  8(%rcx),%rax     
+	mulq  16(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbx     
+	adcq  $0,%rbp        
+	addq  %rax,%r8     
+	adcq  %rdx,%rbx     
+	adcq  $0,%rbp        
+	
+/NO_APP
+	movq	%r8, -48(%rsp)
+	movq	%rbp, %r9
+	movq	%rbx, %rdi
+	movq	%rsi, %r8
+	movl	$8, 8(%r11)
+	movl	$0, (%r11)
+/APP
+	movq  8(%rcx),%rax     
+	mulq  24(%rcx)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	addq  %rax,%rdi     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbx
+	movq	%r8, %rbp
+/APP
+	movq  16(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%rdi     
+	adcq  %rdx,%rbx     
+	adcq  $0,%rbp        
+	
+/NO_APP
+	movq	%rbp, %rax
+	movq	%rdi, -40(%rsp)
+	movq	%rbx, %rbp
+	movq	%rax, %rdi
+	movq	%rsi, %rbx
+/APP
+	movq  16(%rcx),%rax     
+	mulq  24(%rcx)           
+	addq  %rax,%rbp     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rbx        
+	addq  %rax,%rbp     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rbx        
+	
+/NO_APP
+	movq	%rbp, -32(%rsp)
+	movq	%rbx, %r9
+/APP
+	movq  24(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%rdi     
+	adcq  %rdx,%r9     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	16(%r11), %rdx
+	movq	%rdi, -24(%rsp)
+	movq	%r9, -16(%rsp)
+	movq	%r10, (%rdx)
+	movq	-64(%rsp), %r8
+	movq	%r8, 8(%rdx)
+	movq	-56(%rsp), %rbp
+	movq	%rbp, 16(%rdx)
+	movq	-48(%rsp), %rdi
+	movq	%rdi, 24(%rdx)
+	movq	-40(%rsp), %rsi
+	movq	%rsi, 32(%rdx)
+	movq	-32(%rsp), %rbx
+	movq	%rbx, 40(%rdx)
+	movq	-24(%rsp), %rcx
+	movq	%rcx, 48(%rdx)
+	movq	-16(%rsp), %rax
+	movq	%rax, 56(%rdx)
+	movl	8(%r11), %edx
+	testl	%edx, %edx
+	je	.L168
+	leal	-1(%rdx), %ecx
+	movq	16(%r11), %rsi
+	mov	%ecx, %r10d
+	cmpq	$0, (%rsi,%r10,8)
+	jne	.L166
+	movl	%ecx, %edx
+	.align 16
+.L167:
+	testl	%edx, %edx
+	movl	%edx, %ecx
+	je	.L171
+	decl	%edx
+	mov	%edx, %eax
+	cmpq	$0, (%rsi,%rax,8)
+	je	.L167
+	movl	%ecx, 8(%r11)
+	movl	%ecx, %edx
+.L166:
+	testl	%edx, %edx
+	je	.L168
+	popq	%rbx
+	popq	%rbp
+	movl	(%r11), %eax
+	movl	%eax, (%r11)
+	ret
+.L171:
+	movl	%edx, 8(%r11)
+	.align 16
+.L168:
+	popq	%rbx
+	popq	%rbp
+	xorl	%eax, %eax
+	movl	%eax, (%r11)
+	ret
+.LFE6:
+	.size	s_mp_sqr_comba_4, .-s_mp_sqr_comba_4
+	.align 16
+.globl s_mp_sqr_comba_8
+	.type	s_mp_sqr_comba_8, @function
+s_mp_sqr_comba_8:
+.LFB7:
+	pushq	%r14
+.LCFI19:
+	xorl	%r9d, %r9d
+	movq	%r9, %r14
+	movq	%r9, %r10
+	pushq	%r13
+.LCFI20:
+	movq	%r9, %r13
+	pushq	%r12
+.LCFI21:
+	movq	%r9, %r12
+	pushq	%rbp
+.LCFI22:
+	movq	%rsi, %rbp
+	movq	%r9, %rsi
+	pushq	%rbx
+.LCFI23:
+	movq	%r9, %rbx
+	subq	$8, %rsp
+.LCFI24:
+	movq	16(%rdi), %rcx
+/APP
+	movq  (%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r14     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r14, -120(%rsp)
+/APP
+	movq  (%rcx),%rax     
+	mulq  8(%rcx)           
+	addq  %rax,%rbx     
+	adcq  %rdx,%r12     
+	adcq  $0,%r10        
+	addq  %rax,%rbx     
+	adcq  %rdx,%r12     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%rbx, -112(%rsp)
+/APP
+	movq  (%rcx),%rax     
+	mulq  16(%rcx)           
+	addq  %rax,%r12     
+	adcq  %rdx,%r10     
+	adcq  $0,%r13        
+	addq  %rax,%r12     
+	adcq  %rdx,%r10     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r10, %rbx
+	movq	%r13, %r10
+	movq	%r9, %r13
+/APP
+	movq  8(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r12     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%r12, -104(%rsp)
+	movq	%r10, %rdi
+	movq	%rbx, %r11
+/APP
+	movq  (%rcx),%rax     
+	mulq  24(%rcx)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %rbx
+	movq	%rsi, %r10
+	movq	%r9, %rdi
+/APP
+	movq  8(%rcx),%rax     
+	mulq  16(%rcx)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r10        
+	addq  %rax,%r11     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%r9, %rsi
+	movq	%r11, -96(%rsp)
+	movq	%r10, %r8
+	movq	%rbx, %r12
+	movq	%r9, %r11
+/APP
+	movq  (%rcx),%rax     
+	mulq  32(%rcx)           
+	addq  %rax,%r12     
+	adcq  %rdx,%r8     
+	adcq  $0,%r13        
+	addq  %rax,%r12     
+	adcq  %rdx,%r8     
+	adcq  $0,%r13        
+	
+	movq  8(%rcx),%rax     
+	mulq  24(%rcx)           
+	addq  %rax,%r12     
+	adcq  %rdx,%r8     
+	adcq  $0,%r13        
+	addq  %rax,%r12     
+	adcq  %rdx,%r8     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r8, %rbx
+	movq	%r13, %r10
+	movq	%r9, %r8
+/APP
+	movq  16(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r12     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%r12, -88(%rsp)
+/APP
+	movq  (%rcx),%rax     
+	mulq  40(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  32(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  24(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	addq %r8,%rbx         
+	adcq %rdi,%r10         
+	adcq %rsi,%r11         
+	addq %r8,%rbx         
+	adcq %rdi,%r10         
+	adcq %rsi,%r11         
+	
+/NO_APP
+	movq	%rbx, -80(%rsp)
+/APP
+	movq  (%rcx),%rax     
+	mulq  48(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  40(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  32(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r9, %rax
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rax         
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rax         
+	
+/NO_APP
+	movq	%rax, %rdx
+	movq	%r11, %rbx
+	movq	%r13, %rdi
+	movq	%rdx, %r11
+	movq	%r12, %rsi
+/APP
+	movq  24(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r10     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r10, -72(%rsp)
+	movq	%r11, %r10
+/APP
+	movq  (%rcx),%rax     
+	mulq  56(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  48(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  40(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  32(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r9, %rax
+/APP
+	addq %r8,%rbx         
+	adcq %rdi,%r10         
+	adcq %rsi,%rax         
+	addq %r8,%rbx         
+	adcq %rdi,%r10         
+	adcq %rsi,%rax         
+	
+/NO_APP
+	movq	%rbx, -64(%rsp)
+	movq	%rax, %r11
+	movq	%r9, %rbx
+/APP
+	movq  8(%rcx),%rax     
+	mulq  56(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  48(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  40(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rbx         
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rbx         
+	
+/NO_APP
+	movq	%rbx, %rsi
+	movq	%r13, %rdi
+	movq	%r11, %rbx
+	movq	%r12, %r13
+	movq	%rsi, %r11
+/APP
+	movq  32(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r10     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r10, -56(%rsp)
+	movq	%r9, %r10
+/APP
+	movq  16(%rcx),%rax     
+	mulq  56(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %r13,%r13        
+	
+	movq  24(%rcx),%rax     
+	mulq  48(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r13        
+	
+	movq  32(%rcx),%rax     
+	mulq  40(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%rdi, %r12
+	movq	%r13, %rax
+/APP
+	addq %r8,%rbx         
+	adcq %r12,%r11         
+	adcq %rax,%r10         
+	addq %r8,%rbx         
+	adcq %r12,%r11         
+	adcq %rax,%r10         
+	
+/NO_APP
+	movq	%rbx, -48(%rsp)
+	movq	%r11, %r12
+	movq	%r10, %rsi
+	movq	%r9, %rbx
+	movq	%r9, %r11
+/APP
+	movq  24(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%r12     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rbx        
+	addq  %rax,%r12     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rbx        
+	
+/NO_APP
+	movq	%rbx, %r13
+/APP
+	movq  32(%rcx),%rax     
+	mulq  48(%rcx)           
+	addq  %rax,%r12     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r13        
+	addq  %rax,%r12     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%rsi, %r10
+	movq	%r13, %rbx
+	movq	%r9, %r13
+/APP
+	movq  40(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r12     
+	adcq  %rdx,%r10     
+	adcq  $0,%rbx        
+	
+/NO_APP
+	movq	%r12, -40(%rsp)
+	movq	%rbx, %r8
+	movq	%r10, %rdi
+/APP
+	movq  32(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%r8     
+	adcq  $0,%r11        
+	addq  %rax,%rdi     
+	adcq  %rdx,%r8     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r8, %r10
+	movq	%r11, %rbx
+/APP
+	movq  40(%rcx),%rax     
+	mulq  48(%rcx)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%r10     
+	adcq  $0,%rbx        
+	addq  %rax,%rdi     
+	adcq  %rdx,%r10     
+	adcq  $0,%rbx        
+	
+/NO_APP
+	movq	%rdi, -32(%rsp)
+	movq	%rbx, %rsi
+	movq	%r10, %r12
+/APP
+	movq  40(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%r12     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r13        
+	addq  %rax,%r12     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%rsi, %r10
+	movq	%r13, %rbx
+/APP
+	movq  48(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r12     
+	adcq  %rdx,%r10     
+	adcq  $0,%rbx        
+	
+/NO_APP
+	movq	%r12, -24(%rsp)
+	movq	%r10, %rdi
+	movq	%rbx, %rsi
+	movq	%r9, %r10
+	movl	$16, 8(%rbp)
+	movl	$0, (%rbp)
+/APP
+	movq  48(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r10        
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%rdi, -16(%rsp)
+	movq	%r10, %r8
+/APP
+	movq  56(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%r9        
+	
+/NO_APP
+	movq	16(%rbp), %rax
+	movq	%rsi, -8(%rsp)
+	movq	%r8, (%rsp)
+	movq	%r14, (%rax)
+	movq	-112(%rsp), %rbx
+	movq	%rbx, 8(%rax)
+	movq	-104(%rsp), %rcx
+	movq	%rcx, 16(%rax)
+	movq	-96(%rsp), %rdx
+	movq	%rdx, 24(%rax)
+	movq	-88(%rsp), %r14
+	movq	%r14, 32(%rax)
+	movq	-80(%rsp), %r13
+	movq	%r13, 40(%rax)
+	movq	-72(%rsp), %r12
+	movq	%r12, 48(%rax)
+	movq	-64(%rsp), %r11
+	movq	%r11, 56(%rax)
+	movq	-56(%rsp), %r10
+	movq	%r10, 64(%rax)
+	movq	-48(%rsp), %r9
+	movq	%r9, 72(%rax)
+	movq	-40(%rsp), %r8
+	movq	%r8, 80(%rax)
+	movq	-32(%rsp), %rdi
+	movq	%rdi, 88(%rax)
+	movq	-24(%rsp), %rsi
+	movq	%rsi, 96(%rax)
+	movq	-16(%rsp), %rbx
+	movq	%rbx, 104(%rax)
+	movq	-8(%rsp), %rcx
+	movq	%rcx, 112(%rax)
+	movq	(%rsp), %rdx
+	movq	%rdx, 120(%rax)
+	movl	8(%rbp), %edx
+	testl	%edx, %edx
+	je	.L192
+	leal	-1(%rdx), %ecx
+	movq	16(%rbp), %rsi
+	mov	%ecx, %r14d
+	cmpq	$0, (%rsi,%r14,8)
+	jne	.L190
+	movl	%ecx, %edx
+	.align 16
+.L191:
+	testl	%edx, %edx
+	movl	%edx, %ecx
+	je	.L195
+	decl	%edx
+	mov	%edx, %r9d
+	cmpq	$0, (%rsi,%r9,8)
+	je	.L191
+	movl	%ecx, 8(%rbp)
+	movl	%ecx, %edx
+.L190:
+	testl	%edx, %edx
+	je	.L192
+	movl	(%rbp), %eax
+	movl	%eax, (%rbp)
+	addq	$8, %rsp
+	popq	%rbx
+	popq	%rbp
+	popq	%r12
+	popq	%r13
+	popq	%r14
+	ret
+.L195:
+	movl	%edx, 8(%rbp)
+	.align 16
+.L192:
+	xorl	%eax, %eax
+	movl	%eax, (%rbp)
+	addq	$8, %rsp
+	popq	%rbx
+	popq	%rbp
+	popq	%r12
+	popq	%r13
+	popq	%r14
+	ret
+.LFE7:
+	.size	s_mp_sqr_comba_8, .-s_mp_sqr_comba_8
+	.align 16
+.globl s_mp_sqr_comba_16
+	.type	s_mp_sqr_comba_16, @function
+s_mp_sqr_comba_16:
+.LFB8:
+	pushq	%rbp
+.LCFI25:
+	xorl	%r9d, %r9d
+	movq	%r9, %r8
+	movq	%r9, %r11
+	movq	%rsp, %rbp
+.LCFI26:
+	pushq	%r14
+.LCFI27:
+	movq	%rsi, %r14
+	movq	%r9, %rsi
+	pushq	%r13
+.LCFI28:
+	movq	%r9, %r13
+	pushq	%r12
+.LCFI29:
+	movq	%r9, %r12
+	pushq	%rbx
+.LCFI30:
+	movq	%r9, %rbx
+	subq	$256, %rsp
+.LCFI31:
+	movq	16(%rdi), %rcx
+/APP
+	movq  (%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r8     
+	adcq  %rdx,%rbx     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r8, -288(%rbp)
+/APP
+	movq  (%rcx),%rax     
+	mulq  8(%rcx)           
+	addq  %rax,%rbx     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r12        
+	addq  %rax,%rbx     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rbx, -280(%rbp)
+/APP
+	movq  (%rcx),%rax     
+	mulq  16(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	addq  %rax,%rsi     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r12, %rbx
+	movq	%r13, %r10
+/APP
+	movq  8(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%rsi     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%rsi, -272(%rbp)
+	movq	%r10, %rdi
+	movq	%r9, %rsi
+	movq	%rbx, %r10
+/APP
+	movq  (%rcx),%rax     
+	mulq  24(%rcx)           
+	addq  %rax,%r10     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r11        
+	addq  %rax,%r10     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rdi, %r12
+	movq	%r11, %rbx
+	movq	%r9, %rdi
+/APP
+	movq  8(%rcx),%rax     
+	mulq  16(%rcx)           
+	addq  %rax,%r10     
+	adcq  %rdx,%r12     
+	adcq  $0,%rbx        
+	addq  %rax,%r10     
+	adcq  %rdx,%r12     
+	adcq  $0,%rbx        
+	
+/NO_APP
+	movq	%r9, %r11
+	movq	%r10, -264(%rbp)
+	movq	%rbx, %r8
+	movq	%r12, %r13
+	movq	%r9, %r12
+/APP
+	movq  (%rcx),%rax     
+	mulq  32(%rcx)           
+	addq  %rax,%r13     
+	adcq  %rdx,%r8     
+	adcq  $0,%r12        
+	addq  %rax,%r13     
+	adcq  %rdx,%r8     
+	adcq  $0,%r12        
+	
+	movq  8(%rcx),%rax     
+	mulq  24(%rcx)           
+	addq  %rax,%r13     
+	adcq  %rdx,%r8     
+	adcq  $0,%r12        
+	addq  %rax,%r13     
+	adcq  %rdx,%r8     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, %rbx
+	movq	%r12, %r10
+	movq	%r9, %r8
+/APP
+	movq  16(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r13     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%r13, -256(%rbp)
+/APP
+	movq  (%rcx),%rax     
+	mulq  40(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  32(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  24(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	addq %r8,%rbx         
+	adcq %rdi,%r10         
+	adcq %rsi,%r11         
+	addq %r8,%rbx         
+	adcq %rdi,%r10         
+	adcq %rsi,%r11         
+	
+/NO_APP
+	movq	%rbx, -248(%rbp)
+/APP
+	movq  (%rcx),%rax     
+	mulq  48(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  40(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  32(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r9, %rax
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rax         
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rax         
+	
+/NO_APP
+	movq	%rax, %rdx
+	movq	%r11, %rbx
+	movq	%r13, %rdi
+	movq	%rdx, %r11
+	movq	%r12, %rsi
+/APP
+	movq  24(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r10     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r10, -240(%rbp)
+	movq	%r11, %r10
+/APP
+	movq  (%rcx),%rax     
+	mulq  56(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  48(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  40(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  32(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r9, %rdx
+/APP
+	addq %r8,%rbx         
+	adcq %rdi,%r10         
+	adcq %rsi,%rdx         
+	addq %r8,%rbx         
+	adcq %rdi,%r10         
+	adcq %rsi,%rdx         
+	
+/NO_APP
+	movq	%rdx, %r11
+	movq	%rbx, -232(%rbp)
+	movq	%r9, %rbx
+/APP
+	movq  (%rcx),%rax     
+	mulq  64(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  48(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  40(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rbx         
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rbx         
+	
+	movq  32(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r10     
+	adcq  %rdx,%r11     
+	adcq  $0,%rbx        
+	
+/NO_APP
+	movq	%r13, %rdi
+	movq	%r10, -224(%rbp)
+	movq	%r12, %rsi
+	movq	%rbx, %r10
+	movq	%r9, %r12
+/APP
+	movq  (%rcx),%rax     
+	mulq  72(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  64(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  48(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  40(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	addq %r8,%r11         
+	adcq %rdi,%r10         
+	adcq %rsi,%r12         
+	addq %r8,%r11         
+	adcq %rdi,%r10         
+	adcq %rsi,%r12         
+	
+/NO_APP
+	movq	%r11, -216(%rbp)
+	movq	%r12, %rbx
+/APP
+	movq  (%rcx),%rax     
+	mulq  80(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  64(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  48(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r9, %rax
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r10         
+	adcq %r13,%rbx         
+	adcq %r12,%rax         
+	addq %r8,%r10         
+	adcq %r13,%rbx         
+	adcq %r12,%rax         
+	
+/NO_APP
+	movq	%rax, %rdx
+	movq	%rbx, %r11
+	movq	%r13, %rdi
+	movq	%rdx, %rbx
+	movq	%r12, %rsi
+/APP
+	movq  40(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r10     
+	adcq  %rdx,%r11     
+	adcq  $0,%rbx        
+	
+/NO_APP
+	movq	%r10, -208(%rbp)
+	movq	%rbx, %r10
+/APP
+	movq  (%rcx),%rax     
+	mulq  88(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  64(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  48(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r9, %rdx
+/APP
+	addq %r8,%r11         
+	adcq %rdi,%r10         
+	adcq %rsi,%rdx         
+	addq %r8,%r11         
+	adcq %rdi,%r10         
+	adcq %rsi,%rdx         
+	
+/NO_APP
+	movq	%rdx, %r13
+	movq	%r11, -200(%rbp)
+	movq	%r13, %r12
+/APP
+	movq  (%rcx),%rax     
+	mulq  96(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  64(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r9, %rax
+	movq	%rdi, %rdx
+	movq	%rsi, %r11
+/APP
+	addq %r8,%r10         
+	adcq %rdx,%r12         
+	adcq %r11,%rax         
+	addq %r8,%r10         
+	adcq %rdx,%r12         
+	adcq %r11,%rax         
+	
+/NO_APP
+	movq	%rdx, %rbx
+	movq	%rax, %r13
+	movq	%r11, %rsi
+/APP
+	movq  48(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r10     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%rbx, %rdi
+	movq	%r10, -192(%rbp)
+	movq	%r13, %r10
+/APP
+	movq  (%rcx),%rax     
+	mulq  104(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+/NO_APP
+	movq	%r9, %r13
+/APP
+	movq  8(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  64(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  48(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	addq %r8,%r12         
+	adcq %rdi,%r10         
+	adcq %rsi,%r13         
+	addq %r8,%r12         
+	adcq %rdi,%r10         
+	adcq %rsi,%r13         
+	
+/NO_APP
+	movq	%r12, -184(%rbp)
+	movq	%r13, %r12
+/APP
+	movq  (%rcx),%rax     
+	mulq  112(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  48(%rcx),%rax     
+	mulq  64(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r9, %rax
+	movq	%rdi, %rbx
+	movq	%rsi, %rdx
+/APP
+	addq %r8,%r10         
+	adcq %rbx,%r12         
+	adcq %rdx,%rax         
+	addq %r8,%r10         
+	adcq %rbx,%r12         
+	adcq %rdx,%rax         
+	
+/NO_APP
+	movq	%rdx, %r11
+	movq	%rax, %r13
+	movq	%rbx, %rdi
+/APP
+	movq  56(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r10     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r11, %rsi
+	movq	%r10, -176(%rbp)
+	movq	%r13, %r10
+/APP
+	movq  (%rcx),%rax     
+	mulq  120(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+/NO_APP
+	movq	%r9, %r13
+/APP
+	movq  8(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  48(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  56(%rcx),%rax     
+	mulq  64(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	addq %r8,%r12         
+	adcq %rdi,%r10         
+	adcq %rsi,%r13         
+	addq %r8,%r12         
+	adcq %rdi,%r10         
+	adcq %rsi,%r13         
+	
+/NO_APP
+	movq	%r12, -168(%rbp)
+	movq	%r13, %r12
+/APP
+	movq  8(%rcx),%rax     
+	mulq  120(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  48(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  56(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r9, %rax
+	movq	%rdi, %rbx
+	movq	%rsi, %rdx
+/APP
+	addq %r8,%r10         
+	adcq %rbx,%r12         
+	adcq %rdx,%rax         
+	addq %r8,%r10         
+	adcq %rbx,%r12         
+	adcq %rdx,%rax         
+	
+/NO_APP
+	movq	%rdx, %r11
+	movq	%rax, %r13
+	movq	%rbx, %rdi
+/APP
+	movq  64(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r10     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r11, %rsi
+	movq	%r10, -160(%rbp)
+	movq	%r9, %r11
+/APP
+	movq  16(%rcx),%rax     
+	mulq  120(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+/NO_APP
+	movq	%r13, %r10
+	movq	%r9, %rbx
+/APP
+	movq  24(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  48(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  56(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  64(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	addq %r8,%r12         
+	adcq %rdi,%r10         
+	adcq %rsi,%r11         
+	addq %r8,%r12         
+	adcq %rdi,%r10         
+	adcq %rsi,%r11         
+	
+/NO_APP
+	movq	%r12, -152(%rbp)
+/APP
+	movq  24(%rcx),%rax     
+	mulq  120(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  48(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  56(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  64(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rbx         
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rbx         
+	
+/NO_APP
+	movq	%rbx, %rdx
+	movq	%r13, %rdi
+	movq	%r11, %rbx
+	movq	%r12, %rsi
+	movq	%rdx, %r11
+	movq	%r9, %r12
+/APP
+	movq  72(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r10     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r10, -144(%rbp)
+	movq	%r11, %r10
+/APP
+	movq  32(%rcx),%rax     
+	mulq  120(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  48(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  56(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  64(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  72(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	addq %r8,%rbx         
+	adcq %rdi,%r10         
+	adcq %rsi,%r12         
+	addq %r8,%rbx         
+	adcq %rdi,%r10         
+	adcq %rsi,%r12         
+	
+/NO_APP
+	movq	%rbx, -136(%rbp)
+	movq	%r12, %r11
+/APP
+	movq  40(%rcx),%rax     
+	mulq  120(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  48(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  56(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  64(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  72(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r9, %rax
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rax         
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rax         
+	
+/NO_APP
+	movq	%rax, %rdx
+	movq	%r11, %rbx
+	movq	%r13, %rdi
+	movq	%rdx, %r11
+	movq	%r12, %rsi
+/APP
+	movq  80(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r10     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r10, -128(%rbp)
+	movq	%r11, %r10
+/APP
+	movq  48(%rcx),%rax     
+	mulq  120(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  56(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  64(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  72(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  80(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r9, %rdx
+/APP
+	addq %r8,%rbx         
+	adcq %rdi,%r10         
+	adcq %rsi,%rdx         
+	addq %r8,%rbx         
+	adcq %rdi,%r10         
+	adcq %rsi,%rdx         
+	
+/NO_APP
+	movq	%rbx, -120(%rbp)
+	movq	%rdx, %r11
+	movq	%r9, %rbx
+/APP
+	movq  56(%rcx),%rax     
+	mulq  120(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  64(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  72(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  80(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rbx         
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rbx         
+	
+/NO_APP
+	movq	%rbx, %rdx
+	movq	%r13, %rdi
+	movq	%r11, %rbx
+	movq	%r12, %rsi
+	movq	%rdx, %r11
+	movq	%r9, %r12
+/APP
+	movq  88(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r10     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r10, -112(%rbp)
+	movq	%r11, %r10
+/APP
+	movq  64(%rcx),%rax     
+	mulq  120(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  72(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  80(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  88(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	addq %r8,%rbx         
+	adcq %rdi,%r10         
+	adcq %rsi,%r12         
+	addq %r8,%rbx         
+	adcq %rdi,%r10         
+	adcq %rsi,%r12         
+	
+/NO_APP
+	movq	%rbx, -104(%rbp)
+	movq	%r12, %r11
+/APP
+	movq  72(%rcx),%rax     
+	mulq  120(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  80(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  88(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r9, %rax
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rax         
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rax         
+	
+/NO_APP
+	movq	%rax, %rdx
+	movq	%r11, %rbx
+	movq	%r13, %rdi
+	movq	%rdx, %r11
+	movq	%r12, %rsi
+/APP
+	movq  96(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r10     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r10, -96(%rbp)
+	movq	%r9, %r10
+/APP
+	movq  80(%rcx),%rax     
+	mulq  120(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  88(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  96(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r12
+	movq	%rsi, %rax
+	movq	%r9, %rsi
+/APP
+	addq %r8,%rbx         
+	adcq %r12,%r11         
+	adcq %rax,%r10         
+	addq %r8,%rbx         
+	adcq %r12,%r11         
+	adcq %rax,%r10         
+	
+/NO_APP
+	movq	%r9, %r12
+	movq	%rbx, -88(%rbp)
+	movq	%r11, %r13
+	movq	%r10, %r11
+/APP
+	movq  88(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%r13     
+	adcq  %rdx,%r11     
+	adcq  $0,%r12        
+	addq  %rax,%r13     
+	adcq  %rdx,%r11     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r12, %rdi
+/APP
+	movq  96(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r13     
+	adcq  %rdx,%r11     
+	adcq  $0,%rdi        
+	addq  %rax,%r13     
+	adcq  %rdx,%r11     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%r11, %rbx
+	movq	%rdi, %r10
+	movq	%r9, %r11
+/APP
+	movq  104(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r13     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%r13, -80(%rbp)
+	movq	%r10, %r8
+	movq	%rbx, %r10
+/APP
+	movq  96(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%r10     
+	adcq  %rdx,%r8     
+	adcq  $0,%rsi        
+	addq  %rax,%r10     
+	adcq  %rdx,%r8     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r8, %r12
+	movq	%rsi, %rbx
+/APP
+	movq  104(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r10     
+	adcq  %rdx,%r12     
+	adcq  $0,%rbx        
+	addq  %rax,%r10     
+	adcq  %rdx,%r12     
+	adcq  $0,%rbx        
+	
+/NO_APP
+	movq	%r10, -72(%rbp)
+	movq	%rbx, %r13
+	movq	%r12, %rbx
+/APP
+	movq  104(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%rbx     
+	adcq  %rdx,%r13     
+	adcq  $0,%r11        
+	addq  %rax,%rbx     
+	adcq  %rdx,%r13     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r11, %r12
+	movq	%r13, %r10
+/APP
+	movq  112(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%rbx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rbx, -64(%rbp)
+	movq	%r10, %rdi
+	movq	%r9, %rbx
+	movq	%r12, %rsi
+/APP
+	movq  112(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rbx        
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rbx        
+	
+/NO_APP
+	movq	%rdi, -56(%rbp)
+	movq	%rbx, %r8
+/APP
+	movq  120(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%r9        
+	
+/NO_APP
+	movq	%rsi, -48(%rbp)
+	movq	16(%r14), %rdi
+	leaq	-288(%rbp), %rsi
+	movl	$256, %edx
+	movq	%r8, -40(%rbp)
+	movl	$32, 8(%r14)
+	movl	$0, (%r14)
+	call	memcpy@PLT
+	movl	8(%r14), %edx
+	testl	%edx, %edx
+	je	.L232
+	leal	-1(%rdx), %ecx
+	movq	16(%r14), %rsi
+	mov	%ecx, %r9d
+	cmpq	$0, (%rsi,%r9,8)
+	jne	.L230
+	movl	%ecx, %edx
+	.align 16
+.L231:
+	testl	%edx, %edx
+	movl	%edx, %ecx
+	je	.L235
+	decl	%edx
+	mov	%edx, %eax
+	cmpq	$0, (%rsi,%rax,8)
+	je	.L231
+	movl	%ecx, 8(%r14)
+	movl	%ecx, %edx
+.L230:
+	testl	%edx, %edx
+	je	.L232
+	movl	(%r14), %eax
+	movl	%eax, (%r14)
+	addq	$256, %rsp
+	popq	%rbx
+	popq	%r12
+	popq	%r13
+	popq	%r14
+	leave
+	ret
+.L235:
+	movl	%edx, 8(%r14)
+	.align 16
+.L232:
+	xorl	%eax, %eax
+	movl	%eax, (%r14)
+	addq	$256, %rsp
+	popq	%rbx
+	popq	%r12
+	popq	%r13
+	popq	%r14
+	leave
+	ret
+.LFE8:
+	.size	s_mp_sqr_comba_16, .-s_mp_sqr_comba_16
+	.align 16
+.globl s_mp_sqr_comba_32
+	.type	s_mp_sqr_comba_32, @function
+s_mp_sqr_comba_32:
+.LFB9:
+	pushq	%rbp
+.LCFI32:
+	xorl	%r10d, %r10d
+	movq	%r10, %r8
+	movq	%r10, %r11
+	movq	%rsp, %rbp
+.LCFI33:
+	pushq	%r14
+.LCFI34:
+	movq	%rsi, %r14
+	movq	%r10, %rsi
+	pushq	%r13
+.LCFI35:
+	movq	%r10, %r13
+	pushq	%r12
+.LCFI36:
+	movq	%r10, %r12
+	pushq	%rbx
+.LCFI37:
+	movq	%r10, %rbx
+	subq	$512, %rsp
+.LCFI38:
+	movq	16(%rdi), %rcx
+/APP
+	movq  (%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r8     
+	adcq  %rdx,%rbx     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r8, -544(%rbp)
+/APP
+	movq  (%rcx),%rax     
+	mulq  8(%rcx)           
+	addq  %rax,%rbx     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r12        
+	addq  %rax,%rbx     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rbx, -536(%rbp)
+/APP
+	movq  (%rcx),%rax     
+	mulq  16(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	addq  %rax,%rsi     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r12, %rbx
+	movq	%r13, %r9
+/APP
+	movq  8(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%rsi     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r9        
+	
+/NO_APP
+	movq	%rsi, -528(%rbp)
+	movq	%r9, %rdi
+	movq	%r10, %rsi
+	movq	%rbx, %r9
+/APP
+	movq  (%rcx),%rax     
+	mulq  24(%rcx)           
+	addq  %rax,%r9     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r11        
+	addq  %rax,%r9     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rdi, %r12
+	movq	%r11, %r13
+	movq	%r10, %rdi
+/APP
+	movq  8(%rcx),%rax     
+	mulq  16(%rcx)           
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r10, %r11
+	movq	%r9, -520(%rbp)
+	movq	%r13, %r8
+	movq	%r12, %r13
+	movq	%r10, %r12
+/APP
+	movq  (%rcx),%rax     
+	mulq  32(%rcx)           
+	addq  %rax,%r13     
+	adcq  %rdx,%r8     
+	adcq  $0,%r12        
+	addq  %rax,%r13     
+	adcq  %rdx,%r8     
+	adcq  $0,%r12        
+	
+	movq  8(%rcx),%rax     
+	mulq  24(%rcx)           
+	addq  %rax,%r13     
+	adcq  %rdx,%r8     
+	adcq  $0,%r12        
+	addq  %rax,%r13     
+	adcq  %rdx,%r8     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, %rbx
+	movq	%r12, %r9
+	movq	%r10, %r8
+/APP
+	movq  16(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r13     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r9        
+	
+/NO_APP
+	movq	%r13, -512(%rbp)
+/APP
+	movq  (%rcx),%rax     
+	mulq  40(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  32(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  24(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	addq %r8,%rbx         
+	adcq %rdi,%r9         
+	adcq %rsi,%r11         
+	addq %r8,%rbx         
+	adcq %rdi,%r9         
+	adcq %rsi,%r11         
+	
+/NO_APP
+	movq	%rbx, -504(%rbp)
+/APP
+	movq  (%rcx),%rax     
+	mulq  48(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  40(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  32(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r10, %rax
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r9         
+	adcq %r13,%r11         
+	adcq %r12,%rax         
+	addq %r8,%r9         
+	adcq %r13,%r11         
+	adcq %r12,%rax         
+	
+/NO_APP
+	movq	%rax, %rdx
+	movq	%r11, %rbx
+	movq	%r13, %rdi
+	movq	%rdx, %r11
+	movq	%r12, %rsi
+/APP
+	movq  24(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r9, -496(%rbp)
+	movq	%r11, %r9
+/APP
+	movq  (%rcx),%rax     
+	mulq  56(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  48(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  40(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  32(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r10, %rdx
+/APP
+	addq %r8,%rbx         
+	adcq %rdi,%r9         
+	adcq %rsi,%rdx         
+	addq %r8,%rbx         
+	adcq %rdi,%r9         
+	adcq %rsi,%rdx         
+	
+/NO_APP
+	movq	%rdx, %r11
+	movq	%rbx, -488(%rbp)
+	movq	%r10, %rbx
+/APP
+	movq  (%rcx),%rax     
+	mulq  64(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  48(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  40(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r9         
+	adcq %r13,%r11         
+	adcq %r12,%rbx         
+	addq %r8,%r9         
+	adcq %r13,%r11         
+	adcq %r12,%rbx         
+	
+	movq  32(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r11     
+	adcq  $0,%rbx        
+	
+/NO_APP
+	movq	%r13, %rdi
+	movq	%r9, -480(%rbp)
+	movq	%r12, %rsi
+	movq	%rbx, %r9
+	movq	%r10, %r12
+/APP
+	movq  (%rcx),%rax     
+	mulq  72(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  64(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  48(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  40(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	addq %r8,%r11         
+	adcq %rdi,%r9         
+	adcq %rsi,%r12         
+	addq %r8,%r11         
+	adcq %rdi,%r9         
+	adcq %rsi,%r12         
+	
+/NO_APP
+	movq	%r11, -472(%rbp)
+	movq	%r12, %rbx
+/APP
+	movq  (%rcx),%rax     
+	mulq  80(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  64(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  48(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r10, %rax
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r9         
+	adcq %r13,%rbx         
+	adcq %r12,%rax         
+	addq %r8,%r9         
+	adcq %r13,%rbx         
+	adcq %r12,%rax         
+	
+/NO_APP
+	movq	%rax, %rdx
+	movq	%rbx, %r11
+	movq	%r13, %rdi
+	movq	%rdx, %rbx
+	movq	%r12, %rsi
+/APP
+	movq  40(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r11     
+	adcq  $0,%rbx        
+	
+/NO_APP
+	movq	%r9, -464(%rbp)
+	movq	%rbx, %r9
+/APP
+	movq  (%rcx),%rax     
+	mulq  88(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  64(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  48(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r10, %rdx
+/APP
+	addq %r8,%r11         
+	adcq %rdi,%r9         
+	adcq %rsi,%rdx         
+	addq %r8,%r11         
+	adcq %rdi,%r9         
+	adcq %rsi,%rdx         
+	
+/NO_APP
+	movq	%rdx, %r13
+	movq	%r11, -456(%rbp)
+	movq	%r13, %r12
+	movq	%r10, %r13
+/APP
+	movq  (%rcx),%rax     
+	mulq  96(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  64(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %rax
+	movq	%rsi, %r11
+/APP
+	addq %r8,%r9         
+	adcq %rax,%r12         
+	adcq %r11,%r13         
+	addq %r8,%r9         
+	adcq %rax,%r12         
+	adcq %r11,%r13         
+	
+/NO_APP
+	movq	%rax, %rbx
+	movq	%r11, %rsi
+/APP
+	movq  48(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%rbx, %rdi
+	movq	%r9, -448(%rbp)
+	movq	%r13, %r9
+/APP
+	movq  (%rcx),%rax     
+	mulq  104(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+/NO_APP
+	movq	%r10, %r13
+/APP
+	movq  8(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  64(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  48(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	addq %r8,%r12         
+	adcq %rdi,%r9         
+	adcq %rsi,%r13         
+	addq %r8,%r12         
+	adcq %rdi,%r9         
+	adcq %rsi,%r13         
+	
+/NO_APP
+	movq	%r12, -440(%rbp)
+	movq	%r10, %r12
+/APP
+	movq  (%rcx),%rax     
+	mulq  112(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  48(%rcx),%rax     
+	mulq  64(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r13, %rdx
+	movq	%rdi, %rbx
+	movq	%rsi, %r13
+/APP
+	addq %r8,%r9         
+	adcq %rbx,%rdx         
+	adcq %r13,%r12         
+	addq %r8,%r9         
+	adcq %rbx,%rdx         
+	adcq %r13,%r12         
+	
+/NO_APP
+	movq	%r12, %rax
+	movq	%r13, %r11
+	movq	%rdx, %r12
+	movq	%rax, %r13
+	movq	%rbx, %rdi
+	movq	%r11, %rsi
+/APP
+	movq  56(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r9, -432(%rbp)
+	movq	%r13, %r9
+	movq	%r10, %r13
+/APP
+	movq  (%rcx),%rax     
+	mulq  120(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  48(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  56(%rcx),%rax     
+	mulq  64(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r8, %rax
+	movq	%rdi, %rdx
+	movq	%rsi, %rbx
+/APP
+	addq %rax,%r12         
+	adcq %rdx,%r9         
+	adcq %rbx,%r13         
+	addq %rax,%r12         
+	adcq %rdx,%r9         
+	adcq %rbx,%r13         
+	
+/NO_APP
+	movq	%r12, -424(%rbp)
+	movq	%rdx, %r8
+	movq	%rax, %rsi
+	movq	%rbx, %rdi
+	movq	%r13, %r12
+	movq	%r10, %r13
+/APP
+	movq  (%rcx),%rax     
+	mulq  128(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  8(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  16(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  24(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  32(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%rsi, %rax
+	movq	%r8, %rbx
+	movq	%rdi, %rdx
+/APP
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	
+/NO_APP
+	movq	%rdx, %r11
+	movq	%rax, %r8
+	movq	%rbx, %rdi
+/APP
+	movq  64(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r11, %rsi
+	movq	%r9, -416(%rbp)
+	movq	%r13, %r9
+/APP
+	movq  (%rcx),%rax     
+	mulq  136(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+/NO_APP
+	movq	%r10, %r13
+/APP
+	movq  8(%rcx),%rax     
+	mulq  128(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  48(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  56(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  64(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r8, %rbx
+	movq	%rdi, %rax
+	movq	%rsi, %rdx
+/APP
+	addq %rbx,%r12         
+	adcq %rax,%r9         
+	adcq %rdx,%r13         
+	addq %rbx,%r12         
+	adcq %rax,%r9         
+	adcq %rdx,%r13         
+	
+/NO_APP
+	movq	%r12, -408(%rbp)
+	movq	%rdx, %rdi
+	movq	%rax, %r8
+	movq	%rbx, %rsi
+	movq	%r13, %r12
+	movq	%r10, %r13
+/APP
+	movq  (%rcx),%rax     
+	mulq  144(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  8(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  16(%rcx),%rax     
+	mulq  128(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  24(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  32(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%rsi, %rax
+	movq	%r8, %rbx
+	movq	%rdi, %rdx
+/APP
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	
+/NO_APP
+	movq	%rdx, %r11
+	movq	%rax, %r8
+	movq	%rbx, %rdi
+/APP
+	movq  72(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r11, %rsi
+	movq	%r9, -400(%rbp)
+	movq	%r13, %r9
+/APP
+	movq  (%rcx),%rax     
+	mulq  152(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+/NO_APP
+	movq	%r10, %r13
+/APP
+	movq  8(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  128(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  48(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  56(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  64(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  72(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r8, %rbx
+	movq	%rdi, %rax
+	movq	%rsi, %rdx
+/APP
+	addq %rbx,%r12         
+	adcq %rax,%r9         
+	adcq %rdx,%r13         
+	addq %rbx,%r12         
+	adcq %rax,%r9         
+	adcq %rdx,%r13         
+	
+/NO_APP
+	movq	%r12, -392(%rbp)
+	movq	%rdx, %rdi
+	movq	%rax, %r8
+	movq	%rbx, %rsi
+	movq	%r13, %r12
+	movq	%r10, %r13
+/APP
+	movq  (%rcx),%rax     
+	mulq  160(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  8(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  16(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  24(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  32(%rcx),%rax     
+	mulq  128(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%rsi, %rax
+	movq	%r8, %rbx
+	movq	%rdi, %rdx
+/APP
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	
+/NO_APP
+	movq	%rdx, %r11
+	movq	%rax, %r8
+	movq	%rbx, %rdi
+/APP
+	movq  80(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r11, %rsi
+	movq	%r9, -384(%rbp)
+	movq	%r13, %r9
+/APP
+	movq  (%rcx),%rax     
+	mulq  168(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+/NO_APP
+	movq	%r10, %r13
+/APP
+	movq  8(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  128(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  48(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  56(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  64(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  72(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  80(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r8, %rbx
+	movq	%rdi, %rax
+	movq	%rsi, %rdx
+/APP
+	addq %rbx,%r12         
+	adcq %rax,%r9         
+	adcq %rdx,%r13         
+	addq %rbx,%r12         
+	adcq %rax,%r9         
+	adcq %rdx,%r13         
+	
+/NO_APP
+	movq	%r12, -376(%rbp)
+	movq	%rdx, %rdi
+	movq	%rax, %r8
+	movq	%rbx, %rsi
+	movq	%r13, %r12
+	movq	%r10, %r13
+/APP
+	movq  (%rcx),%rax     
+	mulq  176(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  8(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  16(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  24(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  32(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  128(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%rsi, %rax
+	movq	%r8, %rbx
+	movq	%rdi, %rdx
+/APP
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	
+/NO_APP
+	movq	%rdx, %r11
+	movq	%rax, %r8
+	movq	%rbx, %rdi
+/APP
+	movq  88(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r11, %rsi
+	movq	%r9, -368(%rbp)
+	movq	%r13, %r9
+/APP
+	movq  (%rcx),%rax     
+	mulq  184(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+/NO_APP
+	movq	%r10, %r13
+/APP
+	movq  8(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  48(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  56(%rcx),%rax     
+	mulq  128(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  64(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  72(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  80(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  88(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r8, %rbx
+	movq	%rdi, %rax
+	movq	%rsi, %rdx
+/APP
+	addq %rbx,%r12         
+	adcq %rax,%r9         
+	adcq %rdx,%r13         
+	addq %rbx,%r12         
+	adcq %rax,%r9         
+	adcq %rdx,%r13         
+	
+/NO_APP
+	movq	%rdx, %rdi
+	movq	%r12, -360(%rbp)
+	movq	%rax, %r8
+	movq	%rbx, %rsi
+	movq	%r13, %r12
+	movq	%r10, %r13
+/APP
+	movq  (%rcx),%rax     
+	mulq  192(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  8(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  16(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  24(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  32(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  128(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%r8, %rbx
+	movq	%rdi, %rax
+/APP
+	addq %rsi,%r9         
+	adcq %rbx,%r12         
+	adcq %rax,%r13         
+	addq %rsi,%r9         
+	adcq %rbx,%r12         
+	adcq %rax,%r13         
+	
+/NO_APP
+	movq	%rax, %r11
+	movq	%rbx, %r8
+/APP
+	movq  96(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r11, %rdi
+	movq	%r9, -352(%rbp)
+	movq	%r13, %r9
+/APP
+	movq  (%rcx),%rax     
+	mulq  200(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+/NO_APP
+	movq	%r10, %r13
+/APP
+	movq  8(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  16(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  24(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  32(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  128(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	addq %rsi,%r12         
+	adcq %r8,%r9         
+	adcq %rdi,%r13         
+	addq %rsi,%r12         
+	adcq %r8,%r9         
+	adcq %rdi,%r13         
+	
+/NO_APP
+	movq	%r12, -344(%rbp)
+	movq	%r10, %r12
+/APP
+	movq  (%rcx),%rax     
+	mulq  208(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  8(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  16(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  24(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  32(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  128(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%r13, %rdx
+	movq	%r8, %rbx
+	movq	%rdi, %r13
+/APP
+	addq %rsi,%r9         
+	adcq %rbx,%rdx         
+	adcq %r13,%r12         
+	addq %rsi,%r9         
+	adcq %rbx,%rdx         
+	adcq %r13,%r12         
+	
+/NO_APP
+	movq	%r12, %rax
+	movq	%r13, %r11
+	movq	%rdx, %r12
+	movq	%rax, %r13
+	movq	%rbx, %r8
+	movq	%r11, %rdi
+/APP
+	movq  104(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r9, -336(%rbp)
+	movq	%r13, %r9
+	movq	%r10, %r13
+/APP
+	movq  (%rcx),%rax     
+	mulq  216(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  8(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  16(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  24(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  32(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  128(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  104(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	addq %rsi,%r12         
+	adcq %r8,%r9         
+	adcq %rdi,%r13         
+	addq %rsi,%r12         
+	adcq %r8,%r9         
+	adcq %rdi,%r13         
+	
+/NO_APP
+	movq	%r12, -328(%rbp)
+/APP
+	movq  (%rcx),%rax     
+	mulq  224(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  8(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  16(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  24(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  32(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  128(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  104(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%r13, %rax
+	movq	%r10, %rdx
+	movq	%r8, %rbx
+	movq	%rdi, %r12
+/APP
+	addq %rsi,%r9         
+	adcq %rbx,%rax         
+	adcq %r12,%rdx         
+	addq %rsi,%r9         
+	adcq %rbx,%rax         
+	adcq %r12,%rdx         
+	
+/NO_APP
+	movq	%rdx, %rdi
+	movq	%r12, %r11
+	movq	%rbx, %r8
+	movq	%rax, %r12
+	movq	%rdi, %r13
+	movq	%r11, %rdi
+/APP
+	movq  112(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r9, -320(%rbp)
+	movq	%r13, %rbx
+	movq	%r10, %r9
+/APP
+	movq  (%rcx),%rax     
+	mulq  232(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  8(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  16(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  24(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  32(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  104(%rcx),%rax     
+	mulq  128(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  112(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	addq %rsi,%r12         
+	adcq %r8,%rbx         
+	adcq %rdi,%r9         
+	addq %rsi,%r12         
+	adcq %r8,%rbx         
+	adcq %rdi,%r9         
+	
+/NO_APP
+	movq	%r12, -312(%rbp)
+	movq	%r9, %r13
+/APP
+	movq  (%rcx),%rax     
+	mulq  240(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  8(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  16(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  24(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  32(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  104(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  112(%rcx),%rax     
+	mulq  128(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%r10, %rax
+	movq	%r8, %r11
+	movq	%rdi, %rdx
+/APP
+	addq %rsi,%rbx         
+	adcq %r11,%r13         
+	adcq %rdx,%rax         
+	addq %rsi,%rbx         
+	adcq %r11,%r13         
+	adcq %rdx,%rax         
+	
+/NO_APP
+	movq	%rdx, %r9
+	movq	%rax, %rdx
+	movq	%r13, %r12
+	movq	%r11, %r8
+	movq	%rdx, %r13
+	movq	%r9, %rdi
+/APP
+	movq  120(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%rbx     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%rbx, -304(%rbp)
+	movq	%r13, %rbx
+	movq	%r10, %r13
+/APP
+	movq  (%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  8(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  16(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  24(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  32(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  104(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  112(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  120(%rcx),%rax     
+	mulq  128(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	addq %rsi,%r12         
+	adcq %r8,%rbx         
+	adcq %rdi,%r13         
+	addq %rsi,%r12         
+	adcq %r8,%rbx         
+	adcq %rdi,%r13         
+	
+/NO_APP
+	movq	%r12, -296(%rbp)
+	movq	%r13, %r12
+	movq	%r10, %r13
+/APP
+	movq  8(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  16(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  24(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  32(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  104(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  112(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  120(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%r8, %r11
+	movq	%rdi, %rax
+/APP
+	addq %rsi,%rbx         
+	adcq %r11,%r12         
+	adcq %rax,%r13         
+	addq %rsi,%rbx         
+	adcq %r11,%r12         
+	adcq %rax,%r13         
+	
+/NO_APP
+	movq	%rax, %r9
+	movq	%r11, %r8
+/APP
+	movq  128(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%rbx     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r9, %rdi
+	movq	%rbx, -288(%rbp)
+	movq	%r13, %r9
+/APP
+	movq  16(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+/NO_APP
+	movq	%r10, %r13
+/APP
+	movq  24(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  32(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  104(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  112(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  120(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  128(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	addq %rsi,%r12         
+	adcq %r8,%r9         
+	adcq %rdi,%r13         
+	addq %rsi,%r12         
+	adcq %r8,%r9         
+	adcq %rdi,%r13         
+	
+/NO_APP
+	movq	%r12, -280(%rbp)
+	movq	%r10, %r12
+/APP
+	movq  24(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  32(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  104(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  112(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  120(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  128(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%r13, %rdx
+	movq	%r8, %rbx
+	movq	%rdi, %r13
+/APP
+	addq %rsi,%r9         
+	adcq %rbx,%rdx         
+	adcq %r13,%r12         
+	addq %rsi,%r9         
+	adcq %rbx,%rdx         
+	adcq %r13,%r12         
+	
+/NO_APP
+	movq	%r12, %rax
+	movq	%r13, %r11
+	movq	%rdx, %r12
+	movq	%rax, %r13
+	movq	%rbx, %r8
+	movq	%r11, %rdi
+/APP
+	movq  136(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r9, -272(%rbp)
+	movq	%r13, %r9
+	movq	%r10, %r13
+/APP
+	movq  32(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  104(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  112(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  120(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  128(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  136(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	addq %rsi,%r12         
+	adcq %r8,%r9         
+	adcq %rdi,%r13         
+	addq %rsi,%r12         
+	adcq %r8,%r9         
+	adcq %rdi,%r13         
+	
+/NO_APP
+	movq	%r12, -264(%rbp)
+/APP
+	movq  40(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  104(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  112(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  120(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  128(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  136(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%r13, %rax
+	movq	%r10, %rdx
+	movq	%r8, %rbx
+	movq	%rdi, %r12
+/APP
+	addq %rsi,%r9         
+	adcq %rbx,%rax         
+	adcq %r12,%rdx         
+	addq %rsi,%r9         
+	adcq %rbx,%rax         
+	adcq %r12,%rdx         
+	
+/NO_APP
+	movq	%rdx, %rdi
+	movq	%r12, %r11
+	movq	%rbx, %r8
+	movq	%rax, %r12
+	movq	%rdi, %r13
+	movq	%r11, %rdi
+/APP
+	movq  144(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r10, %r11
+	movq	%r9, -256(%rbp)
+	movq	%r13, %r9
+/APP
+	movq  48(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  104(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  112(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  120(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  128(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  136(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  144(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	addq %rsi,%r12         
+	adcq %r8,%r9         
+	adcq %rdi,%r11         
+	addq %rsi,%r12         
+	adcq %r8,%r9         
+	adcq %rdi,%r11         
+	
+/NO_APP
+	movq	%r12, -248(%rbp)
+	movq	%r11, %r13
+/APP
+	movq  56(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  104(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  112(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  120(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  128(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  136(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  144(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%r10, %rax
+	movq	%rsi, %rdx
+	movq	%r8, %rbx
+	movq	%rdi, %r12
+/APP
+	addq %rdx,%r9         
+	adcq %rbx,%r13         
+	adcq %r12,%rax         
+	addq %rdx,%r9         
+	adcq %rbx,%r13         
+	adcq %r12,%rax         
+	
+/NO_APP
+	movq	%r12, %r11
+	movq	%rdx, %r8
+	movq	%rax, %rdx
+	movq	%r13, %r12
+	movq	%rbx, %rdi
+	movq	%rdx, %r13
+	movq	%r11, %rsi
+/APP
+	movq  152(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r9, -240(%rbp)
+	movq	%r13, %r9
+	movq	%r10, %r13
+/APP
+	movq  64(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  72(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  80(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  88(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  96(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  104(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  112(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  120(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  128(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  136(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  144(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  152(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r8, %rax
+	movq	%rdi, %rdx
+	movq	%rsi, %rbx
+/APP
+	addq %rax,%r12         
+	adcq %rdx,%r9         
+	adcq %rbx,%r13         
+	addq %rax,%r12         
+	adcq %rdx,%r9         
+	adcq %rbx,%r13         
+	
+/NO_APP
+	movq	%r12, -232(%rbp)
+	movq	%rdx, %r8
+	movq	%rax, %rsi
+	movq	%rbx, %rdi
+	movq	%r13, %r12
+	movq	%r10, %r13
+/APP
+	movq  72(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  104(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  112(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  120(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  128(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  136(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  144(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  152(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%rsi, %rax
+	movq	%r8, %rbx
+	movq	%rdi, %rdx
+/APP
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	
+/NO_APP
+	movq	%rdx, %r11
+	movq	%rax, %r8
+	movq	%rbx, %rdi
+/APP
+	movq  160(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r11, %rsi
+	movq	%r9, -224(%rbp)
+	movq	%r13, %r9
+/APP
+	movq  80(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+/NO_APP
+	movq	%r10, %r13
+/APP
+	movq  88(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  96(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  104(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  112(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  120(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  128(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  136(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  144(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  152(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  160(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r8, %rbx
+	movq	%rdi, %rax
+	movq	%rsi, %rdx
+/APP
+	addq %rbx,%r12         
+	adcq %rax,%r9         
+	adcq %rdx,%r13         
+	addq %rbx,%r12         
+	adcq %rax,%r9         
+	adcq %rdx,%r13         
+	
+/NO_APP
+	movq	%r12, -216(%rbp)
+	movq	%rdx, %rdi
+	movq	%rax, %r8
+	movq	%rbx, %rsi
+	movq	%r13, %r12
+	movq	%r10, %r13
+/APP
+	movq  88(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  104(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  112(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  120(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  128(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  136(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  144(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  152(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  160(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%rsi, %rax
+	movq	%r8, %rbx
+	movq	%rdi, %rdx
+/APP
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	
+/NO_APP
+	movq	%rdx, %r11
+	movq	%rax, %r8
+	movq	%rbx, %rdi
+/APP
+	movq  168(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r11, %rsi
+	movq	%r9, -208(%rbp)
+	movq	%r13, %r9
+/APP
+	movq  96(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+/NO_APP
+	movq	%r10, %r13
+/APP
+	movq  104(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  112(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  120(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  128(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  136(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  144(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  152(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  160(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  168(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r8, %rbx
+	movq	%rdi, %rax
+	movq	%rsi, %rdx
+/APP
+	addq %rbx,%r12         
+	adcq %rax,%r9         
+	adcq %rdx,%r13         
+	addq %rbx,%r12         
+	adcq %rax,%r9         
+	adcq %rdx,%r13         
+	
+/NO_APP
+	movq	%r12, -200(%rbp)
+	movq	%rdx, %rdi
+	movq	%rax, %r8
+	movq	%rbx, %rsi
+	movq	%r13, %r12
+	movq	%r10, %r13
+/APP
+	movq  104(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  112(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  120(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  128(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  136(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  144(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  152(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  160(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  168(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%rsi, %rax
+	movq	%r8, %rbx
+	movq	%rdi, %rdx
+/APP
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	
+/NO_APP
+	movq	%rdx, %r11
+	movq	%rax, %r8
+	movq	%rbx, %rdi
+/APP
+	movq  176(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r11, %rsi
+	movq	%r9, -192(%rbp)
+	movq	%r13, %r9
+/APP
+	movq  112(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+/NO_APP
+	movq	%r10, %r13
+/APP
+	movq  120(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  128(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  136(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  144(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  152(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  160(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  168(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  176(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r8, %rbx
+	movq	%rdi, %rax
+	movq	%rsi, %rdx
+/APP
+	addq %rbx,%r12         
+	adcq %rax,%r9         
+	adcq %rdx,%r13         
+	addq %rbx,%r12         
+	adcq %rax,%r9         
+	adcq %rdx,%r13         
+	
+/NO_APP
+	movq	%r12, -184(%rbp)
+	movq	%rdx, %rdi
+	movq	%rax, %r8
+	movq	%rbx, %rsi
+	movq	%r13, %r12
+	movq	%r10, %r13
+/APP
+	movq  120(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  128(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  136(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  144(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  152(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  160(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  168(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  176(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%rsi, %rax
+	movq	%r8, %rbx
+	movq	%rdi, %rdx
+/APP
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	
+/NO_APP
+	movq	%rdx, %r11
+	movq	%rax, %r8
+	movq	%rbx, %rdi
+/APP
+	movq  184(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r11, %rsi
+	movq	%r9, -176(%rbp)
+	movq	%r13, %r9
+/APP
+	movq  128(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+/NO_APP
+	movq	%r10, %r13
+/APP
+	movq  136(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  144(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  152(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  160(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  168(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  176(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  184(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	addq %r8,%r12         
+	adcq %rdi,%r9         
+	adcq %rsi,%r13         
+	addq %r8,%r12         
+	adcq %rdi,%r9         
+	adcq %rsi,%r13         
+	
+/NO_APP
+	movq	%r12, -168(%rbp)
+	movq	%r13, %r12
+	movq	%r10, %r13
+/APP
+	movq  136(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  144(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  152(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  160(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  168(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  176(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  184(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %rbx
+	movq	%rsi, %rax
+/APP
+	addq %r8,%r9         
+	adcq %rbx,%r12         
+	adcq %rax,%r13         
+	addq %r8,%r9         
+	adcq %rbx,%r12         
+	adcq %rax,%r13         
+	
+/NO_APP
+	movq	%rax, %r11
+	movq	%rbx, %rdi
+	movq	%r10, %rbx
+/APP
+	movq  192(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r11, %rsi
+	movq	%r9, -160(%rbp)
+	movq	%r13, %r9
+/APP
+	movq  144(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  152(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  160(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  168(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  176(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  184(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  192(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	addq %r8,%r12         
+	adcq %rdi,%r9         
+	adcq %rsi,%rbx         
+	addq %r8,%r12         
+	adcq %rdi,%r9         
+	adcq %rsi,%rbx         
+	
+/NO_APP
+	movq	%r12, -152(%rbp)
+/APP
+	movq  152(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  160(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  168(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  176(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  184(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  192(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r10, %rdx
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r9         
+	adcq %r13,%rbx         
+	adcq %r12,%rdx         
+	addq %r8,%r9         
+	adcq %r13,%rbx         
+	adcq %r12,%rdx         
+	
+/NO_APP
+	movq	%rdx, %rax
+	movq	%r13, %rdi
+	movq	%r12, %rsi
+	movq	%rax, %r11
+	movq	%r10, %r12
+/APP
+	movq  200(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r9, -144(%rbp)
+	movq	%r11, %r9
+/APP
+	movq  160(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  168(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  176(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  184(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  192(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  200(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	addq %r8,%rbx         
+	adcq %rdi,%r9         
+	adcq %rsi,%r12         
+	addq %r8,%rbx         
+	adcq %rdi,%r9         
+	adcq %rsi,%r12         
+	
+/NO_APP
+	movq	%rbx, -136(%rbp)
+	movq	%r12, %r11
+/APP
+	movq  168(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  176(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  184(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  192(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  200(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r10, %rax
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r9         
+	adcq %r13,%r11         
+	adcq %r12,%rax         
+	addq %r8,%r9         
+	adcq %r13,%r11         
+	adcq %r12,%rax         
+	
+/NO_APP
+	movq	%rax, %rdx
+	movq	%r11, %rbx
+	movq	%r13, %rdi
+	movq	%rdx, %r11
+	movq	%r12, %rsi
+/APP
+	movq  208(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r9, -128(%rbp)
+	movq	%r11, %r9
+/APP
+	movq  176(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  184(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  192(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  200(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  208(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r10, %rdx
+/APP
+	addq %r8,%rbx         
+	adcq %rdi,%r9         
+	adcq %rsi,%rdx         
+	addq %r8,%rbx         
+	adcq %rdi,%r9         
+	adcq %rsi,%rdx         
+	
+/NO_APP
+	movq	%rbx, -120(%rbp)
+	movq	%rdx, %r11
+	movq	%r10, %rbx
+/APP
+	movq  184(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  192(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  200(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  208(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r9         
+	adcq %r13,%r11         
+	adcq %r12,%rbx         
+	addq %r8,%r9         
+	adcq %r13,%r11         
+	adcq %r12,%rbx         
+	
+/NO_APP
+	movq	%rbx, %rdx
+	movq	%r13, %rdi
+	movq	%r11, %rbx
+	movq	%r12, %rsi
+	movq	%rdx, %r11
+	movq	%r10, %r12
+/APP
+	movq  216(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r9, -112(%rbp)
+	movq	%r11, %r9
+/APP
+	movq  192(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  200(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  208(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  216(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	addq %r8,%rbx         
+	adcq %rdi,%r9         
+	adcq %rsi,%r12         
+	addq %r8,%rbx         
+	adcq %rdi,%r9         
+	adcq %rsi,%r12         
+	
+/NO_APP
+	movq	%rbx, -104(%rbp)
+	movq	%r12, %r11
+/APP
+	movq  200(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  208(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  216(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r10, %rax
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r9         
+	adcq %r13,%r11         
+	adcq %r12,%rax         
+	addq %r8,%r9         
+	adcq %r13,%r11         
+	adcq %r12,%rax         
+	
+/NO_APP
+	movq	%rax, %rdx
+	movq	%r11, %rbx
+	movq	%r13, %rdi
+	movq	%rdx, %r11
+	movq	%r12, %rsi
+	movq	%r10, %r12
+/APP
+	movq  224(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r9, -96(%rbp)
+	movq	%r10, %r9
+/APP
+	movq  208(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  216(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  224(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r13
+	movq	%rsi, %rax
+/APP
+	addq %r8,%rbx         
+	adcq %r13,%r11         
+	adcq %rax,%r9         
+	addq %r8,%rbx         
+	adcq %r13,%r11         
+	adcq %rax,%r9         
+	
+/NO_APP
+	movq	%rbx, -88(%rbp)
+	movq	%r11, %rsi
+	movq	%r9, %r8
+/APP
+	movq  216(%rcx),%rax     
+	mulq  248(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%r12        
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r12, %r11
+/APP
+	movq  224(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%r11        
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r8, %r13
+	movq	%r11, %rbx
+/APP
+	movq  232(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%rsi     
+	adcq  %rdx,%r13     
+	adcq  $0,%rbx        
+	
+/NO_APP
+	movq	%rsi, -80(%rbp)
+	movq	%rbx, %r12
+	movq	%r13, %rdi
+	movq	%r10, %r13
+/APP
+	movq  224(%rcx),%rax     
+	mulq  248(%rcx)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	addq  %rax,%rdi     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r12, %r9
+	movq	%r13, %r12
+/APP
+	movq  232(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%r9     
+	adcq  $0,%r12        
+	addq  %rax,%rdi     
+	adcq  %rdx,%r9     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rdi, -72(%rbp)
+	movq	%r9, %r11
+	movq	%r12, %rbx
+	movq	%r10, %r9
+/APP
+	movq  232(%rcx),%rax     
+	mulq  248(%rcx)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r9        
+	addq  %rax,%r11     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r9        
+	
+/NO_APP
+	movq	%rbx, %r13
+	movq	%r9, %rbx
+	movq	%r10, %r9
+/APP
+	movq  240(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r11     
+	adcq  %rdx,%r13     
+	adcq  $0,%rbx        
+	
+/NO_APP
+	movq	%r11, -64(%rbp)
+	movq	%r13, %rdi
+	movq	%rbx, %rsi
+/APP
+	movq  240(%rcx),%rax     
+	mulq  248(%rcx)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r9        
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r9        
+	
+/NO_APP
+	movq	%rdi, -56(%rbp)
+	movq	%r9, %r8
+/APP
+	movq  248(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%rsi, -48(%rbp)
+	movq	16(%r14), %rdi
+	leaq	-544(%rbp), %rsi
+	movl	$512, %edx
+	movq	%r8, -40(%rbp)
+	movl	$64, 8(%r14)
+	movl	$0, (%r14)
+	call	memcpy@PLT
+	movl	8(%r14), %edx
+	testl	%edx, %edx
+	je	.L304
+	leal	-1(%rdx), %ecx
+	movq	16(%r14), %rsi
+	mov	%ecx, %r10d
+	cmpq	$0, (%rsi,%r10,8)
+	jne	.L302
+	movl	%ecx, %edx
+	.align 16
+.L303:
+	testl	%edx, %edx
+	movl	%edx, %ecx
+	je	.L307
+	decl	%edx
+	mov	%edx, %eax
+	cmpq	$0, (%rsi,%rax,8)
+	je	.L303
+	movl	%ecx, 8(%r14)
+	movl	%ecx, %edx
+.L302:
+	testl	%edx, %edx
+	je	.L304
+	movl	(%r14), %eax
+	movl	%eax, (%r14)
+	addq	$512, %rsp
+	popq	%rbx
+	popq	%r12
+	popq	%r13
+	popq	%r14
+	leave
+	ret
+.L307:
+	movl	%edx, 8(%r14)
+	.align 16
+.L304:
+	xorl	%eax, %eax
+	movl	%eax, (%r14)
+	addq	$512, %rsp
+	popq	%rbx
+	popq	%r12
+	popq	%r13
+	popq	%r14
+	leave
+	ret
+.LFE9:
+	.size	s_mp_sqr_comba_32, .-s_mp_sqr_comba_32
diff --git a/security/nss/lib/freebl/mpi/mp_gf2m-priv.h b/security/nss/lib/freebl/mpi/mp_gf2m-priv.h
new file mode 100644
index 000000000..f93597d59
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mp_gf2m-priv.h
@@ -0,0 +1,102 @@
+/*
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Multi-precision Binary Polynomial Arithmetic Library.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Sheueling Chang Shantz <sheueling.chang@sun.com> and
+ *   Douglas Stebila <douglas@stebila.ca> of Sun Laboratories.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#ifndef _MP_GF2M_PRIV_H_
+#define _MP_GF2M_PRIV_H_
+
+#include "mpi-priv.h"
+
+extern const mp_digit mp_gf2m_sqr_tb[16];
+
+#if defined(MP_USE_UINT_DIGIT)
+#define MP_DIGIT_BITS 32
+#else
+#define MP_DIGIT_BITS 64
+#endif
+
+/* Platform-specific macros for fast binary polynomial squaring. */
+#if MP_DIGIT_BITS == 32
+#define gf2m_SQR1(w) \
+    mp_gf2m_sqr_tb[(w) >> 28 & 0xF] << 24 | mp_gf2m_sqr_tb[(w) >> 24 & 0xF] << 16 | \
+    mp_gf2m_sqr_tb[(w) >> 20 & 0xF] <<  8 | mp_gf2m_sqr_tb[(w) >> 16 & 0xF]
+#define gf2m_SQR0(w) \
+    mp_gf2m_sqr_tb[(w) >> 12 & 0xF] << 24 | mp_gf2m_sqr_tb[(w) >>  8 & 0xF] << 16 | \
+    mp_gf2m_sqr_tb[(w) >>  4 & 0xF] <<  8 | mp_gf2m_sqr_tb[(w)       & 0xF]
+#else
+#define gf2m_SQR1(w) \
+    mp_gf2m_sqr_tb[(w) >> 60 & 0xF] << 56 | mp_gf2m_sqr_tb[(w) >> 56 & 0xF] << 48 | \
+    mp_gf2m_sqr_tb[(w) >> 52 & 0xF] << 40 | mp_gf2m_sqr_tb[(w) >> 48 & 0xF] << 32 | \
+    mp_gf2m_sqr_tb[(w) >> 44 & 0xF] << 24 | mp_gf2m_sqr_tb[(w) >> 40 & 0xF] << 16 | \
+    mp_gf2m_sqr_tb[(w) >> 36 & 0xF] <<  8 | mp_gf2m_sqr_tb[(w) >> 32 & 0xF]
+#define gf2m_SQR0(w) \
+    mp_gf2m_sqr_tb[(w) >> 28 & 0xF] << 56 | mp_gf2m_sqr_tb[(w) >> 24 & 0xF] << 48 | \
+    mp_gf2m_sqr_tb[(w) >> 20 & 0xF] << 40 | mp_gf2m_sqr_tb[(w) >> 16 & 0xF] << 32 | \
+    mp_gf2m_sqr_tb[(w) >> 12 & 0xF] << 24 | mp_gf2m_sqr_tb[(w) >>  8 & 0xF] << 16 | \
+    mp_gf2m_sqr_tb[(w) >>  4 & 0xF] <<  8 | mp_gf2m_sqr_tb[(w)       & 0xF]
+#endif
+
+/* Multiply two binary polynomials mp_digits a, b.
+ * Result is a polynomial with degree < 2 * MP_DIGIT_BITS - 1.
+ * Output in two mp_digits rh, rl.
+ */
+void s_bmul_1x1(mp_digit *rh, mp_digit *rl, const mp_digit a, const mp_digit b);
+
+/* Compute xor-multiply of two binary polynomials  (a1, a0) x (b1, b0)  
+ * result is a binary polynomial in 4 mp_digits r[4].
+ * The caller MUST ensure that r has the right amount of space allocated.
+ */
+void s_bmul_2x2(mp_digit *r, const mp_digit a1, const mp_digit a0, const mp_digit b1,
+	const mp_digit b0);
+
+/* Compute xor-multiply of two binary polynomials  (a2, a1, a0) x (b2, b1, b0)  
+ * result is a binary polynomial in 6 mp_digits r[6].
+ * The caller MUST ensure that r has the right amount of space allocated.
+ */
+void s_bmul_3x3(mp_digit *r, const mp_digit a2, const mp_digit a1, const mp_digit a0, 
+	const mp_digit b2, const mp_digit b1, const mp_digit b0);
+
+/* Compute xor-multiply of two binary polynomials  (a3, a2, a1, a0) x (b3, b2, b1, b0)  
+ * result is a binary polynomial in 8 mp_digits r[8].
+ * The caller MUST ensure that r has the right amount of space allocated.
+ */
+void s_bmul_4x4(mp_digit *r, const mp_digit a3, const mp_digit a2, const mp_digit a1, 
+	const mp_digit a0, const mp_digit b3, const mp_digit b2, const mp_digit b1, 
+	const mp_digit b0);
+
+#endif /* _MP_GF2M_PRIV_H_ */
diff --git a/security/nss/lib/freebl/mpi/mp_gf2m.c b/security/nss/lib/freebl/mpi/mp_gf2m.c
new file mode 100644
index 000000000..a68e88028
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mp_gf2m.c
@@ -0,0 +1,603 @@
+/*
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Multi-precision Binary Polynomial Arithmetic Library.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Sheueling Chang Shantz <sheueling.chang@sun.com> and
+ *   Douglas Stebila <douglas@stebila.ca> of Sun Laboratories.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "mp_gf2m.h"
+#include "mp_gf2m-priv.h"
+#include "mplogic.h"
+#include "mpi-priv.h"
+
+const mp_digit mp_gf2m_sqr_tb[16] =
+{
+      0,     1,     4,     5,    16,    17,    20,    21,
+     64,    65,    68,    69,    80,    81,    84,    85
+};
+
+/* Multiply two binary polynomials mp_digits a, b.
+ * Result is a polynomial with degree < 2 * MP_DIGIT_BITS - 1.
+ * Output in two mp_digits rh, rl.
+ */
+#if MP_DIGIT_BITS == 32
+void 
+s_bmul_1x1(mp_digit *rh, mp_digit *rl, const mp_digit a, const mp_digit b)
+{
+    register mp_digit h, l, s;
+    mp_digit tab[8], top2b = a >> 30; 
+    register mp_digit a1, a2, a4;
+
+    a1 = a & (0x3FFFFFFF); a2 = a1 << 1; a4 = a2 << 1;
+
+    tab[0] =  0; tab[1] = a1;    tab[2] = a2;    tab[3] = a1^a2;
+    tab[4] = a4; tab[5] = a1^a4; tab[6] = a2^a4; tab[7] = a1^a2^a4;
+
+    s = tab[b       & 0x7]; l  = s;
+    s = tab[b >>  3 & 0x7]; l ^= s <<  3; h  = s >> 29;
+    s = tab[b >>  6 & 0x7]; l ^= s <<  6; h ^= s >> 26;
+    s = tab[b >>  9 & 0x7]; l ^= s <<  9; h ^= s >> 23;
+    s = tab[b >> 12 & 0x7]; l ^= s << 12; h ^= s >> 20;
+    s = tab[b >> 15 & 0x7]; l ^= s << 15; h ^= s >> 17;
+    s = tab[b >> 18 & 0x7]; l ^= s << 18; h ^= s >> 14;
+    s = tab[b >> 21 & 0x7]; l ^= s << 21; h ^= s >> 11;
+    s = tab[b >> 24 & 0x7]; l ^= s << 24; h ^= s >>  8;
+    s = tab[b >> 27 & 0x7]; l ^= s << 27; h ^= s >>  5;
+    s = tab[b >> 30      ]; l ^= s << 30; h ^= s >>  2;
+
+    /* compensate for the top two bits of a */
+
+    if (top2b & 01) { l ^= b << 30; h ^= b >> 2; } 
+    if (top2b & 02) { l ^= b << 31; h ^= b >> 1; } 
+
+    *rh = h; *rl = l;
+} 
+#else
+void 
+s_bmul_1x1(mp_digit *rh, mp_digit *rl, const mp_digit a, const mp_digit b)
+{
+    register mp_digit h, l, s;
+    mp_digit tab[16], top3b = a >> 61;
+    register mp_digit a1, a2, a4, a8;
+
+    a1 = a & (0x1FFFFFFFFFFFFFFFULL); a2 = a1 << 1; 
+    a4 = a2 << 1; a8 = a4 << 1;
+    tab[ 0] = 0;     tab[ 1] = a1;       tab[ 2] = a2;       tab[ 3] = a1^a2;
+    tab[ 4] = a4;    tab[ 5] = a1^a4;    tab[ 6] = a2^a4;    tab[ 7] = a1^a2^a4;
+    tab[ 8] = a8;    tab[ 9] = a1^a8;    tab[10] = a2^a8;    tab[11] = a1^a2^a8;
+    tab[12] = a4^a8; tab[13] = a1^a4^a8; tab[14] = a2^a4^a8; tab[15] = a1^a2^a4^a8;
+
+    s = tab[b       & 0xF]; l  = s;
+    s = tab[b >>  4 & 0xF]; l ^= s <<  4; h  = s >> 60;
+    s = tab[b >>  8 & 0xF]; l ^= s <<  8; h ^= s >> 56;
+    s = tab[b >> 12 & 0xF]; l ^= s << 12; h ^= s >> 52;
+    s = tab[b >> 16 & 0xF]; l ^= s << 16; h ^= s >> 48;
+    s = tab[b >> 20 & 0xF]; l ^= s << 20; h ^= s >> 44;
+    s = tab[b >> 24 & 0xF]; l ^= s << 24; h ^= s >> 40;
+    s = tab[b >> 28 & 0xF]; l ^= s << 28; h ^= s >> 36;
+    s = tab[b >> 32 & 0xF]; l ^= s << 32; h ^= s >> 32;
+    s = tab[b >> 36 & 0xF]; l ^= s << 36; h ^= s >> 28;
+    s = tab[b >> 40 & 0xF]; l ^= s << 40; h ^= s >> 24;
+    s = tab[b >> 44 & 0xF]; l ^= s << 44; h ^= s >> 20;
+    s = tab[b >> 48 & 0xF]; l ^= s << 48; h ^= s >> 16;
+    s = tab[b >> 52 & 0xF]; l ^= s << 52; h ^= s >> 12;
+    s = tab[b >> 56 & 0xF]; l ^= s << 56; h ^= s >>  8;
+    s = tab[b >> 60      ]; l ^= s << 60; h ^= s >>  4;
+
+    /* compensate for the top three bits of a */
+
+    if (top3b & 01) { l ^= b << 61; h ^= b >> 3; } 
+    if (top3b & 02) { l ^= b << 62; h ^= b >> 2; } 
+    if (top3b & 04) { l ^= b << 63; h ^= b >> 1; } 
+
+    *rh = h; *rl = l;
+} 
+#endif
+
+/* Compute xor-multiply of two binary polynomials  (a1, a0) x (b1, b0)  
+ * result is a binary polynomial in 4 mp_digits r[4].
+ * The caller MUST ensure that r has the right amount of space allocated.
+ */
+void 
+s_bmul_2x2(mp_digit *r, const mp_digit a1, const mp_digit a0, const mp_digit b1,
+           const mp_digit b0)
+{
+    mp_digit m1, m0;
+    /* r[3] = h1, r[2] = h0; r[1] = l1; r[0] = l0 */
+    s_bmul_1x1(r+3, r+2, a1, b1);
+    s_bmul_1x1(r+1, r, a0, b0);
+    s_bmul_1x1(&m1, &m0, a0 ^ a1, b0 ^ b1);
+    /* Correction on m1 ^= l1 ^ h1; m0 ^= l0 ^ h0; */
+    r[2] ^= m1 ^ r[1] ^ r[3];  /* h0 ^= m1 ^ l1 ^ h1; */
+    r[1]  = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0;  /* l1 ^= l0 ^ h0 ^ m0; */
+}
+
+/* Compute xor-multiply of two binary polynomials  (a2, a1, a0) x (b2, b1, b0)  
+ * result is a binary polynomial in 6 mp_digits r[6].
+ * The caller MUST ensure that r has the right amount of space allocated.
+ */
+void 
+s_bmul_3x3(mp_digit *r, const mp_digit a2, const mp_digit a1, const mp_digit a0, 
+	const mp_digit b2, const mp_digit b1, const mp_digit b0)
+{
+	mp_digit zm[4];
+
+	s_bmul_1x1(r+5, r+4, a2, b2);         /* fill top 2 words */
+	s_bmul_2x2(zm, a1, a2^a0, b1, b2^b0); /* fill middle 4 words */
+	s_bmul_2x2(r, a1, a0, b1, b0);        /* fill bottom 4 words */
+
+	zm[3] ^= r[3];
+	zm[2] ^= r[2]; 
+	zm[1] ^= r[1] ^ r[5];
+	zm[0] ^= r[0] ^ r[4];
+
+	r[5]  ^= zm[3];
+	r[4]  ^= zm[2];
+	r[3]  ^= zm[1];
+	r[2]  ^= zm[0];
+}
+
+/* Compute xor-multiply of two binary polynomials  (a3, a2, a1, a0) x (b3, b2, b1, b0)  
+ * result is a binary polynomial in 8 mp_digits r[8].
+ * The caller MUST ensure that r has the right amount of space allocated.
+ */
+void s_bmul_4x4(mp_digit *r, const mp_digit a3, const mp_digit a2, const mp_digit a1, 
+	const mp_digit a0, const mp_digit b3, const mp_digit b2, const mp_digit b1, 
+	const mp_digit b0)
+{
+	mp_digit zm[4];
+
+	s_bmul_2x2(r+4, a3, a2, b3, b2);            /* fill top 4 words */
+	s_bmul_2x2(zm, a3^a1, a2^a0, b3^b1, b2^b0); /* fill middle 4 words */
+	s_bmul_2x2(r, a1, a0, b1, b0);              /* fill bottom 4 words */
+
+	zm[3] ^= r[3] ^ r[7]; 
+	zm[2] ^= r[2] ^ r[6]; 
+	zm[1] ^= r[1] ^ r[5]; 
+	zm[0] ^= r[0] ^ r[4]; 
+
+	r[5]  ^= zm[3];    
+	r[4]  ^= zm[2];
+	r[3]  ^= zm[1];    
+	r[2]  ^= zm[0];
+}
+
+/* Compute addition of two binary polynomials a and b,
+ * store result in c; c could be a or b, a and b could be equal; 
+ * c is the bitwise XOR of a and b.
+ */
+mp_err
+mp_badd(const mp_int *a, const mp_int *b, mp_int *c)
+{
+    mp_digit *pa, *pb, *pc;
+    mp_size ix;
+    mp_size used_pa, used_pb;
+    mp_err res = MP_OKAY;
+
+    /* Add all digits up to the precision of b.  If b had more
+     * precision than a initially, swap a, b first
+     */
+    if (MP_USED(a) >= MP_USED(b)) {
+        pa = MP_DIGITS(a);
+        pb = MP_DIGITS(b);
+        used_pa = MP_USED(a);
+        used_pb = MP_USED(b);
+    } else {
+        pa = MP_DIGITS(b);
+        pb = MP_DIGITS(a);
+        used_pa = MP_USED(b);
+        used_pb = MP_USED(a);
+    }
+
+    /* Make sure c has enough precision for the output value */
+    MP_CHECKOK( s_mp_pad(c, used_pa) );
+
+    /* Do word-by-word xor */
+    pc = MP_DIGITS(c);
+    for (ix = 0; ix < used_pb; ix++) {
+        (*pc++) = (*pa++) ^ (*pb++);
+    }
+
+    /* Finish the rest of digits until we're actually done */
+    for (; ix < used_pa; ++ix) {
+        *pc++ = *pa++;
+    }
+
+    MP_USED(c) = used_pa;
+    MP_SIGN(c) = ZPOS;
+    s_mp_clamp(c);
+
+CLEANUP:
+    return res;
+} 
+
+#define s_mp_div2(a) MP_CHECKOK( mpl_rsh((a), (a), 1) );
+
+/* Compute binary polynomial multiply d = a * b */
+static void 
+s_bmul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *d)
+{
+    mp_digit a_i, a0b0, a1b1, carry = 0;
+    while (a_len--) {
+        a_i = *a++;
+        s_bmul_1x1(&a1b1, &a0b0, a_i, b);
+        *d++ = a0b0 ^ carry;
+        carry = a1b1;
+    }
+    *d = carry;
+}
+
+/* Compute binary polynomial xor multiply accumulate d ^= a * b */
+static void 
+s_bmul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *d)
+{
+    mp_digit a_i, a0b0, a1b1, carry = 0;
+    while (a_len--) {
+        a_i = *a++;
+        s_bmul_1x1(&a1b1, &a0b0, a_i, b);
+        *d++ ^= a0b0 ^ carry;
+        carry = a1b1;
+    }
+    *d ^= carry;
+}
+
+/* Compute binary polynomial xor multiply c = a * b.  
+ * All parameters may be identical.
+ */
+mp_err 
+mp_bmul(const mp_int *a, const mp_int *b, mp_int *c)
+{
+    mp_digit *pb, b_i;
+    mp_int tmp;
+    mp_size ib, a_used, b_used;
+    mp_err res = MP_OKAY;
+
+    MP_DIGITS(&tmp) = 0;
+
+    ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+
+    if (a == c) {
+        MP_CHECKOK( mp_init_copy(&tmp, a) );
+        if (a == b)
+            b = &tmp;
+        a = &tmp;
+    } else if (b == c) {
+        MP_CHECKOK( mp_init_copy(&tmp, b) );
+        b = &tmp;
+    }
+
+    if (MP_USED(a) < MP_USED(b)) {
+        const mp_int *xch = b;      /* switch a and b if b longer */
+        b = a;
+        a = xch;
+    }
+
+    MP_USED(c) = 1; MP_DIGIT(c, 0) = 0;
+    MP_CHECKOK( s_mp_pad(c, USED(a) + USED(b)) );
+
+    pb = MP_DIGITS(b);
+    s_bmul_d(MP_DIGITS(a), MP_USED(a), *pb++, MP_DIGITS(c));
+
+    /* Outer loop:  Digits of b */
+    a_used = MP_USED(a);
+    b_used = MP_USED(b);
+	MP_USED(c) = a_used + b_used;
+    for (ib = 1; ib < b_used; ib++) {
+        b_i = *pb++;
+
+        /* Inner product:  Digits of a */
+        if (b_i)
+            s_bmul_d_add(MP_DIGITS(a), a_used, b_i, MP_DIGITS(c) + ib);
+        else
+            MP_DIGIT(c, ib + a_used) = b_i;
+    }
+
+    s_mp_clamp(c);
+
+    SIGN(c) = ZPOS;
+
+CLEANUP:
+    mp_clear(&tmp);
+    return res;
+}
+
+
+/* Compute modular reduction of a and store result in r.  
+ * r could be a. 
+ * For modular arithmetic, the irreducible polynomial f(t) is represented 
+ * as an array of int[], where f(t) is of the form: 
+ *     f(t) = t^p[0] + t^p[1] + ... + t^p[k]
+ * where m = p[0] > p[1] > ... > p[k] = 0.
+ */
+mp_err
+mp_bmod(const mp_int *a, const unsigned int p[], mp_int *r)
+{
+    int j, k;
+    int n, dN, d0, d1;
+    mp_digit zz, *z, tmp;
+    mp_size used;
+    mp_err res = MP_OKAY;
+
+    /* The algorithm does the reduction in place in r, 
+     * if a != r, copy a into r first so reduction can be done in r
+     */
+    if (a != r) {
+        MP_CHECKOK( mp_copy(a, r) );
+    }
+    z = MP_DIGITS(r);
+
+    /* start reduction */
+    dN = p[0] / MP_DIGIT_BITS;
+    used = MP_USED(r);
+
+    for (j = used - 1; j > dN;) {
+
+        zz = z[j];
+        if (zz == 0) {
+            j--; continue;
+        }
+        z[j] = 0;
+
+        for (k = 1; p[k] > 0; k++) {
+            /* reducing component t^p[k] */
+            n = p[0] - p[k];
+            d0 = n % MP_DIGIT_BITS;  
+            d1 = MP_DIGIT_BITS - d0;
+            n /= MP_DIGIT_BITS;
+            z[j-n] ^= (zz>>d0);
+            if (d0) 
+                z[j-n-1] ^= (zz<<d1);
+        }
+
+        /* reducing component t^0 */
+        n = dN;  
+        d0 = p[0] % MP_DIGIT_BITS;
+        d1 = MP_DIGIT_BITS - d0;
+        z[j-n] ^= (zz >> d0);
+        if (d0) 
+            z[j-n-1] ^= (zz << d1);
+
+    }
+
+    /* final round of reduction */
+    while (j == dN) {
+
+        d0 = p[0] % MP_DIGIT_BITS;
+        zz = z[dN] >> d0;  
+        if (zz == 0) break;
+        d1 = MP_DIGIT_BITS - d0;
+
+        /* clear up the top d1 bits */
+        if (d0) z[dN] = (z[dN] << d1) >> d1; 
+        *z ^= zz; /* reduction t^0 component */
+
+        for (k = 1; p[k] > 0; k++) {
+            /* reducing component t^p[k]*/
+            n = p[k] / MP_DIGIT_BITS;
+            d0 = p[k] % MP_DIGIT_BITS;
+            d1 = MP_DIGIT_BITS - d0;
+            z[n] ^= (zz << d0);
+            tmp = zz >> d1;
+            if (d0 && tmp)
+                z[n+1] ^= tmp;
+        }
+    }
+
+    s_mp_clamp(r);
+CLEANUP:
+    return res;
+}
+
+/* Compute the product of two polynomials a and b, reduce modulo p, 
+ * Store the result in r.  r could be a or b; a could be b.
+ */
+mp_err 
+mp_bmulmod(const mp_int *a, const mp_int *b, const unsigned int p[], mp_int *r)
+{
+    mp_err res;
+    
+    if (a == b) return mp_bsqrmod(a, p, r);
+    if ((res = mp_bmul(a, b, r) ) != MP_OKAY)
+	return res;
+    return mp_bmod(r, p, r);
+}
+
+/* Compute binary polynomial squaring c = a*a mod p .  
+ * Parameter r and a can be identical.
+ */
+
+mp_err 
+mp_bsqrmod(const mp_int *a, const unsigned int p[], mp_int *r)
+{
+    mp_digit *pa, *pr, a_i;
+    mp_int tmp;
+    mp_size ia, a_used;
+    mp_err res;
+
+    ARGCHK(a != NULL && r != NULL, MP_BADARG);
+    MP_DIGITS(&tmp) = 0;
+
+    if (a == r) {
+        MP_CHECKOK( mp_init_copy(&tmp, a) );
+        a = &tmp;
+    }
+
+    MP_USED(r) = 1; MP_DIGIT(r, 0) = 0;
+    MP_CHECKOK( s_mp_pad(r, 2*USED(a)) );
+
+    pa = MP_DIGITS(a);
+    pr = MP_DIGITS(r);
+    a_used = MP_USED(a);
+	MP_USED(r) = 2 * a_used;
+
+    for (ia = 0; ia < a_used; ia++) {
+        a_i = *pa++;
+        *pr++ = gf2m_SQR0(a_i);
+        *pr++ = gf2m_SQR1(a_i);
+    }
+
+    MP_CHECKOK( mp_bmod(r, p, r) );
+    s_mp_clamp(r);
+    SIGN(r) = ZPOS;
+
+CLEANUP:
+    mp_clear(&tmp);
+    return res;
+}
+
+/* Compute binary polynomial y/x mod p, y divided by x, reduce modulo p.
+ * Store the result in r. r could be x or y, and x could equal y.
+ * Uses algorithm Modular_Division_GF(2^m) from 
+ *     Chang-Shantz, S.  "From Euclid's GCD to Montgomery Multiplication to 
+ *     the Great Divide".
+ */
+int 
+mp_bdivmod(const mp_int *y, const mp_int *x, const mp_int *pp, 
+    const unsigned int p[], mp_int *r)
+{
+    mp_int aa, bb, uu;
+    mp_int *a, *b, *u, *v;
+    mp_err res = MP_OKAY;
+
+    MP_DIGITS(&aa) = 0;
+    MP_DIGITS(&bb) = 0;
+    MP_DIGITS(&uu) = 0;
+
+    MP_CHECKOK( mp_init_copy(&aa, x) );
+    MP_CHECKOK( mp_init_copy(&uu, y) );
+    MP_CHECKOK( mp_init_copy(&bb, pp) );
+    MP_CHECKOK( s_mp_pad(r, USED(pp)) );
+    MP_USED(r) = 1; MP_DIGIT(r, 0) = 0;
+
+    a = &aa; b= &bb; u=&uu; v=r;
+    /* reduce x and y mod p */
+    MP_CHECKOK( mp_bmod(a, p, a) );
+    MP_CHECKOK( mp_bmod(u, p, u) );
+
+    while (!mp_isodd(a)) {
+        s_mp_div2(a);
+        if (mp_isodd(u)) {
+            MP_CHECKOK( mp_badd(u, pp, u) );
+        }
+        s_mp_div2(u);
+    }
+
+    do {
+        if (mp_cmp_mag(b, a) > 0) {
+            MP_CHECKOK( mp_badd(b, a, b) );
+            MP_CHECKOK( mp_badd(v, u, v) );
+            do {
+                s_mp_div2(b);
+                if (mp_isodd(v)) {
+                    MP_CHECKOK( mp_badd(v, pp, v) );
+                }
+                s_mp_div2(v);
+            } while (!mp_isodd(b));
+        }
+        else if ((MP_DIGIT(a,0) == 1) && (MP_USED(a) == 1))
+            break;
+        else {
+            MP_CHECKOK( mp_badd(a, b, a) );
+            MP_CHECKOK( mp_badd(u, v, u) );
+            do {
+                s_mp_div2(a);
+                if (mp_isodd(u)) {
+                    MP_CHECKOK( mp_badd(u, pp, u) );
+                }
+                s_mp_div2(u);
+            } while (!mp_isodd(a));
+        }
+    } while (1);
+
+    MP_CHECKOK( mp_copy(u, r) );
+
+CLEANUP:
+    mp_clear(&aa);
+    mp_clear(&bb);
+    mp_clear(&uu);
+    return res;
+
+}
+
+/* Convert the bit-string representation of a polynomial a into an array
+ * of integers corresponding to the bits with non-zero coefficient.
+ * Up to max elements of the array will be filled.  Return value is total
+ * number of coefficients that would be extracted if array was large enough.
+ */
+int
+mp_bpoly2arr(const mp_int *a, unsigned int p[], int max)
+{
+    int i, j, k;
+    mp_digit top_bit, mask;
+
+    top_bit = 1;
+    top_bit <<= MP_DIGIT_BIT - 1;
+
+    for (k = 0; k < max; k++) p[k] = 0;
+    k = 0;
+
+    for (i = MP_USED(a) - 1; i >= 0; i--) {
+        mask = top_bit;
+        for (j = MP_DIGIT_BIT - 1; j >= 0; j--) {
+            if (MP_DIGITS(a)[i] & mask) {
+                if (k < max) p[k] = MP_DIGIT_BIT * i + j;
+                k++;
+            }
+            mask >>= 1;
+        }
+    }
+
+    return k;
+}
+
+/* Convert the coefficient array representation of a polynomial to a 
+ * bit-string.  The array must be terminated by 0.
+ */
+mp_err
+mp_barr2poly(const unsigned int p[], mp_int *a)
+{
+
+    mp_err res = MP_OKAY;
+    int i;
+
+    mp_zero(a);
+    for (i = 0; p[i] > 0; i++) {
+	MP_CHECKOK( mpl_set_bit(a, p[i], 1) );
+    }
+    MP_CHECKOK( mpl_set_bit(a, 0, 1) );
+	
+CLEANUP:
+    return res;
+}
diff --git a/security/nss/lib/freebl/mpi/mp_gf2m.h b/security/nss/lib/freebl/mpi/mp_gf2m.h
new file mode 100644
index 000000000..1a305f336
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mp_gf2m.h
@@ -0,0 +1,63 @@
+/*
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Multi-precision Binary Polynomial Arithmetic Library.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Sheueling Chang Shantz <sheueling.chang@sun.com> and
+ *   Douglas Stebila <douglas@stebila.ca> of Sun Laboratories.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#ifndef _MP_GF2M_H_
+#define _MP_GF2M_H_
+
+#include "mpi.h"
+
+mp_err mp_badd(const mp_int *a, const mp_int *b, mp_int *c);
+mp_err mp_bmul(const mp_int *a, const mp_int *b, mp_int *c);
+
+/* For modular arithmetic, the irreducible polynomial f(t) is represented 
+ * as an array of int[], where f(t) is of the form: 
+ *     f(t) = t^p[0] + t^p[1] + ... + t^p[k]
+ * where m = p[0] > p[1] > ... > p[k] = 0.
+ */
+mp_err mp_bmod(const mp_int *a, const unsigned int p[], mp_int *r);
+mp_err mp_bmulmod(const mp_int *a, const mp_int *b, const unsigned int p[], 
+    mp_int *r);
+mp_err mp_bsqrmod(const mp_int *a, const unsigned int p[], mp_int *r);
+mp_err mp_bdivmod(const mp_int *y, const mp_int *x, const mp_int *pp, 
+    const unsigned int p[], mp_int *r);
+
+int mp_bpoly2arr(const mp_int *a, unsigned int p[], int max);
+mp_err mp_barr2poly(const unsigned int p[], mp_int *a);
+
+#endif /* _MP_GF2M_H_ */
diff --git a/security/nss/lib/freebl/mpi/mpcpucache.c b/security/nss/lib/freebl/mpi/mpcpucache.c
new file mode 100644
index 000000000..65927d05e
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mpcpucache.c
@@ -0,0 +1,843 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Red Hat, Inc
+ * Portions created by the Initial Developer are Copyright (C) 2005
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Robert Relyea <rrelyea@redhat.com>
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "mpi.h"
+
+/*
+ * This file implements a single function: s_mpi_getProcessorLineSize();
+ * s_mpi_getProcessorLineSize() returns the size in bytes of the cache line
+ * if a cache exists, or zero if there is no cache. If more than one
+ * cache line exists, it should return the smallest line size (which is 
+ * usually the L1 cache).
+ *
+ * mp_modexp uses this information to make sure that private key information
+ * isn't being leaked through the cache.
+ *
+ * Currently the file returns good data for most modern x86 processors, and
+ * reasonable data on 64-bit ppc processors. All other processors are assumed
+ * to have a cache line size of 32 bytes unless modified by target.mk.
+ * 
+ */
+
+#if defined(i386) || defined(__i386) || defined(__X86__) || defined (_M_IX86) || defined(__x86_64__) || defined(__x86_64) || defined(_M_AMD64)
+/* X86 processors have special instructions that tell us about the cache */
+#include "string.h"
+
+#if defined(__x86_64__) || defined(__x86_64) || defined(_M_AMD64)
+#define AMD_64 1
+#endif
+
+/* Generic CPUID function */
+#if defined(AMD_64)
+
+#if defined(__GNUC__)
+
+static void cpuid(unsigned long op, unsigned long *eax, 
+	                 unsigned long *ebx, unsigned long *ecx, 
+                         unsigned long *edx)
+{
+	__asm__("cpuid\n\t"
+		: "=a" (*eax),
+		  "=b" (*ebx),
+		  "=c" (*ecx),
+		  "=d" (*edx)
+		: "0" (op));
+}
+
+#elif defined(_MSC_VER)
+
+#include <intrin.h>
+
+static void cpuid(unsigned long op, unsigned long *eax, 
+           unsigned long *ebx, unsigned long *ecx, 
+           unsigned long *edx)
+{
+    int intrinsic_out[4];
+
+    __cpuid(intrinsic_out, op);
+    *eax = intrinsic_out[0];
+    *ebx = intrinsic_out[1];
+    *ecx = intrinsic_out[2];
+    *edx = intrinsic_out[3];
+}
+
+#endif
+
+#else /* !defined(AMD_64) */
+
+/* x86 */
+
+#if defined(__GNUC__)
+static void cpuid(unsigned long op, unsigned long *eax, 
+	                 unsigned long *ebx, unsigned long *ecx, 
+                         unsigned long *edx)
+{
+/* sigh GCC isn't smart enough to save the ebx PIC register on it's own
+ * in this case, so do it by hand. */
+	__asm__("pushl %%ebx\n\t"
+		  "cpuid\n\t"
+		  "mov %%ebx,%1\n\t"
+		  "popl %%ebx\n\t"
+		: "=a" (*eax),
+		  "=r" (*ebx),
+		  "=c" (*ecx),
+		  "=d" (*edx)
+		: "0" (op));
+}
+
+/*
+ * try flipping a processor flag to determine CPU type
+ */
+static unsigned long changeFlag(unsigned long flag)
+{
+	unsigned long changedFlags, originalFlags;
+	__asm__("pushfl\n\t"            /* get the flags */
+	        "popl %0\n\t"
+	        "movl %0,%1\n\t"	/* save the original flags */
+	        "xorl %2,%0\n\t" 	/* flip the bit */
+		"pushl %0\n\t"  	/* set the flags */
+	        "popfl\n\t"
+		"pushfl\n\t"		/* get the flags again (for return) */
+		"popl %0\n\t"
+		"pushl %1\n\t"		/* restore the original flags */
+		 "popfl\n\t"
+		: "=r" (changedFlags),
+		  "=r" (originalFlags),
+		  "=r" (flag)
+		: "2" (flag));
+	return changedFlags ^ originalFlags;
+}
+
+#elif defined(_MSC_VER)
+
+/*
+ * windows versions of the above assembler
+ */
+#define wcpuid __asm __emit 0fh __asm __emit 0a2h
+static void cpuid(unsigned long op,    unsigned long *Reax, 
+    unsigned long *Rebx, unsigned long *Recx, unsigned long *Redx)
+{
+        unsigned long  Leax, Lebx, Lecx, Ledx;
+        __asm {
+        pushad
+        mov     eax,op
+        wcpuid
+        mov     Leax,eax
+        mov     Lebx,ebx
+        mov     Lecx,ecx
+        mov     Ledx,edx
+        popad
+        }
+        *Reax = Leax;
+        *Rebx = Lebx;
+        *Recx = Lecx;
+        *Redx = Ledx;
+}
+
+static unsigned long changeFlag(unsigned long flag)
+{
+	unsigned long changedFlags, originalFlags;
+	__asm {
+		push eax
+		push ebx
+		pushfd 	                /* get the flags */
+	        pop  eax
+		push eax		/* save the flags on the stack */
+	        mov  originalFlags,eax  /* save the original flags */
+		mov  ebx,flag
+	        xor  eax,ebx            /* flip the bit */
+		push eax                /* set the flags */
+	        popfd
+		pushfd                  /* get the flags again (for return) */
+		pop  eax	
+		popfd                   /* restore the original flags */
+		mov changedFlags,eax
+		pop ebx
+		pop eax
+	}
+	return changedFlags ^ originalFlags;
+}
+#endif
+
+#endif
+
+#if !defined(AMD_64)
+#define AC_FLAG 0x40000
+#define ID_FLAG 0x200000
+
+/* 386 processors can't flip the AC_FLAG, intel AP Note AP-485 */
+static int is386()
+{
+    return changeFlag(AC_FLAG) == 0;
+}
+
+/* 486 processors can't flip the ID_FLAG, intel AP Note AP-485 */
+static int is486()
+{
+    return changeFlag(ID_FLAG) == 0;
+}
+#endif
+
+
+/*
+ * table for Intel Cache.
+ * See Intel Application Note AP-485 for more information 
+ */
+
+typedef unsigned char CacheTypeEntry;
+
+typedef enum {
+    Cache_NONE    = 0,
+    Cache_UNKNOWN = 1,
+    Cache_TLB     = 2,
+    Cache_TLBi    = 3,
+    Cache_TLBd    = 4,
+    Cache_Trace   = 5,
+    Cache_L1      = 6,
+    Cache_L1i     = 7,
+    Cache_L1d     = 8,
+    Cache_L2      = 9 ,
+    Cache_L2i     = 10 ,
+    Cache_L2d     = 11 ,
+    Cache_L3      = 12 ,
+    Cache_L3i     = 13,
+    Cache_L3d     = 14
+} CacheType;
+
+struct _cache {
+    CacheTypeEntry type;
+    unsigned char lineSize;
+};
+static const struct _cache CacheMap[256] = {
+/* 00 */ {Cache_NONE,    0   },
+/* 01 */ {Cache_TLBi,    0   },
+/* 02 */ {Cache_TLBi,    0   },
+/* 03 */ {Cache_TLBd,    0   },
+/* 04 */ {Cache_TLBd,        },
+/* 05 */ {Cache_UNKNOWN, 0   },
+/* 06 */ {Cache_L1i,     32  },
+/* 07 */ {Cache_UNKNOWN, 0   },
+/* 08 */ {Cache_L1i,     32  },
+/* 09 */ {Cache_UNKNOWN, 0   },
+/* 0a */ {Cache_L1d,     32  },
+/* 0b */ {Cache_UNKNOWN, 0   },
+/* 0c */ {Cache_L1d,     32  },
+/* 0d */ {Cache_UNKNOWN, 0   },
+/* 0e */ {Cache_UNKNOWN, 0   },
+/* 0f */ {Cache_UNKNOWN, 0   },
+/* 10 */ {Cache_UNKNOWN, 0   },
+/* 11 */ {Cache_UNKNOWN, 0   },
+/* 12 */ {Cache_UNKNOWN, 0   },
+/* 13 */ {Cache_UNKNOWN, 0   },
+/* 14 */ {Cache_UNKNOWN, 0   },
+/* 15 */ {Cache_UNKNOWN, 0   },
+/* 16 */ {Cache_UNKNOWN, 0   },
+/* 17 */ {Cache_UNKNOWN, 0   },
+/* 18 */ {Cache_UNKNOWN, 0   },
+/* 19 */ {Cache_UNKNOWN, 0   },
+/* 1a */ {Cache_UNKNOWN, 0   },
+/* 1b */ {Cache_UNKNOWN, 0   },
+/* 1c */ {Cache_UNKNOWN, 0   },
+/* 1d */ {Cache_UNKNOWN, 0   },
+/* 1e */ {Cache_UNKNOWN, 0   },
+/* 1f */ {Cache_UNKNOWN, 0   },
+/* 20 */ {Cache_UNKNOWN, 0   },
+/* 21 */ {Cache_UNKNOWN, 0   },
+/* 22 */ {Cache_L3,      64  },
+/* 23 */ {Cache_L3,      64  },
+/* 24 */ {Cache_UNKNOWN, 0   },
+/* 25 */ {Cache_L3,      64  },
+/* 26 */ {Cache_UNKNOWN, 0   },
+/* 27 */ {Cache_UNKNOWN, 0   },
+/* 28 */ {Cache_UNKNOWN, 0   },
+/* 29 */ {Cache_L3,      64  },
+/* 2a */ {Cache_UNKNOWN, 0   },
+/* 2b */ {Cache_UNKNOWN, 0   },
+/* 2c */ {Cache_L1d,     64  },
+/* 2d */ {Cache_UNKNOWN, 0   },
+/* 2e */ {Cache_UNKNOWN, 0   },
+/* 2f */ {Cache_UNKNOWN, 0   },
+/* 30 */ {Cache_L1i,     64  },
+/* 31 */ {Cache_UNKNOWN, 0   },
+/* 32 */ {Cache_UNKNOWN, 0   },
+/* 33 */ {Cache_UNKNOWN, 0   },
+/* 34 */ {Cache_UNKNOWN, 0   },
+/* 35 */ {Cache_UNKNOWN, 0   },
+/* 36 */ {Cache_UNKNOWN, 0   },
+/* 37 */ {Cache_UNKNOWN, 0   },
+/* 38 */ {Cache_UNKNOWN, 0   },
+/* 39 */ {Cache_L2,      64  },
+/* 3a */ {Cache_UNKNOWN, 0   },
+/* 3b */ {Cache_L2,      64  },
+/* 3c */ {Cache_L2,      64  },
+/* 3d */ {Cache_UNKNOWN, 0   },
+/* 3e */ {Cache_UNKNOWN, 0   },
+/* 3f */ {Cache_UNKNOWN, 0   },
+/* 40 */ {Cache_L2,      0   },
+/* 41 */ {Cache_L2,      32  },
+/* 42 */ {Cache_L2,      32  },
+/* 43 */ {Cache_L2,      32  },
+/* 44 */ {Cache_L2,      32  },
+/* 45 */ {Cache_L2,      32  },
+/* 46 */ {Cache_UNKNOWN, 0   },
+/* 47 */ {Cache_UNKNOWN, 0   },
+/* 48 */ {Cache_UNKNOWN, 0   },
+/* 49 */ {Cache_UNKNOWN, 0   },
+/* 4a */ {Cache_UNKNOWN, 0   },
+/* 4b */ {Cache_UNKNOWN, 0   },
+/* 4c */ {Cache_UNKNOWN, 0   },
+/* 4d */ {Cache_UNKNOWN, 0   },
+/* 4e */ {Cache_UNKNOWN, 0   },
+/* 4f */ {Cache_UNKNOWN, 0   },
+/* 50 */ {Cache_TLBi,    0   },
+/* 51 */ {Cache_TLBi,    0   },
+/* 52 */ {Cache_TLBi,    0   },
+/* 53 */ {Cache_UNKNOWN, 0   },
+/* 54 */ {Cache_UNKNOWN, 0   },
+/* 55 */ {Cache_UNKNOWN, 0   },
+/* 56 */ {Cache_UNKNOWN, 0   },
+/* 57 */ {Cache_UNKNOWN, 0   },
+/* 58 */ {Cache_UNKNOWN, 0   },
+/* 59 */ {Cache_UNKNOWN, 0   },
+/* 5a */ {Cache_UNKNOWN, 0   },
+/* 5b */ {Cache_TLBd,    0   },
+/* 5c */ {Cache_TLBd,    0   },
+/* 5d */ {Cache_TLBd,    0   },
+/* 5e */ {Cache_UNKNOWN, 0   },
+/* 5f */ {Cache_UNKNOWN, 0   },
+/* 60 */ {Cache_UNKNOWN, 0   },
+/* 61 */ {Cache_UNKNOWN, 0   },
+/* 62 */ {Cache_UNKNOWN, 0   },
+/* 63 */ {Cache_UNKNOWN, 0   },
+/* 64 */ {Cache_UNKNOWN, 0   },
+/* 65 */ {Cache_UNKNOWN, 0   },
+/* 66 */ {Cache_L1d,     64  },
+/* 67 */ {Cache_L1d,     64  },
+/* 68 */ {Cache_L1d,     64  },
+/* 69 */ {Cache_UNKNOWN, 0   },
+/* 6a */ {Cache_UNKNOWN, 0   },
+/* 6b */ {Cache_UNKNOWN, 0   },
+/* 6c */ {Cache_UNKNOWN, 0   },
+/* 6d */ {Cache_UNKNOWN, 0   },
+/* 6e */ {Cache_UNKNOWN, 0   },
+/* 6f */ {Cache_UNKNOWN, 0   },
+/* 70 */ {Cache_Trace,   1   },
+/* 71 */ {Cache_Trace,   1   },
+/* 72 */ {Cache_Trace,   1   },
+/* 73 */ {Cache_UNKNOWN, 0   },
+/* 74 */ {Cache_UNKNOWN, 0   },
+/* 75 */ {Cache_UNKNOWN, 0   },
+/* 76 */ {Cache_UNKNOWN, 0   },
+/* 77 */ {Cache_UNKNOWN, 0   },
+/* 78 */ {Cache_UNKNOWN, 0   },
+/* 79 */ {Cache_L2,      64  },
+/* 7a */ {Cache_L2,      64  },
+/* 7b */ {Cache_L2,      64  },
+/* 7c */ {Cache_L2,      64  },
+/* 7d */ {Cache_UNKNOWN, 0   },
+/* 7e */ {Cache_UNKNOWN, 0   },
+/* 7f */ {Cache_UNKNOWN, 0   },
+/* 80 */ {Cache_UNKNOWN, 0   },
+/* 81 */ {Cache_UNKNOWN, 0   },
+/* 82 */ {Cache_L2,      32  },
+/* 83 */ {Cache_L2,      32  },
+/* 84 */ {Cache_L2,      32  },
+/* 85 */ {Cache_L2,      32  },
+/* 86 */ {Cache_L2,      64  },
+/* 87 */ {Cache_L2,      64  },
+/* 88 */ {Cache_UNKNOWN, 0   },
+/* 89 */ {Cache_UNKNOWN, 0   },
+/* 8a */ {Cache_UNKNOWN, 0   },
+/* 8b */ {Cache_UNKNOWN, 0   },
+/* 8c */ {Cache_UNKNOWN, 0   },
+/* 8d */ {Cache_UNKNOWN, 0   },
+/* 8e */ {Cache_UNKNOWN, 0   },
+/* 8f */ {Cache_UNKNOWN, 0   },
+/* 90 */ {Cache_UNKNOWN, 0   },
+/* 91 */ {Cache_UNKNOWN, 0   },
+/* 92 */ {Cache_UNKNOWN, 0   },
+/* 93 */ {Cache_UNKNOWN, 0   },
+/* 94 */ {Cache_UNKNOWN, 0   },
+/* 95 */ {Cache_UNKNOWN, 0   },
+/* 96 */ {Cache_UNKNOWN, 0   },
+/* 97 */ {Cache_UNKNOWN, 0   },
+/* 98 */ {Cache_UNKNOWN, 0   },
+/* 99 */ {Cache_UNKNOWN, 0   },
+/* 9a */ {Cache_UNKNOWN, 0   },
+/* 9b */ {Cache_UNKNOWN, 0   },
+/* 9c */ {Cache_UNKNOWN, 0   },
+/* 9d */ {Cache_UNKNOWN, 0   },
+/* 9e */ {Cache_UNKNOWN, 0   },
+/* 9f */ {Cache_UNKNOWN, 0   },
+/* a0 */ {Cache_UNKNOWN, 0   },
+/* a1 */ {Cache_UNKNOWN, 0   },
+/* a2 */ {Cache_UNKNOWN, 0   },
+/* a3 */ {Cache_UNKNOWN, 0   },
+/* a4 */ {Cache_UNKNOWN, 0   },
+/* a5 */ {Cache_UNKNOWN, 0   },
+/* a6 */ {Cache_UNKNOWN, 0   },
+/* a7 */ {Cache_UNKNOWN, 0   },
+/* a8 */ {Cache_UNKNOWN, 0   },
+/* a9 */ {Cache_UNKNOWN, 0   },
+/* aa */ {Cache_UNKNOWN, 0   },
+/* ab */ {Cache_UNKNOWN, 0   },
+/* ac */ {Cache_UNKNOWN, 0   },
+/* ad */ {Cache_UNKNOWN, 0   },
+/* ae */ {Cache_UNKNOWN, 0   },
+/* af */ {Cache_UNKNOWN, 0   },
+/* b0 */ {Cache_TLBi,    0   },
+/* b1 */ {Cache_UNKNOWN, 0   },
+/* b2 */ {Cache_UNKNOWN, 0   },
+/* b3 */ {Cache_TLBd,    0   },
+/* b4 */ {Cache_UNKNOWN, 0   },
+/* b5 */ {Cache_UNKNOWN, 0   },
+/* b6 */ {Cache_UNKNOWN, 0   },
+/* b7 */ {Cache_UNKNOWN, 0   },
+/* b8 */ {Cache_UNKNOWN, 0   },
+/* b9 */ {Cache_UNKNOWN, 0   },
+/* ba */ {Cache_UNKNOWN, 0   },
+/* bb */ {Cache_UNKNOWN, 0   },
+/* bc */ {Cache_UNKNOWN, 0   },
+/* bd */ {Cache_UNKNOWN, 0   },
+/* be */ {Cache_UNKNOWN, 0   },
+/* bf */ {Cache_UNKNOWN, 0   },
+/* c0 */ {Cache_UNKNOWN, 0   },
+/* c1 */ {Cache_UNKNOWN, 0   },
+/* c2 */ {Cache_UNKNOWN, 0   },
+/* c3 */ {Cache_UNKNOWN, 0   },
+/* c4 */ {Cache_UNKNOWN, 0   },
+/* c5 */ {Cache_UNKNOWN, 0   },
+/* c6 */ {Cache_UNKNOWN, 0   },
+/* c7 */ {Cache_UNKNOWN, 0   },
+/* c8 */ {Cache_UNKNOWN, 0   },
+/* c9 */ {Cache_UNKNOWN, 0   },
+/* ca */ {Cache_UNKNOWN, 0   },
+/* cb */ {Cache_UNKNOWN, 0   },
+/* cc */ {Cache_UNKNOWN, 0   },
+/* cd */ {Cache_UNKNOWN, 0   },
+/* ce */ {Cache_UNKNOWN, 0   },
+/* cf */ {Cache_UNKNOWN, 0   },
+/* d0 */ {Cache_UNKNOWN, 0   },
+/* d1 */ {Cache_UNKNOWN, 0   },
+/* d2 */ {Cache_UNKNOWN, 0   },
+/* d3 */ {Cache_UNKNOWN, 0   },
+/* d4 */ {Cache_UNKNOWN, 0   },
+/* d5 */ {Cache_UNKNOWN, 0   },
+/* d6 */ {Cache_UNKNOWN, 0   },
+/* d7 */ {Cache_UNKNOWN, 0   },
+/* d8 */ {Cache_UNKNOWN, 0   },
+/* d9 */ {Cache_UNKNOWN, 0   },
+/* da */ {Cache_UNKNOWN, 0   },
+/* db */ {Cache_UNKNOWN, 0   },
+/* dc */ {Cache_UNKNOWN, 0   },
+/* dd */ {Cache_UNKNOWN, 0   },
+/* de */ {Cache_UNKNOWN, 0   },
+/* df */ {Cache_UNKNOWN, 0   },
+/* e0 */ {Cache_UNKNOWN, 0   },
+/* e1 */ {Cache_UNKNOWN, 0   },
+/* e2 */ {Cache_UNKNOWN, 0   },
+/* e3 */ {Cache_UNKNOWN, 0   },
+/* e4 */ {Cache_UNKNOWN, 0   },
+/* e5 */ {Cache_UNKNOWN, 0   },
+/* e6 */ {Cache_UNKNOWN, 0   },
+/* e7 */ {Cache_UNKNOWN, 0   },
+/* e8 */ {Cache_UNKNOWN, 0   },
+/* e9 */ {Cache_UNKNOWN, 0   },
+/* ea */ {Cache_UNKNOWN, 0   },
+/* eb */ {Cache_UNKNOWN, 0   },
+/* ec */ {Cache_UNKNOWN, 0   },
+/* ed */ {Cache_UNKNOWN, 0   },
+/* ee */ {Cache_UNKNOWN, 0   },
+/* ef */ {Cache_UNKNOWN, 0   },
+/* f0 */ {Cache_UNKNOWN, 0   },
+/* f1 */ {Cache_UNKNOWN, 0   },
+/* f2 */ {Cache_UNKNOWN, 0   },
+/* f3 */ {Cache_UNKNOWN, 0   },
+/* f4 */ {Cache_UNKNOWN, 0   },
+/* f5 */ {Cache_UNKNOWN, 0   },
+/* f6 */ {Cache_UNKNOWN, 0   },
+/* f7 */ {Cache_UNKNOWN, 0   },
+/* f8 */ {Cache_UNKNOWN, 0   },
+/* f9 */ {Cache_UNKNOWN, 0   },
+/* fa */ {Cache_UNKNOWN, 0   },
+/* fb */ {Cache_UNKNOWN, 0   },
+/* fc */ {Cache_UNKNOWN, 0   },
+/* fd */ {Cache_UNKNOWN, 0   },
+/* fe */ {Cache_UNKNOWN, 0   },
+/* ff */ {Cache_UNKNOWN, 0   }
+};
+
+
+/*
+ * use the above table to determine the CacheEntryLineSize.
+ */
+static void
+getIntelCacheEntryLineSize(unsigned long val, int *level, 
+						unsigned long *lineSize)
+{
+    CacheType type;
+
+    type = CacheMap[val].type;
+    /* only interested in data caches */
+    /* NOTE val = 0x40 is a special value that means no L2 or L3 cache.
+     * this data check has the side effect of rejecting that entry. If
+     * that wasn't the case, we could have to reject it explicitly */
+    if (CacheMap[val].lineSize == 0) {
+	return;
+    }
+    /* look at the caches, skip types we aren't interested in.
+     * if we already have a value for a lower level cache, skip the
+     * current entry */
+    if ((type == Cache_L1)|| (type == Cache_L1d)) {
+	*level = 1;
+	*lineSize = CacheMap[val].lineSize;
+    } else if ((*level >= 2) && ((type == Cache_L2) || (type == Cache_L2d))) {
+	*level = 2;
+	*lineSize = CacheMap[val].lineSize;
+    } else if ((*level >= 3) && ((type == Cache_L3) || (type == Cache_L3d))) {
+	*level = 3;
+	*lineSize = CacheMap[val].lineSize;
+    }
+    return;
+}
+
+
+static void
+getIntelRegisterCacheLineSize(unsigned long val, 
+			int *level, unsigned long *lineSize)
+{
+    getIntelCacheEntryLineSize(val >> 24 & 0xff, level, lineSize);
+    getIntelCacheEntryLineSize(val >> 16 & 0xff, level, lineSize);
+    getIntelCacheEntryLineSize(val >> 8 & 0xff, level, lineSize);
+    getIntelCacheEntryLineSize(val & 0xff, level, lineSize);
+}
+
+/*
+ * returns '0' if no recognized cache is found, or if the cache
+ * information is supported by this processor 
+ */
+static unsigned long
+getIntelCacheLineSize(int cpuidLevel)
+{
+    int level = 4;
+    unsigned long lineSize = 0;
+    unsigned long eax, ebx, ecx, edx;
+    int repeat, count;
+
+    if (cpuidLevel < 2) {
+	return 0;
+    }
+
+    /* command '2' of the cpuid is intel's cache info call. Each byte of the
+     * 4 registers contain a potential descriptor for the cache. The CacheMap	
+     * table maps the cache entry with the processor cache. Register 'al'
+     * contains a count value that cpuid '2' needs to be called in order to 
+     * find all the cache descriptors. Only registers with the high bit set
+     * to 'zero' have valid descriptors. This code loops through all the
+     * required calls to cpuid '2' and passes any valid descriptors it finds
+     * to the getIntelRegisterCacheLineSize code, which breaks the registers
+     * down into their component descriptors. In the end the lineSize of the
+     * lowest level cache data cache is returned. */
+    cpuid(2, &eax, &ebx, &ecx, &edx);
+    repeat = eax & 0xf;
+    for (count = 0; count < repeat; count++) {
+	if ((eax & 0x80000000) == 0) {
+	    getIntelRegisterCacheLineSize(eax & 0xffffff00, &level, &lineSize);
+	}
+	if ((ebx & 0x80000000) == 0) {
+	    getIntelRegisterCacheLineSize(ebx, &level, &lineSize);
+	}
+	if ((ecx & 0x80000000) == 0) {
+	    getIntelRegisterCacheLineSize(ecx, &level, &lineSize);
+	}
+	if ((edx & 0x80000000) == 0) {
+	    getIntelRegisterCacheLineSize(edx, &level, &lineSize);
+	}
+	if (count+1 != repeat) {
+	    cpuid(2, &eax, &ebx, &ecx, &edx);
+	}
+    }
+    return lineSize;
+}
+
+/*
+ * returns '0' if the cache info is not supported by this processor.
+ * This is based on the AMD extended cache commands for cpuid. 
+ * (see "AMD Processor Recognition Application Note" Publication 20734).
+ * Some other processors use the identical scheme.
+ * (see "Processor Recognition, Transmeta Corporation").
+ */
+static unsigned long
+getOtherCacheLineSize(unsigned long cpuidLevel)
+{
+    unsigned long lineSize = 0;
+    unsigned long eax, ebx, ecx, edx;
+
+    /* get the Extended CPUID level */
+    cpuid(0x80000000, &eax, &ebx, &ecx, &edx);
+    cpuidLevel = eax;
+
+    if (cpuidLevel >= 0x80000005) {
+	cpuid(0x80000005, &eax, &ebx, &ecx, &edx);
+	lineSize = ecx & 0xff; /* line Size, L1 Data Cache */
+    }
+    return lineSize;
+}
+
+static const char * const manMap[] = {
+#define INTEL     0
+    "GenuineIntel",
+#define AMD       1
+    "AuthenticAMD",
+#define CYRIX     2
+    "CyrixInstead",
+#define CENTAUR   2
+    "CentaurHauls",
+#define NEXGEN    3
+    "NexGenDriven",
+#define TRANSMETA 4
+    "GenuineTMx86",
+#define RISE      5
+    "RiseRiseRise",
+#define UMC       6
+    "UMC UMC UMC ",
+#define SIS       7
+    "Sis Sis Sis ",
+#define NATIONAL  8
+    "Geode by NSC",
+};
+
+static const int n_manufacturers = sizeof(manMap)/sizeof(manMap[0]);
+
+
+#define MAN_UNKNOWN 9
+
+#if !defined(AMD_64)
+#define SSE2_FLAG (1<<26)
+unsigned long
+s_mpi_is_sse2()
+{
+    unsigned long eax, ebx, ecx, edx;
+    int manufacturer = MAN_UNKNOWN;
+    int i;
+    char string[13];
+
+    if (is386() || is486()) {
+	return 0;
+    }
+    cpuid(0, &eax, &ebx, &ecx, &edx);
+    *(int *)string = ebx;
+    *(int *)&string[4] = edx;
+    *(int *)&string[8] = ecx;
+    string[12] = 0;
+
+    /* has no SSE2 extensions */
+    if (eax == 0) {
+	return 0;
+    }
+
+    for (i=0; i < n_manufacturers; i++) {
+	if ( strcmp(manMap[i],string) == 0) {
+	    manufacturer = i;
+	    break;
+	}
+    }
+
+    /* only use sse2 on intel */
+    if (manufacturer != INTEL) {
+	return 0;
+    }
+
+    cpuid(1,&eax,&ebx,&ecx,&edx);
+    return (edx & SSE2_FLAG) == SSE2_FLAG;
+}
+#endif
+
+unsigned long
+s_mpi_getProcessorLineSize()
+{
+    unsigned long eax, ebx, ecx, edx;
+    unsigned long cpuidLevel;
+    unsigned long cacheLineSize = 0;
+    int manufacturer = MAN_UNKNOWN;
+    int i;
+    char string[65];
+
+#if !defined(AMD_64)
+    if (is386()) {
+	return 0; /* 386 had no cache */
+    } if (is486()) {
+	return 32; /* really? need more info */
+    }
+#endif
+
+    /* Pentium, cpuid command is available */
+    cpuid(0, &eax, &ebx, &ecx, &edx);
+    cpuidLevel = eax;
+    *(int *)string = ebx;
+    *(int *)&string[4] = edx;
+    *(int *)&string[8] = ecx;
+    string[12] = 0;
+
+    manufacturer = MAN_UNKNOWN;
+    for (i=0; i < n_manufacturers; i++) {
+	if ( strcmp(manMap[i],string) == 0) {
+	    manufacturer = i;
+	}
+    }
+
+    if (manufacturer == INTEL) {
+	cacheLineSize = getIntelCacheLineSize(cpuidLevel);
+    } else {
+	cacheLineSize = getOtherCacheLineSize(cpuidLevel);
+    }
+    /* doesn't support cache info based on cpuid. This means
+     * an old pentium class processor, which have cache lines of
+     * 32. If we learn differently, we can use a switch based on
+     * the Manufacturer id  */
+    if (cacheLineSize == 0) {
+	cacheLineSize = 32;
+    }
+    return cacheLineSize;
+}
+#define MPI_GET_PROCESSOR_LINE_SIZE_DEFINED 1
+#endif
+
+#if defined(__ppc64__) 
+/*
+ *  Sigh, The PPC has some really nice features to help us determine cache
+ *  size, since it had lots of direct control functions to do so. The POWER
+ *  processor even has an instruction to do this, but it was dropped in
+ *  PowerPC. Unfortunately most of them are not available in user mode.
+ *
+ *  The dcbz function would be a great way to determine cache line size except
+ *  1) it only works on write-back memory (it throws an exception otherwise), 
+ *  and 2) because so many mac programs 'knew' the processor cache size was
+ *  32 bytes, they used this instruction as a fast 'zero 32 bytes'. Now the new
+ *  G5 processor has 128 byte cache, but dcbz only clears 32 bytes to keep
+ *  these programs happy. dcbzl work if 64 bit instructions are supported.
+ *  If you know 64 bit instructions are supported, and that stack is 
+ *  write-back, you can use this code.
+ */
+#include "memory.h"
+
+/* clear the cache line that contains 'array' */
+static inline void dcbzl(char *array)
+{
+	register char *a asm("r2") = array;
+	__asm__ __volatile__( "dcbzl %0,r0" : "=r" (a): "0"(a) );
+}
+
+
+#define PPC_DO_ALIGN(x,y) ((char *)\
+			((((long long) (x))+((y)-1))&~((y)-1)))
+
+#define PPC_MAX_LINE_SIZE 256
+unsigned long
+s_mpi_getProcessorLineSize()
+{
+    char testArray[2*PPC_MAX_LINE_SIZE+1];
+    char *test;
+    int i;
+
+    /* align the array on a maximum line size boundary, so we
+     * know we are starting to clear from the first address */
+    test = PPC_DO_ALIGN(testArray, PPC_MAX_LINE_SIZE); 
+    /* set all the values to 1's */
+    memset(test, 0xff, PPC_MAX_LINE_SIZE);
+    /* clear one cache block starting at 'test' */
+    dcbzl(test);
+
+    /* find the size of the cleared area, that's our block size */
+    for (i=PPC_MAX_LINE_SIZE; i != 0; i = i/2) {
+	if (test[i-1] == 0) {
+	    return i;
+	}
+    }
+    return 0;
+}
+
+#define MPI_GET_PROCESSOR_LINE_SIZE_DEFINED 1
+#endif
+
+
+/*
+ * put other processor and platform specific cache code here
+ * return the smallest cache line size in bytes on the processor 
+ * (usually the L1 cache). If the OS has a call, this would be
+ * a greate place to put it.
+ *
+ * If there is no cache, return 0;
+ * 
+ * define MPI_GET_PROCESSOR_LINE_SIZE_DEFINED so the generic functions
+ * below aren't compiled.
+ *
+ */
+
+
+/* target.mk can define MPI_CACHE_LINE_SIZE if it's common for the family or 
+ * OS */
+#if defined(MPI_CACHE_LINE_SIZE) && !defined(MPI_GET_PROCESSOR_LINE_SIZE_DEFINED)
+
+unsigned long
+s_mpi_getProcessorLineSize()
+{
+   return MPI_CACHE_LINE_SIZE;
+}
+#define MPI_GET_PROCESSOR_LINE_SIZE_DEFINED 1
+#endif
+
+
+/* If no way to get the processor cache line size has been defined, assume
+ * it's 32 bytes (most common value, does not significantly impact performance)
+ */ 
+#ifndef MPI_GET_PROCESSOR_LINE_SIZE_DEFINED
+unsigned long
+s_mpi_getProcessorLineSize()
+{
+   return 32;
+}
+#endif
+
+#ifdef TEST_IT
+#include <stdio.h>
+
+main()
+{
+    printf("line size = %d\n", s_mpi_getProcessorLineSize());
+} 
+#endif
diff --git a/security/nss/lib/freebl/mpi/mpcpucache_amd64.s b/security/nss/lib/freebl/mpi/mpcpucache_amd64.s
new file mode 100644
index 000000000..8f7562461
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mpcpucache_amd64.s
@@ -0,0 +1,893 @@
+/ ***** BEGIN LICENSE BLOCK *****
+/ Version: MPL 1.1/GPL 2.0/LGPL 2.1
+/
+/ The contents of this file are subject to the Mozilla Public License Version
+/ 1.1 (the "License"); you may not use this file except in compliance with
+/ the License. You may obtain a copy of the License at
+/ http://www.mozilla.org/MPL/
+/
+/ Software distributed under the License is distributed on an "AS IS" basis,
+/ WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+/ for the specific language governing rights and limitations under the
+/ License.
+/
+/ The Original Code is Red Hat code.
+/
+/ The Initial Developer of the Original Code is
+/ Red Hat, Inc.
+/ Portions created by the Initial Developer are Copyright (C) 2005
+/ the Initial Developer. All Rights Reserved.
+/
+/ Contributor(s):
+/	Robert Relyea <rrelyea@redhat.com>
+/
+/ Alternatively, the contents of this file may be used under the terms of
+/ either the GNU General Public License Version 2 or later (the "GPL"), or
+/ the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+/ in which case the provisions of the GPL or the LGPL are applicable instead
+/ of those above. If you wish to allow use of your version of this file only
+/ under the terms of either the GPL or the LGPL, and not to allow others to
+/ use your version of this file under the terms of the MPL, indicate your
+/ decision by deleting the provisions above and replace them with the notice
+/ and other provisions required by the GPL or the LGPL. If you do not delete
+/ the provisions above, a recipient may use your version of this file under
+/ the terms of any one of the MPL, the GPL or the LGPL.
+/
+/ ***** END LICENSE BLOCK *****
+
+	.file	"mpcpucache.c"
+/	.section	.rodata.str1.1,"aMS",@progbits,1
+	.section	.rodata
+.LC0:
+	.string	"GenuineIntel"
+.LC1:
+	.string	"AuthenticAMD"
+.LC2:
+	.string	"CyrixInstead"
+.LC3:
+	.string	"CentaurHauls"
+.LC4:
+	.string	"NexGenDriven"
+.LC5:
+	.string	"GenuineTMx86"
+.LC6:
+	.string	"RiseRiseRise"
+.LC7:
+	.string	"UMC UMC UMC "
+.LC8:
+	.string	"Sis Sis Sis "
+.LC9:
+	.string	"Geode by NSC"
+	.section	.data.rel.ro.local,"aw",@progbits
+	.align 32
+	.type	manMap, @object
+	.size	manMap, 80
+manMap:
+	.quad	.LC0
+	.quad	.LC1
+	.quad	.LC2
+	.quad	.LC3
+	.quad	.LC4
+	.quad	.LC5
+	.quad	.LC6
+	.quad	.LC7
+	.quad	.LC8
+	.quad	.LC9
+	.section	.rodata
+	.align 32
+	.type	CacheMap, @object
+	.size	CacheMap, 512
+CacheMap:
+	.byte	0
+	.byte	0
+	.byte	3
+	.byte	0
+	.byte	3
+	.byte	0
+	.byte	4
+	.byte	0
+	.byte	4
+	.zero	1
+	.byte	1
+	.byte	0
+	.byte	7
+	.byte	32
+	.byte	1
+	.byte	0
+	.byte	7
+	.byte	32
+	.byte	1
+	.byte	0
+	.byte	8
+	.byte	32
+	.byte	1
+	.byte	0
+	.byte	8
+	.byte	32
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	12
+	.byte	64
+	.byte	12
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	12
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	12
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	8
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	7
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	9
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	9
+	.byte	64
+	.byte	9
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	9
+	.byte	0
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	32
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	3
+	.byte	0
+	.byte	3
+	.byte	0
+	.byte	3
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	4
+	.byte	0
+	.byte	4
+	.byte	0
+	.byte	4
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	8
+	.byte	64
+	.byte	8
+	.byte	64
+	.byte	8
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	5
+	.byte	1
+	.byte	5
+	.byte	1
+	.byte	5
+	.byte	1
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	9
+	.byte	64
+	.byte	9
+	.byte	64
+	.byte	9
+	.byte	64
+	.byte	9
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	64
+	.byte	9
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	3
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	4
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.text
+	.align	16
+	.type	cpuid, @function
+cpuid:
+.LFB2:
+	movq	%rdx, %r10
+	pushq	%rbx
+.LCFI0:
+	movq	%rcx, %r11
+	movq	%rdi, %rax
+/APP
+	cpuid
+	
+/NO_APP
+	movq	%rax, (%rsi)
+	movq	%rbx, (%r10)
+	popq	%rbx
+	movq	%rcx, (%r11)
+	movq	%rdx, (%r8)
+	ret
+.LFE2:
+	.size	cpuid, .-cpuid
+	.align	16
+	.type	getIntelCacheEntryLineSize, @function
+getIntelCacheEntryLineSize:
+.LFB3:
+	leaq	CacheMap(%rip), %r9
+	movq	%rdx, %r10
+	movzbl	1(%r9,%rdi,2), %ecx
+	movzbl	(%r9,%rdi,2), %r8d
+	testb	%cl, %cl
+	je	.L2
+	cmpl	$6, %r8d
+	sete	%dl
+	cmpl	$8, %r8d
+	sete	%al
+	orl	%edx, %eax
+	testb	$1, %al
+	je	.L4
+	movl	$1, (%rsi)
+.L9:
+	movzbl	%cl, %eax 
+	movq	%rax, (%r10)
+	ret
+	.align	16
+.L4:
+	movl	(%rsi), %r11d
+	cmpl	$1, %r11d
+	jg	.L11
+.L6:
+	cmpl	$2, %r11d
+	jle	.L2
+	cmpl	$12, %r8d
+	sete	%dl
+	cmpl	$14, %r8d
+	sete	%al
+	orl	%edx, %eax
+	testb	$1, %al
+	je	.L2
+	movzbq	1(%r9,%rdi,2), %rax
+	movl	$3, (%rsi)
+	movq	%rax, (%r10)
+	.align	16
+.L2:
+	rep ; ret
+	.align	16
+.L11:
+	cmpl	$9, %r8d
+	sete	%dl
+	cmpl	$11, %r8d
+	sete	%al
+	orl	%edx, %eax
+	testb	$1, %al
+	je	.L6
+	movl	$2, (%rsi)
+	jmp	.L9
+.LFE3:
+	.size	getIntelCacheEntryLineSize, .-getIntelCacheEntryLineSize
+	.align	16
+	.type	getIntelRegisterCacheLineSize, @function
+getIntelRegisterCacheLineSize:
+.LFB4:
+	pushq	%rbp
+.LCFI1:
+	movq	%rsp, %rbp
+.LCFI2:
+	movq	%rbx, -24(%rbp)
+.LCFI3:
+	movq	%rdi, %rbx
+	shrq	$24, %rdi
+	movq	%r12, -16(%rbp)
+.LCFI4:
+	movq	%r13, -8(%rbp)
+.LCFI5:
+	andl	$255, %edi
+	subq	$24, %rsp
+.LCFI6:
+	movq	%rsi, %r13
+	movq	%rdx, %r12
+	call	getIntelCacheEntryLineSize
+	movq	%rbx, %rdi
+	movq	%r12, %rdx
+	movq	%r13, %rsi
+	shrq	$16, %rdi
+	andl	$255, %edi
+	call	getIntelCacheEntryLineSize
+	movq	%rbx, %rdi
+	movq	%r12, %rdx
+	movq	%r13, %rsi
+	shrq	$8, %rdi
+	andl	$255, %ebx
+	andl	$255, %edi
+	call	getIntelCacheEntryLineSize
+	movq	%r12, %rdx
+	movq	%r13, %rsi
+	movq	%rbx, %rdi
+	movq	8(%rsp), %r12
+	movq	(%rsp), %rbx
+	movq	16(%rsp), %r13
+	leave
+	jmp	getIntelCacheEntryLineSize
+.LFE4:
+	.size	getIntelRegisterCacheLineSize, .-getIntelRegisterCacheLineSize
+	.align	16
+.globl s_mpi_getProcessorLineSize
+	.type	s_mpi_getProcessorLineSize, @function
+s_mpi_getProcessorLineSize:
+.LFB7:
+	pushq	%rbp
+.LCFI7:
+	xorl	%edi, %edi
+	movq	%rsp, %rbp
+.LCFI8:
+	pushq	%r15
+.LCFI9:
+	leaq	-136(%rbp), %r8
+	leaq	-144(%rbp), %rcx
+	leaq	-152(%rbp), %rdx
+	pushq	%r14
+.LCFI10:
+	leaq	-160(%rbp), %rsi
+	leaq	-128(%rbp), %r14
+	pushq	%r13
+.LCFI11:
+	leaq	manMap(%rip), %r13
+	pushq	%r12
+.LCFI12:
+	movl	$9, %r12d
+	pushq	%rbx
+.LCFI13:
+	xorl	%ebx, %ebx
+	subq	$200, %rsp
+.LCFI14:
+	call	cpuid
+	movq	-152(%rbp), %rax
+	movq	-160(%rbp), %r15
+	movb	$0, -116(%rbp)
+	movl	%eax, -128(%rbp)
+	movq	-136(%rbp), %rax
+	movl	%eax, -124(%rbp)
+	movq	-144(%rbp), %rax
+	movl	%eax, -120(%rbp)
+	.align	16
+.L18:
+	movslq	%ebx,%rax
+	movq	%r14, %rsi
+	movq	(%r13,%rax,8), %rdi
+	call	strcmp@PLT
+	testl	%eax, %eax
+	cmove	%ebx, %r12d
+	incl	%ebx
+	cmpl	$9, %ebx
+	jle	.L18
+	testl	%r12d, %r12d
+	jne	.L19
+	xorl	%eax, %eax
+	decl	%r15d
+	movl	$4, -204(%rbp)
+	movq	$0, -200(%rbp)
+	jle	.L21
+	leaq	-168(%rbp), %r8
+	leaq	-176(%rbp), %rcx
+	leaq	-184(%rbp), %rdx
+	leaq	-192(%rbp), %rsi
+	movl	$2, %edi
+	xorl	%ebx, %ebx
+	call	cpuid
+	movq	-192(%rbp), %rdi
+	movl	%edi, %r12d
+	andl	$15, %r12d
+	cmpl	%r12d, %ebx
+	jl	.L30
+	jmp	.L38
+	.align	16
+.L25:
+	movq	-184(%rbp), %rdi
+	testl	$2147483648, %edi 
+	je	.L40
+.L26:
+	movq	-176(%rbp), %rdi
+	testl	$2147483648, %edi 
+	je	.L41
+.L27:
+	movq	-168(%rbp), %rdi
+	testl	$2147483648, %edi 
+	je	.L42
+.L28:
+	incl	%ebx
+	cmpl	%r12d, %ebx
+	je	.L24
+	leaq	-168(%rbp), %r8
+	leaq	-176(%rbp), %rcx
+	leaq	-184(%rbp), %rdx
+	leaq	-192(%rbp), %rsi
+	movl	$2, %edi
+	call	cpuid
+.L24:
+	cmpl	%r12d, %ebx
+	jge	.L38
+	movq	-192(%rbp), %rdi
+.L30:
+	testl	$2147483648, %edi 
+	jne	.L25
+	leaq	-200(%rbp), %rdx
+	leaq	-204(%rbp), %rsi
+	andl	$4294967040, %edi
+	call	getIntelRegisterCacheLineSize
+	movq	-184(%rbp), %rdi
+	testl	$2147483648, %edi 
+	jne	.L26
+.L40:
+	leaq	-200(%rbp), %rdx
+	leaq	-204(%rbp), %rsi
+	call	getIntelRegisterCacheLineSize
+	movq	-176(%rbp), %rdi
+	testl	$2147483648, %edi 
+	jne	.L27
+.L41:
+	leaq	-200(%rbp), %rdx
+	leaq	-204(%rbp), %rsi
+	call	getIntelRegisterCacheLineSize
+	movq	-168(%rbp), %rdi
+	testl	$2147483648, %edi 
+	jne	.L28
+.L42:
+	leaq	-200(%rbp), %rdx
+	leaq	-204(%rbp), %rsi
+	call	getIntelRegisterCacheLineSize
+	jmp	.L28
+.L38:
+	movq	-200(%rbp), %rax
+.L21:
+	movq	%rax, %rdx
+	movl	$32, %eax
+	testq	%rdx, %rdx
+	cmoveq	%rax, %rdx
+	addq	$200, %rsp
+	popq	%rbx
+	popq	%r12
+	popq	%r13
+	popq	%r14
+	popq	%r15
+	leave
+	movq	%rdx, %rax
+	ret
+.L19:
+	leaq	-216(%rbp), %r8
+	leaq	-224(%rbp), %rcx
+	leaq	-232(%rbp), %rdx
+	leaq	-240(%rbp), %rsi
+	movl	$2147483648, %edi
+	xorl	%ebx, %ebx
+	call	cpuid
+	movl	$2147483652, %eax
+	cmpq	%rax, -240(%rbp)
+	ja	.L43
+.L32:
+	movq	%rbx, %rdx
+	movl	$32, %eax
+	testq	%rdx, %rdx
+	cmoveq	%rax, %rdx
+	addq	$200, %rsp
+	popq	%rbx
+	popq	%r12
+	popq	%r13
+	popq	%r14
+	popq	%r15
+	leave
+	movq	%rdx, %rax
+	ret
+.L43:
+	leaq	-216(%rbp), %r8
+	leaq	-224(%rbp), %rcx
+	leaq	-232(%rbp), %rdx
+	leaq	-240(%rbp), %rsi
+	movl	$2147483653, %edi
+	call	cpuid
+	movzbq	-224(%rbp), %rbx
+	jmp	.L32
+.LFE7:
+	.size	s_mpi_getProcessorLineSize, .-s_mpi_getProcessorLineSize
diff --git a/security/nss/lib/freebl/mpi/mpcpucache_x86.s b/security/nss/lib/freebl/mpi/mpcpucache_x86.s
new file mode 100644
index 000000000..5b6b8d864
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mpcpucache_x86.s
@@ -0,0 +1,933 @@
+/ ***** BEGIN LICENSE BLOCK *****
+/ Version: MPL 1.1/GPL 2.0/LGPL 2.1
+/
+/ The contents of this file are subject to the Mozilla Public License Version
+/ 1.1 (the "License"); you may not use this file except in compliance with
+/ the License. You may obtain a copy of the License at
+/ http://www.mozilla.org/MPL/
+/
+/ Software distributed under the License is distributed on an "AS IS" basis,
+/ WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+/ for the specific language governing rights and limitations under the
+/ License.
+/
+/ The Original Code is Red Hat code.
+/
+/ The Initial Developer of the Original Code is
+/ Red Hat, Inc.
+/ Portions created by the Initial Developer are Copyright (C) 2005
+/ the Initial Developer. All Rights Reserved.
+/
+/ Contributor(s):
+/	Robert Relyea <rrelyea@redhat.com>
+/
+/ Alternatively, the contents of this file may be used under the terms of
+/ either the GNU General Public License Version 2 or later (the "GPL"), or
+/ the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+/ in which case the provisions of the GPL or the LGPL are applicable instead
+/ of those above. If you wish to allow use of your version of this file only
+/ under the terms of either the GPL or the LGPL, and not to allow others to
+/ use your version of this file under the terms of the MPL, indicate your
+/ decision by deleting the provisions above and replace them with the notice
+/ and other provisions required by the GPL or the LGPL. If you do not delete
+/ the provisions above, a recipient may use your version of this file under
+/ the terms of any one of the MPL, the GPL or the LGPL.
+/
+/ ***** END LICENSE BLOCK *****
+
+	.file	"mpcpucache.c"
+/	.section	.rodata.str1.1,"aMS",@progbits,1
+	.section	.rodata
+.LC0:
+	.string	"GenuineIntel"
+.LC1:
+	.string	"AuthenticAMD"
+.LC2:
+	.string	"CyrixInstead"
+.LC3:
+	.string	"CentaurHauls"
+.LC4:
+	.string	"NexGenDriven"
+.LC5:
+	.string	"GenuineTMx86"
+.LC6:
+	.string	"RiseRiseRise"
+.LC7:
+	.string	"UMC UMC UMC "
+.LC8:
+	.string	"Sis Sis Sis "
+.LC9:
+	.string	"Geode by NSC"
+	.section	.data.rel.ro.local,"aw",@progbits
+	.align 32
+	.type	manMap, @object
+	.size	manMap, 40
+manMap:
+	.long	.LC0
+	.long	.LC1
+	.long	.LC2
+	.long	.LC3
+	.long	.LC4
+	.long	.LC5
+	.long	.LC6
+	.long	.LC7
+	.long	.LC8
+	.long	.LC9
+	.section	.rodata
+	.align 32
+	.type	CacheMap, @object
+	.size	CacheMap, 512
+CacheMap:
+	.byte	0
+	.byte	0
+	.byte	3
+	.byte	0
+	.byte	3
+	.byte	0
+	.byte	4
+	.byte	0
+	.byte	4
+	.zero	1
+	.byte	1
+	.byte	0
+	.byte	7
+	.byte	32
+	.byte	1
+	.byte	0
+	.byte	7
+	.byte	32
+	.byte	1
+	.byte	0
+	.byte	8
+	.byte	32
+	.byte	1
+	.byte	0
+	.byte	8
+	.byte	32
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	12
+	.byte	64
+	.byte	12
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	12
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	12
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	8
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	7
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	9
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	9
+	.byte	64
+	.byte	9
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	9
+	.byte	0
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	32
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	3
+	.byte	0
+	.byte	3
+	.byte	0
+	.byte	3
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	4
+	.byte	0
+	.byte	4
+	.byte	0
+	.byte	4
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	8
+	.byte	64
+	.byte	8
+	.byte	64
+	.byte	8
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	5
+	.byte	1
+	.byte	5
+	.byte	1
+	.byte	5
+	.byte	1
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	9
+	.byte	64
+	.byte	9
+	.byte	64
+	.byte	9
+	.byte	64
+	.byte	9
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	64
+	.byte	9
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	3
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	4
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.text
+	.align	4
+	.type	cpuid, @function
+cpuid:
+	pushl	%ebp
+	pushl	%edi
+	pushl	%esi
+	subl	$8, %esp
+	movl	%edx, %ebp
+/APP
+	pushl %ebx
+	cpuid
+	mov %ebx,%esi
+	popl %ebx
+	
+/NO_APP
+	movl	%eax, (%ebp)
+	movl	24(%esp), %eax
+	movl	%esi, (%eax)
+	movl	28(%esp), %eax
+	movl	%ecx, (%eax)
+	movl	32(%esp), %eax
+	movl	%edx, (%eax)
+	addl	$8, %esp
+	popl	%esi
+	popl	%edi
+	popl	%ebp
+	ret
+	.size	cpuid, .-cpuid
+	.align	4
+	.type	changeFlag, @function
+changeFlag:
+/APP
+	pushfl
+	popl %edx
+	movl %edx,%ecx
+	xorl %eax,%edx
+	pushl %edx
+	popfl
+	pushfl
+	popl %edx
+	pushl %ecx
+	popfl
+	
+/NO_APP
+	xorl	%ecx, %edx
+	movl	%edx, %eax
+	ret
+	.size	changeFlag, .-changeFlag
+	.align	4
+	.type	getIntelCacheEntryLineSize, @function
+getIntelCacheEntryLineSize:
+	pushl	%edi
+	pushl	%esi
+	pushl	%ebx
+	call	.L17
+.L17:
+	popl	%ebx
+	addl	$_GLOBAL_OFFSET_TABLE_+[.-.L17], %ebx
+	movzbl	CacheMap@GOTOFF(%ebx,%eax,2), %ecx
+	movb	1+CacheMap@GOTOFF(%ebx,%eax,2), %al
+	testb	%al, %al
+	movl	16(%esp), %edi
+	je	.L3
+	cmpl	$6, %ecx
+	je	.L6
+	cmpl	$8, %ecx
+	je	.L6
+	movl	(%edx), %esi
+	cmpl	$1, %esi
+	jg	.L15
+.L8:
+	cmpl	$2, %esi
+	jle	.L3
+	cmpl	$12, %ecx
+	je	.L12
+	cmpl	$14, %ecx
+	je	.L12
+	.align	4
+.L3:
+	popl	%ebx
+	popl	%esi
+	popl	%edi
+	ret
+	.align	4
+.L6:
+	movzbl	%al, %eax
+	movl	$1, (%edx)
+	movl	%eax, (%edi)
+.L16:
+	popl	%ebx
+	popl	%esi
+	popl	%edi
+	ret
+	.align	4
+.L15:
+	cmpl	$9, %ecx
+	je	.L9
+	cmpl	$11, %ecx
+	jne	.L8
+.L9:
+	movzbl	%al, %eax
+	movl	$2, (%edx)
+	movl	%eax, (%edi)
+	jmp	.L16
+.L12:
+	movzbl	%al, %eax
+	movl	$3, (%edx)
+	movl	%eax, (%edi)
+	jmp	.L16
+	.size	getIntelCacheEntryLineSize, .-getIntelCacheEntryLineSize
+	.align	4
+	.type	getIntelRegisterCacheLineSize, @function
+getIntelRegisterCacheLineSize:
+	pushl	%ebp
+	movl	%esp, %ebp
+	pushl	%edi
+	pushl	%esi
+	pushl	%ecx
+	movl	8(%ebp), %edi
+	movl	%eax, %esi
+	movl	%edx, -12(%ebp)
+	shrl	$24, %eax
+	pushl	%edi
+	call	getIntelCacheEntryLineSize
+	movl	%esi, %eax
+	pushl	%edi
+	shrl	$16, %eax
+	movl	-12(%ebp), %edx
+	andl	$255, %eax
+	call	getIntelCacheEntryLineSize
+	pushl	%edi
+	movl	%esi, %edx
+	movzbl	%dh, %eax
+	movl	-12(%ebp), %edx
+	call	getIntelCacheEntryLineSize
+	andl	$255, %esi
+	movl	%edi, 8(%ebp)
+	movl	-12(%ebp), %edx
+	addl	$12, %esp
+	leal	-8(%ebp), %esp
+	movl	%esi, %eax
+	popl	%esi
+	popl	%edi
+	leave
+	jmp	getIntelCacheEntryLineSize
+	.size	getIntelRegisterCacheLineSize, .-getIntelRegisterCacheLineSize
+	.align	4
+.globl s_mpi_getProcessorLineSize
+	.type	s_mpi_getProcessorLineSize, @function
+s_mpi_getProcessorLineSize:
+	pushl	%ebp
+	movl	%esp, %ebp
+	pushl	%edi
+	pushl	%esi
+	pushl	%ebx
+	subl	$188, %esp
+	call	.L52
+.L52:
+	popl	%ebx
+	addl	$_GLOBAL_OFFSET_TABLE_+[.-.L52], %ebx
+	movl	$9, -168(%ebp)
+	movl	$262144, %eax
+	call	changeFlag
+	xorl	%edx, %edx
+	testl	%eax, %eax
+	jne	.L50
+.L19:
+	leal	-12(%ebp), %esp
+	popl	%ebx
+	popl	%esi
+	movl	%edx, %eax
+	popl	%edi
+	leave
+	ret
+	.align	4
+.L50:
+	movl	$2097152, %eax
+	call	changeFlag
+	testl	%eax, %eax
+	movl	$32, %edx
+	je	.L19
+	leal	-108(%ebp), %eax
+	pushl	%eax
+	leal	-112(%ebp), %eax
+	pushl	%eax
+	leal	-116(%ebp), %eax
+	pushl	%eax
+	leal	-120(%ebp), %edx
+	xorl	%eax, %eax
+	call	cpuid
+	movl	-120(%ebp), %eax
+	movl	%eax, -164(%ebp)
+	movl	-116(%ebp), %eax
+	movl	%eax, -104(%ebp)
+	movl	-108(%ebp), %eax
+	movl	%eax, -100(%ebp)
+	movl	-112(%ebp), %eax
+	movl	%eax, -96(%ebp)
+	movb	$0, -92(%ebp)
+	xorl	%esi, %esi
+	addl	$12, %esp
+	leal	-104(%ebp), %edi
+	.align	4
+.L28:
+	subl	$8, %esp
+	pushl	%edi
+	pushl	manMap@GOTOFF(%ebx,%esi,4)
+	call	strcmp@PLT
+	addl	$16, %esp
+	testl	%eax, %eax
+	jne	.L26
+	movl	%esi, -168(%ebp)
+.L26:
+	incl	%esi
+	cmpl	$9, %esi
+	jle	.L28
+	movl	-168(%ebp), %eax
+	testl	%eax, %eax
+	jne	.L29
+	xorl	%eax, %eax
+	cmpl	$1, -164(%ebp)
+	movl	$4, -144(%ebp)
+	movl	$0, -140(%ebp)
+	jle	.L41
+	leal	-124(%ebp), %edx
+	movl	%edx, -188(%ebp)
+	leal	-128(%ebp), %eax
+	pushl	%edx
+	movl	%eax, -184(%ebp)
+	leal	-132(%ebp), %edx
+	pushl	%eax
+	movl	%edx, -180(%ebp)
+	movl	$2, %eax
+	pushl	%edx
+	leal	-136(%ebp), %edx
+	call	cpuid
+	movl	-136(%ebp), %eax
+	movl	%eax, %edi
+	andl	$15, %edi
+	xorl	%esi, %esi
+	addl	$12, %esp
+	leal	-140(%ebp), %edx
+	cmpl	%edi, %esi
+	movl	%edx, -176(%ebp)
+	jl	.L40
+	jmp	.L48
+	.align	4
+.L49:
+	movl	-136(%ebp), %eax
+.L40:
+	testl	%eax, %eax
+	js	.L35
+	xorb	%al, %al
+	pushl	-176(%ebp)
+	leal	-144(%ebp), %edx
+	call	getIntelRegisterCacheLineSize
+	popl	%eax
+.L35:
+	movl	-132(%ebp), %eax
+	testl	%eax, %eax
+	js	.L36
+	pushl	-176(%ebp)
+	leal	-144(%ebp), %edx
+	call	getIntelRegisterCacheLineSize
+	popl	%eax
+.L36:
+	movl	-128(%ebp), %eax
+	testl	%eax, %eax
+	js	.L37
+	pushl	-176(%ebp)
+	leal	-144(%ebp), %edx
+	call	getIntelRegisterCacheLineSize
+	popl	%eax
+.L37:
+	movl	-124(%ebp), %eax
+	testl	%eax, %eax
+	js	.L38
+	pushl	-176(%ebp)
+	leal	-144(%ebp), %edx
+	call	getIntelRegisterCacheLineSize
+	popl	%eax
+.L38:
+	incl	%esi
+	cmpl	%edi, %esi
+	je	.L34
+	pushl	-188(%ebp)
+	pushl	-184(%ebp)
+	pushl	-180(%ebp)
+	leal	-136(%ebp), %edx
+	movl	$2, %eax
+	call	cpuid
+	addl	$12, %esp
+.L34:
+	cmpl	%edi, %esi
+	jl	.L49
+.L48:
+	movl	-140(%ebp), %eax
+.L41:
+	testl	%eax, %eax
+	jne	.L44
+	movb	$32, %al
+.L44:
+	leal	-12(%ebp), %esp
+	popl	%ebx
+	popl	%esi
+	movl	%eax, %edx
+	movl	%edx, %eax
+	popl	%edi
+	leave
+	ret
+.L29:
+	leal	-148(%ebp), %eax
+	movl	%eax, -192(%ebp)
+	movl	$0, -172(%ebp)
+	leal	-152(%ebp), %edi
+	pushl	%eax
+	pushl	%edi
+	leal	-156(%ebp), %esi
+	pushl	%esi
+	leal	-160(%ebp), %edx
+	movl	$-2147483648, %eax
+	call	cpuid
+	addl	$12, %esp
+	cmpl	$-2147483644, -160(%ebp)
+	ja	.L51
+.L42:
+	movl	-172(%ebp), %eax
+	jmp	.L41
+.L51:
+	pushl	-192(%ebp)
+	pushl	%edi
+	pushl	%esi
+	leal	-160(%ebp), %edx
+	movl	$-2147483643, %eax
+	call	cpuid
+	movzbl	-152(%ebp), %edx
+	addl	$12, %esp
+	movl	%edx, -172(%ebp)
+	jmp	.L42
+	.size	s_mpi_getProcessorLineSize, .-s_mpi_getProcessorLineSize
diff --git a/security/nss/lib/freebl/mpi/mpi-config.h b/security/nss/lib/freebl/mpi/mpi-config.h
new file mode 100644
index 000000000..45d8fc233
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mpi-config.h
@@ -0,0 +1,112 @@
+/* Default configuration for MPI library 
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1997
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Netscape Communications Corporation
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#ifndef MPI_CONFIG_H_
+#define MPI_CONFIG_H_
+
+/*
+  For boolean options, 
+  0 = no
+  1 = yes
+
+  Other options are documented individually.
+
+ */
+
+#ifndef MP_IOFUNC
+#define MP_IOFUNC     0  /* include mp_print() ?                */
+#endif
+
+#ifndef MP_MODARITH
+#define MP_MODARITH   1  /* include modular arithmetic ?        */
+#endif
+
+#ifndef MP_NUMTH
+#define MP_NUMTH      1  /* include number theoretic functions? */
+#endif
+
+#ifndef MP_LOGTAB
+#define MP_LOGTAB     1  /* use table of logs instead of log()? */
+#endif
+
+#ifndef MP_MEMSET
+#define MP_MEMSET     1  /* use memset() to zero buffers?       */
+#endif
+
+#ifndef MP_MEMCPY
+#define MP_MEMCPY     1  /* use memcpy() to copy buffers?       */
+#endif
+
+#ifndef MP_CRYPTO
+#define MP_CRYPTO     1  /* erase memory on free?               */
+#endif
+
+#ifndef MP_ARGCHK
+/*
+  0 = no parameter checks
+  1 = runtime checks, continue execution and return an error to caller
+  2 = assertions; dump core on parameter errors
+ */
+#ifdef DEBUG
+#define MP_ARGCHK     2  /* how to check input arguments        */
+#else
+#define MP_ARGCHK     1  /* how to check input arguments        */
+#endif
+#endif
+
+#ifndef MP_DEBUG
+#define MP_DEBUG      0  /* print diagnostic output?            */
+#endif
+
+#ifndef MP_DEFPREC
+#define MP_DEFPREC    64 /* default precision, in digits        */
+#endif
+
+#ifndef MP_MACRO
+#define MP_MACRO      0  /* use macros for frequent calls?      */
+#endif
+
+#ifndef MP_SQUARE
+#define MP_SQUARE     1  /* use separate squaring code?         */
+#endif
+
+#endif /* ifndef MPI_CONFIG_H_ */
+
+
diff --git a/security/nss/lib/freebl/mpi/mpi-priv.h b/security/nss/lib/freebl/mpi/mpi-priv.h
new file mode 100644
index 000000000..e033a5e24
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mpi-priv.h
@@ -0,0 +1,318 @@
+/*
+ *  mpi-priv.h	- Private header file for MPI 
+ *  Arbitrary precision integer arithmetic library
+ *
+ *  NOTE WELL: the content of this header file is NOT part of the "public"
+ *  API for the MPI library, and may change at any time.  
+ *  Application programs that use libmpi should NOT include this header file.
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Netscape Communications Corporation
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+#ifndef _MPI_PRIV_H_
+#define _MPI_PRIV_H_ 1
+
+#include "mpi.h"
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+
+#if MP_DEBUG
+#include <stdio.h>
+
+#define DIAG(T,V) {fprintf(stderr,T);mp_print(V,stderr);fputc('\n',stderr);}
+#else
+#define DIAG(T,V)
+#endif
+
+/* If we aren't using a wired-in logarithm table, we need to include
+   the math library to get the log() function
+ */
+
+/* {{{ s_logv_2[] - log table for 2 in various bases */
+
+#if MP_LOGTAB
+/*
+  A table of the logs of 2 for various bases (the 0 and 1 entries of
+  this table are meaningless and should not be referenced).  
+
+  This table is used to compute output lengths for the mp_toradix()
+  function.  Since a number n in radix r takes up about log_r(n)
+  digits, we estimate the output size by taking the least integer
+  greater than log_r(n), where:
+
+  log_r(n) = log_2(n) * log_r(2)
+
+  This table, therefore, is a table of log_r(2) for 2 <= r <= 36,
+  which are the output bases supported.  
+ */
+
+extern const float s_logv_2[];
+#define LOG_V_2(R)  s_logv_2[(R)]
+
+#else
+
+/* 
+   If MP_LOGTAB is not defined, use the math library to compute the
+   logarithms on the fly.  Otherwise, use the table.
+   Pick which works best for your system.
+ */
+
+#include <math.h>
+#define LOG_V_2(R)  (log(2.0)/log(R))
+
+#endif /* if MP_LOGTAB */
+
+/* }}} */
+
+/* {{{ Digit arithmetic macros */
+
+/*
+  When adding and multiplying digits, the results can be larger than
+  can be contained in an mp_digit.  Thus, an mp_word is used.  These
+  macros mask off the upper and lower digits of the mp_word (the
+  mp_word may be more than 2 mp_digits wide, but we only concern
+  ourselves with the low-order 2 mp_digits)
+ */
+
+#define  CARRYOUT(W)  (mp_digit)((W)>>DIGIT_BIT)
+#define  ACCUM(W)     (mp_digit)(W)
+
+#define MP_MIN(a,b)   (((a) < (b)) ? (a) : (b))
+#define MP_MAX(a,b)   (((a) > (b)) ? (a) : (b))
+#define MP_HOWMANY(a,b) (((a) + (b) - 1)/(b))
+#define MP_ROUNDUP(a,b) (MP_HOWMANY(a,b) * (b))
+
+/* }}} */
+
+/* {{{ Comparison constants */
+
+#define  MP_LT       -1
+#define  MP_EQ        0
+#define  MP_GT        1
+
+/* }}} */
+
+/* {{{ private function declarations */
+
+/* 
+   If MP_MACRO is false, these will be defined as actual functions;
+   otherwise, suitable macro definitions will be used.  This works
+   around the fact that ANSI C89 doesn't support an 'inline' keyword
+   (although I hear C9x will ... about bloody time).  At present, the
+   macro definitions are identical to the function bodies, but they'll
+   expand in place, instead of generating a function call.
+
+   I chose these particular functions to be made into macros because
+   some profiling showed they are called a lot on a typical workload,
+   and yet they are primarily housekeeping.
+ */
+#if MP_MACRO == 0
+ void     s_mp_setz(mp_digit *dp, mp_size count); /* zero digits           */
+ void     s_mp_copy(const mp_digit *sp, mp_digit *dp, mp_size count); /* copy */
+ void    *s_mp_alloc(size_t nb, size_t ni);       /* general allocator     */
+ void     s_mp_free(void *ptr);                   /* general free function */
+extern unsigned long mp_allocs;
+extern unsigned long mp_frees;
+extern unsigned long mp_copies;
+#else
+
+ /* Even if these are defined as macros, we need to respect the settings
+    of the MP_MEMSET and MP_MEMCPY configuration options...
+  */
+ #if MP_MEMSET == 0
+  #define  s_mp_setz(dp, count) \
+       {int ix;for(ix=0;ix<(count);ix++)(dp)[ix]=0;}
+ #else
+  #define  s_mp_setz(dp, count) memset(dp, 0, (count) * sizeof(mp_digit))
+ #endif /* MP_MEMSET */
+
+ #if MP_MEMCPY == 0
+  #define  s_mp_copy(sp, dp, count) \
+       {int ix;for(ix=0;ix<(count);ix++)(dp)[ix]=(sp)[ix];}
+ #else
+  #define  s_mp_copy(sp, dp, count) memcpy(dp, sp, (count) * sizeof(mp_digit))
+ #endif /* MP_MEMCPY */
+
+ #define  s_mp_alloc(nb, ni)  calloc(nb, ni)
+ #define  s_mp_free(ptr) {if(ptr) free(ptr);}
+#endif /* MP_MACRO */
+
+mp_err   s_mp_grow(mp_int *mp, mp_size min);   /* increase allocated size */
+mp_err   s_mp_pad(mp_int *mp, mp_size min);    /* left pad with zeroes    */
+
+#if MP_MACRO == 0
+ void     s_mp_clamp(mp_int *mp);               /* clip leading zeroes     */
+#else
+ #define  s_mp_clamp(mp)\
+  { mp_size used = MP_USED(mp); \
+    while (used > 1 && DIGIT(mp, used - 1) == 0) --used; \
+    MP_USED(mp) = used; \
+  } 
+#endif /* MP_MACRO */
+
+void     s_mp_exch(mp_int *a, mp_int *b);      /* swap a and b in place   */
+
+mp_err   s_mp_lshd(mp_int *mp, mp_size p);     /* left-shift by p digits  */
+void     s_mp_rshd(mp_int *mp, mp_size p);     /* right-shift by p digits */
+mp_err   s_mp_mul_2d(mp_int *mp, mp_digit d);  /* multiply by 2^d in place */
+void     s_mp_div_2d(mp_int *mp, mp_digit d);  /* divide by 2^d in place  */
+void     s_mp_mod_2d(mp_int *mp, mp_digit d);  /* modulo 2^d in place     */
+void     s_mp_div_2(mp_int *mp);               /* divide by 2 in place    */
+mp_err   s_mp_mul_2(mp_int *mp);               /* multiply by 2 in place  */
+mp_err   s_mp_norm(mp_int *a, mp_int *b, mp_digit *pd); 
+                                               /* normalize for division  */
+mp_err   s_mp_add_d(mp_int *mp, mp_digit d);   /* unsigned digit addition */
+mp_err   s_mp_sub_d(mp_int *mp, mp_digit d);   /* unsigned digit subtract */
+mp_err   s_mp_mul_d(mp_int *mp, mp_digit d);   /* unsigned digit multiply */
+mp_err   s_mp_div_d(mp_int *mp, mp_digit d, mp_digit *r);
+		                               /* unsigned digit divide   */
+mp_err   s_mp_reduce(mp_int *x, const mp_int *m, const mp_int *mu);
+                                               /* Barrett reduction       */
+mp_err   s_mp_add(mp_int *a, const mp_int *b); /* magnitude addition      */
+mp_err   s_mp_add_3arg(const mp_int *a, const mp_int *b, mp_int *c);
+mp_err   s_mp_sub(mp_int *a, const mp_int *b); /* magnitude subtract      */
+mp_err   s_mp_sub_3arg(const mp_int *a, const mp_int *b, mp_int *c);
+mp_err   s_mp_add_offset(mp_int *a, mp_int *b, mp_size offset);
+                                               /* a += b * RADIX^offset   */
+mp_err   s_mp_mul(mp_int *a, const mp_int *b); /* magnitude multiply      */
+#if MP_SQUARE
+mp_err   s_mp_sqr(mp_int *a);                  /* magnitude square        */
+#else
+#define  s_mp_sqr(a) s_mp_mul(a, a)
+#endif
+mp_err   s_mp_div(mp_int *rem, mp_int *div, mp_int *quot); /* magnitude div */
+mp_err   s_mp_exptmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c);
+mp_err   s_mp_2expt(mp_int *a, mp_digit k);    /* a = 2^k                 */
+int      s_mp_cmp(const mp_int *a, const mp_int *b); /* magnitude comparison */
+int      s_mp_cmp_d(const mp_int *a, mp_digit d); /* magnitude digit compare */
+int      s_mp_ispow2(const mp_int *v);         /* is v a power of 2?      */
+int      s_mp_ispow2d(mp_digit d);             /* is d a power of 2?      */
+
+int      s_mp_tovalue(char ch, int r);          /* convert ch to value    */
+char     s_mp_todigit(mp_digit val, int r, int low); /* convert val to digit */
+int      s_mp_outlen(int bits, int r);          /* output length in bytes */
+mp_digit s_mp_invmod_radix(mp_digit P);   /* returns (P ** -1) mod RADIX */
+mp_err   s_mp_invmod_odd_m( const mp_int *a, const mp_int *m, mp_int *c);
+mp_err   s_mp_invmod_2d(    const mp_int *a, mp_size k,       mp_int *c);
+mp_err   s_mp_invmod_even_m(const mp_int *a, const mp_int *m, mp_int *c);
+
+#ifdef NSS_USE_COMBA
+
+#define IS_POWER_OF_2(a) ((a) && !((a) & ((a)-1)))
+
+void s_mp_mul_comba_4(const mp_int *A, const mp_int *B, mp_int *C);
+void s_mp_mul_comba_8(const mp_int *A, const mp_int *B, mp_int *C);
+void s_mp_mul_comba_16(const mp_int *A, const mp_int *B, mp_int *C);
+void s_mp_mul_comba_32(const mp_int *A, const mp_int *B, mp_int *C);
+
+void s_mp_sqr_comba_4(const mp_int *A, mp_int *B);
+void s_mp_sqr_comba_8(const mp_int *A, mp_int *B);
+void s_mp_sqr_comba_16(const mp_int *A, mp_int *B);
+void s_mp_sqr_comba_32(const mp_int *A, mp_int *B);
+
+#endif /* end NSS_USE_COMBA */
+
+/* ------ mpv functions, operate on arrays of digits, not on mp_int's ------ */
+#if defined (__OS2__) && defined (__IBMC__)
+#define MPI_ASM_DECL __cdecl
+#else
+#define MPI_ASM_DECL
+#endif
+
+#ifdef MPI_AMD64
+
+mp_digit MPI_ASM_DECL s_mpv_mul_set_vec64(mp_digit*, mp_digit *, mp_size, mp_digit);
+mp_digit MPI_ASM_DECL s_mpv_mul_add_vec64(mp_digit*, const mp_digit*, mp_size, mp_digit);
+
+/* c = a * b */
+#define s_mpv_mul_d(a, a_len, b, c) \
+	((unsigned long*)c)[a_len] = s_mpv_mul_set_vec64(c, a, a_len, b)
+
+/* c += a * b */
+#define s_mpv_mul_d_add(a, a_len, b, c) \
+	((unsigned long*)c)[a_len] = s_mpv_mul_add_vec64(c, a, a_len, b)
+
+#else
+
+void     MPI_ASM_DECL s_mpv_mul_d(const mp_digit *a, mp_size a_len,
+                                        mp_digit b, mp_digit *c);
+void     MPI_ASM_DECL s_mpv_mul_d_add(const mp_digit *a, mp_size a_len,
+                                            mp_digit b, mp_digit *c);
+
+#endif
+
+void     MPI_ASM_DECL s_mpv_mul_d_add_prop(const mp_digit *a,
+                                                mp_size a_len, mp_digit b, 
+			                        mp_digit *c);
+void     MPI_ASM_DECL s_mpv_sqr_add_prop(const mp_digit *a,
+                                                mp_size a_len,
+                                                mp_digit *sqrs);
+
+mp_err   MPI_ASM_DECL s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo,
+                            mp_digit divisor, mp_digit *quot, mp_digit *rem);
+
+/* c += a * b * (MP_RADIX ** offset);  */
+#define s_mp_mul_d_add_offset(a, b, c, off) \
+(s_mpv_mul_d_add_prop(MP_DIGITS(a), MP_USED(a), b, MP_DIGITS(c) + off), MP_OKAY)
+
+typedef struct {
+  mp_int       N;	/* modulus N */
+  mp_digit     n0prime; /* n0' = - (n0 ** -1) mod MP_RADIX */
+  mp_size      b;	/* R == 2 ** b,  also b = # significant bits in N */
+} mp_mont_modulus;
+
+mp_err s_mp_mul_mont(const mp_int *a, const mp_int *b, mp_int *c, 
+	               mp_mont_modulus *mmm);
+mp_err s_mp_redc(mp_int *T, mp_mont_modulus *mmm);
+
+/*
+ * s_mpi_getProcessorLineSize() returns the size in bytes of the cache line
+ * if a cache exists, or zero if there is no cache. If more than one
+ * cache line exists, it should return the smallest line size (which is
+ * usually the L1 cache).
+ *
+ * mp_modexp uses this information to make sure that private key information
+ * isn't being leaked through the cache.
+ *
+ * see mpcpucache.c for the implementation.
+ */
+unsigned long s_mpi_getProcessorLineSize();
+
+/* }}} */
+#endif
+
diff --git a/security/nss/lib/freebl/mpi/mpi-test.c b/security/nss/lib/freebl/mpi/mpi-test.c
new file mode 100644
index 000000000..735a8c3f6
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mpi-test.c
@@ -0,0 +1,1986 @@
+/*
+ * mpi-test.c
+ *
+ * This is a general test suite for the MPI library, which tests
+ * all the functions in the library with known values.  The program
+ * exits with a zero (successful) status if the tests pass, or a 
+ * nonzero status if the tests fail.
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1999
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Netscape Communications Corporation
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <limits.h>
+#include <time.h>
+
+#include "mpi.h"
+#include "mpprime.h"
+
+#include "test-info.c"
+
+/* ZS means Zero Suppressed (no leading zeros) */
+#if MP_USE_LONG_DIGIT 
+#define ZS_DIGIT_FMT         "%lX"
+#elif MP_USE_LONG_LONG_DIGIT
+#define ZS_DIGIT_FMT         "%llX"
+#elif MP_USE_UINT_DIGIT 
+#define ZS_DIGIT_FMT         "%X"
+#else
+#error "unknown type of digit"
+#endif
+
+/*
+  Test vectors
+
+  If you intend to change any of these values, you must also recompute
+  the corresponding solutions below.  Basically, these are just hex
+  strings (for the big integers) or integer values (for the digits).
+
+  The comparison tests think they know what relationships hold between
+  these values.  If you change that, you may have to adjust the code
+  for the comparison tests accordingly.  Most of the other tests
+  should be fine as long as you re-compute the solutions, though.
+ */
+const char   *mp1  = "639A868CDA0C569861B";
+const char   *mp2  = "AAFC0A3FE45E5E09DBE2C29";
+const char   *mp3  = "B55AA8DF8A7E83241F38AC7A9E479CAEF2E4D7C5";
+const char   *mp4  = "-63DBC2265B88268DC801C10EA68476B7BDE0090F";
+const char   *mp5  = "F595CB42";
+const char   *mp5a = "-4B597E";
+const char   *mp6  = "0";
+const char   *mp7  = "EBFA7121CD838CE6439CC59DDB4CBEF3";
+const char   *mp8  = "5";
+const char   *mp9  = "F74A2876A1432698923B0767DA19DCF3D71795EE";
+const char   *mp10 = "9184E72A000";
+const char   *mp11 = "54D79A3557E8";
+const char   *mp12 = "10000000000000000";
+const char   *mp13 = 
+"34584F700C15A341E40BF7BFDD88A6630C8FF2B2067469372D391342BDAB6163963C"
+"D5A5C79F708BDE26E0CCF2DB66CD6D6089E29A877C45F2B050D226E6DA88";
+const char   *mp14 =
+"AC3FA0EABAAC45724814D798942A1E28E14C81E0DE8055CED630E7689DA648683645DB6E"
+"458D9F5338CC3D4E33A5D1C9BF42780133599E60DEE0049AFA8F9489501AE5C9AA2B8C13"
+"FD21285A538B2CA87A626BB56E0A654C8707535E637FF4E39174157402BDE3AA30C9F134"
+"0C1307BAA864B075A9CC828B6A5E2B2BF1AE406D920CC5E7657D7C0E697DEE5375773AF9"
+"E200A1B8FAD7CD141F9EE47ABB55511FEB9A4D99EBA22F3A3FF6792FA7EE9E5DC0EE94F7"
+"7A631EDF3D7DD7C2DAAAFDF234D60302AB63D5234CEAE941B9AF0ADDD9E6E3A940A94EE5"
+"5DB45A7C66E61EDD0477419BBEFA44C325129601C4F45671C6A0E64665DF341D17FBC71F"
+"77418BD9F4375DDB3B9D56126526D8E5E0F35A121FD4F347013DA880020A752324F31DDD"
+"9BCDB13A3B86E207A2DE086825E6EEB87B3A64232CFD8205B799BC018634AAE193F19531"
+"D6EBC19A75F27CFFAA03EB5974898F53FD569AA5CE60F431B53B0CDE715A5F382405C9C4"
+"761A8E24888328F09F7BCE4E8D80C957DF177629C8421ACCD0C268C63C0DD47C3C0D954F"
+"D79F7D7297C6788DF4B3E51381759864D880ACA246DF09533739B8BB6085EAF7AE8DC2D9"
+"F224E6874926C8D24D34B457FD2C9A586C6B99582DC24F787A39E3942786CF1D494B6EB4"
+"A513498CDA0B217C4E80BCE7DA1C704C35E071AC21E0DA9F57C27C3533F46A8D20B04137"
+"C1B1384BE4B2EB46";
+const char   *mp15 = 
+"39849CF7FD65AF2E3C4D87FE5526221103D90BA26A6642FFE3C3ECC0887BBBC57E011BF1"
+"05D822A841653509C68F79EBE51C0099B8CBB04DEF31F36F5954208A3209AC122F0E11D8"
+"4AE67A494D78336A2066D394D42E27EF6B03DDAF6D69F5112C93E714D27C94F82FC7EF77"
+"445768C68EAE1C4A1407BE1B303243391D325090449764AE469CC53EC8012C4C02A72F37"
+"07ED7275D2CC8D0A14B5BCC6BF264941520EBA97E3E6BAE4EE8BC87EE0DDA1F5611A6ECB"
+"65F8AEF4F184E10CADBDFA5A2FEF828901D18C20785E5CC63473D638762DA80625003711"
+"9E984AC43E707915B133543AF9D5522C3E7180DC58E1E5381C1FB7DC6A5F4198F3E88FA6"
+"CBB6DFA8B2D1C763226B253E18BCCB79A29EE82D2DE735078C8AE3C3C86D476AAA08434C"
+"09C274BDD40A1D8FDE38D6536C22F44E807EB73DE4FB36C9F51E0BC835DDBE3A8EFCF2FE"
+"672B525769DC39230EE624D5EEDBD837C82A52E153F37378C3AD68A81A7ADBDF3345DBCE"
+"8FA18CA1DE618EF94DF72EAD928D4F45B9E51632ACF158CF8332C51891D1D12C2A7E6684"
+"360C4BF177C952579A9F442CFFEC8DAE4821A8E7A31C4861D8464CA9116C60866C5E72F7"
+"434ADBED36D54ACDFDFF70A4EFB46E285131FE725F1C637D1C62115EDAD01C4189716327"
+"BFAA79618B1656CBFA22C2C965687D0381CC2FE0245913C4D8D96108213680BD8E93E821"
+"822AD9DDBFE4BD04";
+const char   *mp16 = "4A724340668DB150339A70";
+const char   *mp17 = "8ADB90F58";
+const char   *mp18 = "C64C230AB20E5";
+const char *mp19 = 
+"F1C9DACDA287F2E3C88DCE2393B8F53DAAAC1196DC36510962B6B59454CFE64B";
+const char *mp20 = 
+"D445662C8B6FE394107B867797750C326E0F4A967E135FC430F6CD7207913AC7";
+const char* mp21 = "2";
+
+const mp_digit md1 = 0;
+const mp_digit md2 = 0x1;
+const mp_digit md3 = 0x80;
+const mp_digit md4 = 0x9C97;
+const mp_digit md5 = 0xF5BF;
+const mp_digit md6 = 0x14A0;
+const mp_digit md7 = 0x03E8;
+const mp_digit md8 = 0x0101;
+const mp_digit md9 = 0xA;
+
+/* 
+   Solutions of the form x_mpABC, where:
+
+   x = (p)roduct, (s)um, (d)ifference, (q)uotient, (r)emainder, (g)cd,
+       (i)nverse, (e)xponent, square roo(t), (g)cd, (l)cm.  A
+       leading 'm' indicates a modular operation, e.g. ms_mp12 is the
+       modular sum of operands 1 and 2
+
+   ABC are the operand numbers involved in the computation.  If a 'd'
+   precedes the number, it is a digit operand; if a 'c' precedes it,
+   it is a constant; otherwise, it is a full integer.  
+ */
+
+const char *p_mp12   = "4286AD72E095C9FE009938750743174ADDD7FD1E53";
+const char *p_mp34   = "-46BDBD66CA108C94A8CF46C325F7B6E2F2BA82D35"
+                       "A1BFD6934C441EE369B60CA29BADC26845E918B";
+const char *p_mp57   = "E260C265A0A27C17AD5F4E59D6E0360217A2EBA6";
+const char *p_mp22   = "7233B5C1097FFC77CCF55928FDC3A5D31B712FDE7A1E91";
+const char *p_mp1d4  = "3CECEA2331F4220BEF68DED";
+const char *p_mp8d6  = "6720";
+const char *p_mp1113 =
+"11590FC3831C8C3C51813142C88E566408DB04F9E27642F6471A1822E0100B12F7F1"
+"5699A127C0FA9D26DCBFF458522661F30C6ADA4A07C8C90F9116893F6DBFBF24C3A2"
+"4340";
+const char *p_mp1415 = 
+"26B36540DE8B3586699CCEAE218A2842C7D5A01590E70C4A26E789107FBCDB06AA2C"
+"6DDC39E6FA18B16FCB2E934C9A5F844DAD60EE3B1EA82199EC5E9608F67F860FB965"
+"736055DF0E8F2540EB28D07F47E309B5F5D7C94FF190AB9C83A6970160CA700B1081"
+"F60518132AF28C6CEE6B7C473E461ABAC52C39CED50A08DD4E7EA8BA18DAD545126D"
+"A388F6983C29B6BE3F9DCBC15766E8E6D626A92C5296A9C4653CAE5788350C0E2107"
+"F57E5E8B6994C4847D727FF1A63A66A6CEF42B9C9E6BD04C92550B85D5527DE8A132"
+"E6BE89341A9285C7CE7FB929D871BBCBD0ED2863B6B078B0DBB30FCA66D6C64284D6"
+"57F394A0271E15B6EC7A9D530EBAC6CA262EF6F97E1A29FCE7749240E4AECA591ECF"
+"272122BC587370F9371B67BB696B3CDC1BC8C5B64B6280994EBA00CDEB8EB0F5D06E"
+"18F401D65FDCECF23DD7B9BB5B4C5458AEF2CCC09BA7F70EACB844750ACFD027521E"
+"2E047DE8388B35F8512D3DA46FF1A12D4260213602BF7BFFDB6059439B1BD0676449"
+"8D98C74F48FB3F548948D5BA0C8ECFCD054465132DC43466D6BBD59FBAF8D6D4E157"
+"2D612B40A956C7D3E140F3B8562EF18568B24D335707D5BAC7495014DF2444172426"
+"FD099DED560D30D1F945386604AFC85C64BD1E5F531F5C7840475FC0CF0F79810012"
+"4572BAF5A9910CDBD02B27FFCC3C7E5E88EF59F3AE152476E33EDA696A4F751E0AE4"
+"A3D2792DEA78E25B9110E12A19EFD09EA47FF9D6594DA445478BEB6901EAF8A35B2D"
+"FD59BEE9BF7AA8535B7D326EFA5AA2121B5EBE04DD85827A3D43BD04F4AA6D7B62A2"
+"B6D7A3077286A511A431E1EF75FCEBA3FAE9D5843A8ED17AA02BBB1B571F904699C5"
+"A6073F87DDD012E2322AB3F41F2A61F428636FE86914148E19B8EF8314ED83332F2F"
+"8C2ADE95071E792C0A68B903E060DD322A75FD0C2B992059FCCBB58AFA06B50D1634"
+"BBD93F187FCE0566609FCC2BABB269C66CEB097598AA17957BB4FDA3E64A1B30402E"
+"851CF9208E33D52E459A92C63FBB66435BB018E155E2C7F055E0B7AB82CD58FC4889"
+"372ED9EEAC2A07E8E654AB445B9298D2830D6D4DFD117B9C8ABE3968927DC24B3633"
+"BAD6E6466DB45DDAE87A0AB00336AC2CCCE176704F7214FCAB55743AB76C2B6CA231"
+"7984610B27B5786DE55C184DDF556EDFEA79A3652831940DAD941E243F482DC17E50"
+"284BC2FB1AD712A92542C573E55678878F02DFD9E3A863C7DF863227AEDE14B47AD3"
+"957190124820ADC19F5353878EDB6BF7D0C77352A6E3BDB53EEB88F5AEF6226D6E68"
+"756776A8FB49B77564147A641664C2A54F7E5B680CCC6A4D22D894E464DF20537094"
+"548F1732452F9E7F810C0B4B430C073C0FBCE03F0D03F82630654BCE166AA772E1EE"
+"DD0C08D3E3EBDF0AF54203B43AFDFC40D8FC79C97A4B0A4E1BEB14D8FCEFDDED8758"
+"6ED65B18";
+const char *p_mp2121 = "4";
+const char *mp_mp345 = "B9B6D3A3";
+const char *mp_mp335 = "16609C2D";
+
+const char *s_mp13   = "B55AA8DF8A7E83241F38B2B446B06A4FB84E5DE0";
+const char *s_mp34   = "517EE6B92EF65C965736EB6BF7C325F73504CEB6";
+const char *s_mp46   = "-63DBC2265B88268DC801C10EA68476B7BDE0090F";
+const char *s_mp5d4  = "F59667D9";
+const char *s_mp2d5  = "AAFC0A3FE45E5E09DBF21E8";
+const char *s_mp1415 = 
+"E5C43DE2B811F4A084625F96E9504039E5258D8348E698CEB9F4D4292622042DB446"
+"F75F4B65C1FB7A317257FA354BB5A45E789AEC254EAECE11F80A53E3B513822491DB"
+"D9399DEC4807A2A3A10360129AC93F4A42388D3BF20B310DD0E9E9F4BE07FC88D53A"
+"78A26091E0AB506A70813712CCBFBDD440A69A906E650EE090FDD6A42A95AC1A414D"
+"317F1A9F781E6A30E9EE142ECDA45A1E3454A1417A7B9A613DA90831CF88EA1F2E82"
+"41AE88CC4053220903C2E05BCDD42F02B8CF8868F84C64C5858BAD356143C5494607"
+"EE22E11650148BAF65A985F6FC4CA540A55697F2B5AA95D6B8CF96EF638416DE1DD6"
+"3BA9E2C09E22D03E75B60BE456C642F86B82A709253E5E087B507DE3A45F8392423F"
+"4DBC284E8DC88C43CA77BC8DCEFB6129A59025F80F90FF978116DEBB9209E306FBB9"
+"1B6111F8B8CFACB7C7C9BC12691C22EE88303E1713F1DFCEB622B8EA102F6365678B"
+"C580ED87225467AA78E875868BD53B17574BA59305BC1AC666E4B7E9ED72FCFC200E"
+"189D98FC8C5C7533739C53F52DDECDDFA5A8668BFBD40DABC9640F8FCAE58F532940"
+"8162261320A25589E9FB51B50F80056471F24B7E1AEC35D1356FC2747FFC13A04B34"
+"24FCECE10880BD9D97CA8CDEB2F5969BF4F30256EB5ED2BCD1DC64BDC2EE65217848"
+"48A37FB13F84ED4FB7ACA18C4639EE64309BDD3D552AEB4AAF44295943DC1229A497"
+"A84A";
+
+const char *ms_mp345 = "1E71E292";
+
+const char *d_mp12   = "-AAFBA6A55DD183FD854A60E";
+const char *d_mp34   = "119366B05E606A9B1E73A6D8944CC1366B0C4E0D4";
+const char *d_mp5d4  = "F5952EAB";
+const char *d_mp6d2  = "-1";
+const char *md_mp345 = "26596B86";
+
+const char *q_mp42   = "-95825A1FFA1A155D5";
+const char *r_mp42   = "-6312E99D7700A3DCB32ADF2";
+const char *q_mp45a  = "15344CDA3D841F661D2B61B6EDF7828CE36";
+const char *r_mp45a  = "-47C47B";
+const char *q_mp7c2  = "75FD3890E6C1C67321CE62CEEDA65F79";
+const char *q_mp3d6  = "8CAFD53C272BD6FE8B0847BDC3B539EFAB5C3";
+const char *r_mp3d6  = "1E5";
+const char *r_mp5d5  = "1257";
+const char *r_mp47   = "B3A9018D970281A90FB729A181D95CB8";
+const char *q_mp1404 = 
+"-1B994D869142D3EF6123A3CBBC3C0114FA071CFCEEF4B7D231D65591D32501AD80F"
+"FF49AE4EC80514CC071EF6B42521C2508F4CB2FEAD69A2D2EF3934087DCAF88CC4C4"
+"659F1CA8A7F4D36817D802F778F1392337FE36302D6865BF0D4645625DF8BB044E19"
+"930635BE2609FAC8D99357D3A9F81F2578DE15A300964188292107DAC980E0A08CD7"
+"E938A2135FAD45D50CB1D8C2D4C4E60C27AB98B9FBD7E4DBF752C57D2674520E4BB2"
+"7E42324C0EFE84FB3E38CF6950E699E86FD45FE40D428400F2F94EDF7E94FAE10B45"
+"89329E1BF61E5A378C7B31C9C6A234F8254D4C24823B84D0BF8D671D8BC9154DFAC9"
+"49BD8ACABD6BD32DD4DC587F22C86153CB3954BDF7C2A890D623642492C482CF3E2C"
+"776FC019C3BBC61688B485E6FD35D6376089C1E33F880E84C4E51E8ABEACE1B3FB70"
+"3EAD0E28D2D44E7F1C0A859C840775E94F8C1369D985A3C5E8114B21D68B3CBB75D2"
+"791C586153C85B90CAA483E57A40E2D97950AAB84920A4396C950C87C7FFFE748358"
+"42A0BF65445B26D40F05BE164B822CA96321F41D85A289C5F5CD5F438A78704C9683"
+"422299D21899A22F853B0C93081CC9925E350132A0717A611DD932A68A0ACC6E4C7F"
+"7F685EF8C1F4910AEA5DC00BB5A36FCA07FFEAA490C547F6E14A08FE87041AB803E1"
+"BD9E23E4D367A2C35762F209073DFF48F3";
+const char *r_mp1404 = "12FF98621ABF63144BFFC3207AC8FC10D8D1A09";
+
+const char *q_mp13c  = 
+		"34584F700C15A341E40BF7BFDD88A6630C8FF2B2067469372D391342"
+		"BDAB6163963CD5A5C79F708BDE26E0CCF2DB66CD6D6089E29A877C45";
+const char *r_mp13c  = "F2B050D226E6DA88";
+const char *q_mp9c16 = "F74A2876A1432698923B0767DA19DCF3D71795E";
+const char *r_mp9c16 = "E";
+
+const char *e_mp5d9 = "A8FD7145E727A20E52E73D22990D35D158090307A"
+		      "13A5215AAC4E9AB1E96BD34E531209E03310400";
+const char *e_mp78  = "AA5F72C737DFFD8CCD108008BFE7C79ADC01A819B"
+		      "32B75FB82EC0FB8CA83311DA36D4063F1E57857A2"
+		      "1AB226563D84A15BB63CE975FF1453BD6750C58D9"
+		      "D113175764F5D0B3C89B262D4702F4D9640A3";
+const char *me_mp817 = "E504493ACB02F7F802B327AB13BF25";
+const char *me_mp5d47 = "1D45ED0D78F2778157992C951DD2734C";
+const char *me_mp1512 = "FB5B2A28D902B9D9";
+const char *me_mp161718 = "423C6AC6DBD74";
+const char *me_mp5114 =
+"64F0F72807993578BBA3C7C36FFB184028F9EB9A810C92079E1498D8A80FC848E1F0"
+"25F1DE43B7F6AC063F5CC29D8A7C2D7A66269D72BF5CDC327AF88AF8EF9E601DCB0A"
+"3F35BFF3525FB1B61CE3A25182F17C0A0633B4089EA15BDC47664A43FEF639748AAC"
+"19CF58E83D8FA32CD10661D2D4210CC84792937E6F36CB601851356622E63ADD4BD5"
+"542412C2E0C4958E51FD2524AABDC7D60CFB5DB332EEC9DC84210F10FAE0BA2018F2"
+"14C9D6867C9D6E49CF28C18D06CE009FD4D04BFC8837C3FAAA773F5CCF6DED1C22DE"
+"181786AFE188540586F2D74BF312E595244E6936AE52E45742109BAA76C36F2692F5"
+"CEF97AD462B138BE92721194B163254CBAAEE9B9864B21CCDD5375BCAD0D24132724"
+"113D3374B4BCF9AA49BA5ACBC12288C0BCF46DCE6CB4A241A91BD559B130B6E9CD3D"
+"D7A2C8B280C2A278BA9BF5D93244D563015C9484B86D9FEB602501DC16EEBC3EFF19"
+"53D7999682BF1A1E3B2E7B21F4BDCA3C355039FEF55B9C0885F98DC355CA7A6D8ECF"
+"5F7F1A6E11A764F2343C823B879B44616B56BF6AE3FA2ACF5483660E618882018E3F"
+"C8459313BACFE1F93CECC37B2576A5C0B2714BD3EEDEEC22F0E7E3E77B11396B9B99"
+"D683F2447A4004BBD4A57F6A616CDDFEC595C4FC19884CC2FC21CF5BF5B0B81E0F83"
+"B9DDA0CF4DFF35BB8D31245912BF4497FD0BD95F0C604E26EA5A8EA4F5EAE870A5BD"
+"FE8C";
+
+const char *e_mpc2d3 = "100000000000000000000000000000000";
+
+const char *t_mp9    = "FB9B6E32FF0452A34746";
+const char *i_mp27   = "B6AD8DCCDAF92B6FE57D062FFEE3A99";
+const char *i_mp2019 = 
+"BDF3D88DC373A63EED92903115B03FC8501910AF68297B4C41870AED3EA9F839";
+/* "15E3FE09E8AE5523AABA197BD2D16318D3CA148EDF4AE1C1C52FC96AFAF5680B"; */
+
+
+const char *t_mp15 =
+"795853094E59B0008093BCA8DECF68587C64BDCA2F3F7F8963DABC12F1CFFFA9B8C4"
+"365232FD4751870A0EF6CA619287C5D8B7F1747D95076AB19645EF309773E9EACEA0"
+"975FA4AE16251A8DA5865349C3A903E3B8A2C0DEA3C0720B6020C7FED69AFF62BB72"
+"10FAC443F9FFA2950776F949E819260C2AF8D94E8A1431A40F8C23C1973DE5D49AA2"
+"0B3FF5DA5C1D5324E712A78FF33A9B1748F83FA529905924A31DF38643B3F693EF9B"
+"58D846BB1AEAE4523ECC843FF551C1B300A130B65C1677402778F98C51C10813250E"
+"2496882877B069E877B59740DC1226F18A5C0F66F64A5F59A9FAFC5E9FC45AEC0E7A"
+"BEE244F7DD3AC268CF512A0E52E4F5BE5B94";
+
+const char *g_mp71   = "1";
+const char *g_mp25   = "7";
+const char *l_mp1011 = "C589E3D7D64A6942A000";
+
+/* mp9 in radices from 5 to 64 inclusive */
+#define LOW_RADIX   5
+#define HIGH_RADIX  64
+const char *v_mp9[] = {
+  "404041130042310320100141302000203430214122130002340212132414134210033",
+  "44515230120451152500101352430105520150025145320010504454125502",
+  "644641136612541136016610100564613624243140151310023515322",
+  "173512120732412062323044435407317550316717172705712756",
+  "265785018434285762514442046172754680368422060744852",
+  "1411774500397290569709059837552310354075408897518",
+  "184064268501499311A17746095910428222A241708032A",
+  "47706011B225950B02BB45602AA039893118A85950892",
+  "1A188C826B982353CB58422563AC602B783101671A86",
+  "105957B358B89B018958908A9114BC3DDC410B77982",
+  "CB7B3387E23452178846C55DD9D70C7CA9AEA78E8",
+  "F74A2876A1432698923B0767DA19DCF3D71795EE",
+  "17BF7C3673B76D7G7A5GA836277296F806E7453A",
+  "2EBG8HH3HFA6185D6H0596AH96G24C966DD3HG2",
+  "6G3HGBFEG8I3F25EAF61B904EIA40CFDH2124F",
+  "10AHC3D29EBHDF3HD97905CG0JA8061855C3FI",
+  "3BA5A55J5K699B2D09C38A4B237CH51IHA132",
+  "EDEA90DJ0B5CB3FGG1C8587FEB99D3C143CA",
+  "31M26JI1BBD56K3I028MML4EEDMAJK60LGLE",
+  "GGG5M3142FKKG82EJ28111D70EMHC241E4E",
+  "4446F4D5H10982023N297BF0DKBBHLLJB0I",
+  "12E9DEEOBMKAKEP0IM284MIP7FO1O521M46",
+  "85NN0HD48NN2FDDB1F5BMMKIB8CK20MDPK",
+  "2D882A7A0O0JPCJ4APDRIB77IABAKDGJP2",
+  "MFMCI0R7S27AAA3O3L2S8K44HKA7O02CN",
+  "7IGQS73FFSHC50NNH44B6PTTNLC3M6H78",
+  "2KLUB3U9850CSN6ANIDNIF1LB29MJ43LH",
+  "UT52GTL18CJ9H4HR0TJTK6ESUFBHF5FE",
+  "BTVL87QQBMUGF8PFWU4W3VU7U922QTMW",
+  "4OG10HW0MSWJBIDEE2PDH24GA7RIHIAA",
+  "1W8W9AX2DRUX48GXOLMK0PE42H0FEUWN",
+  "SVWI84VBH069WR15W1U2VTK06USY8Z2",
+  "CPTPNPDa5TYCPPNLALENT9IMX2GL0W2",
+  "5QU21UJMRaUYYYYYN6GHSMPOYOXEEUY",
+  "2O2Q7C6RPPB1SXJ9bR4035SPaQQ3H2W",
+  "18d994IbT4PHbD7cGIPCRP00bbQO0bc",
+  "NcDUEEWRO7XT76260WGeBHPVa72RdA",
+  "BbX2WCF9VfSB5LPdJAdeXKV1fd6LC2",
+  "60QDKW67P4JSQaTdQg7JE9ISafLaVU",
+  "33ba9XbDbRdNF4BeDB2XYMhAVDaBdA",
+  "1RIPZJA8gT5L5H7fTcaRhQ39geMMTc",
+  "d65j70fBATjcDiidPYXUGcaBVVLME",
+  "LKA9jhPabDG612TXWkhfT2gMXNIP2",
+  "BgNaYhjfT0G8PBcYRP8khJCR3C9QE",
+  "6Wk8RhJTAgDh10fYAiUVB1aM0HacG",
+  "3dOCjaf78kd5EQNViUZWj3AfFL90I",
+  "290VWkL3aiJoW4MBbHk0Z0bDo22Ni",
+  "1DbDZ1hpPZNUDBUp6UigcJllEdC26",
+  "dFSOLBUM7UZX8Vnc6qokGIOiFo1h",
+  "NcoUYJOg0HVmKI9fR2ag0S8R2hrK",
+  "EOpiJ5Te7oDe2pn8ZhAUKkhFHlZh",
+  "8nXK8rp8neV8LWta1WDgd1QnlWsU",
+  "5T3d6bcSBtHgrH9bCbu84tblaa7r",
+  "3PlUDIYUvMqOVCir7AtquK5dWanq",
+  "2A70gDPX2AtiicvIGGk9poiMtgvu",
+  "1MjiRxjk10J6SVAxFguv9kZiUnIc",
+  "rpre2vIDeb4h3sp50r1YBbtEx9L",
+  "ZHcoip0AglDAfibrsUcJ9M1C8fm",
+  "NHP18+eoe6uU54W49Kc6ZK7+bT2",
+  "FTAA7QXGoQOaZi7PzePtFFN5vNk"
+};
+
+const unsigned char b_mp4[] = {
+  0x01, 
+#if MP_DIGIT_MAX > MP_32BIT_MAX
+  0x00, 0x00, 0x00, 0x00,
+#endif
+  0x63, 0xDB, 0xC2, 0x26, 
+  0x5B, 0x88, 0x26, 0x8D, 
+  0xC8, 0x01, 0xC1, 0x0E, 
+  0xA6, 0x84, 0x76, 0xB7, 
+  0xBD, 0xE0, 0x09, 0x0F
+};
+
+/* Search for a test suite name in the names table  */
+int  find_name(char *name);
+void reason(char *fmt, ...);
+
+/*------------------------------------------------------------------------*/
+/*------------------------------------------------------------------------*/
+
+char g_intbuf[4096];  /* buffer for integer comparison   */
+char a_intbuf[4096];  /* buffer for integer comparison   */
+int  g_verbose = 1;   /* print out reasons for failure?  */
+int  res;
+
+#define IFOK(x) { if (MP_OKAY > (res = (x))) { \
+  reason("test %s failed: error %d\n", #x, res); return 1; }}
+
+int main(int argc, char *argv[])
+{
+  int which, res;
+
+  srand((unsigned int)time(NULL));
+
+  if (argc < 2) {
+    fprintf(stderr, "Usage: %s <test-suite> | list\n"
+	    "Type '%s help' for assistance\n", argv[0], argv[0]);
+    return 2;
+  } else if(argc > 2) {
+    if(strcmp(argv[2], "quiet") == 0)
+      g_verbose = 0;
+  }
+
+  if(strcmp(argv[1], "help") == 0) {
+    fprintf(stderr, "Help for mpi-test\n\n"
+	    "This program is a test driver for the MPI library, which\n"
+	    "tests all the various functions in the library to make sure\n"
+	    "they are working correctly.  The syntax is:\n"
+	    "    %s <suite-name>\n"
+	    "...where <suite-name> is the name of the test you wish to\n"
+	    "run.  To get a list of the tests, use '%s list'.\n\n"
+	    "The program exits with a status of zero if the test passes,\n"
+	    "or non-zero if it fails.  Ordinarily, failure is accompanied\n"
+	    "by a diagnostic message to standard error.  To suppress this\n"
+	    "add the keyword 'quiet' after the suite-name on the command\n"
+	    "line.\n\n", argv[0], argv[0]);
+    return 0;
+  }
+
+  if ((which = find_name(argv[1])) < 0) {
+    fprintf(stderr, "%s: test suite '%s' is not known\n", argv[0], argv[1]);
+    return 2;
+  }
+
+  if((res = (g_tests[which])()) < 0) {
+    fprintf(stderr, "%s: test suite not implemented yet\n", argv[0]);
+    return 2;
+  } else {
+    return res; 
+  }
+
+}
+
+/*------------------------------------------------------------------------*/
+
+int find_name(char *name)
+{
+  int ix = 0;
+  
+  while(ix < g_count) {
+    if (strcmp(name, g_names[ix]) == 0)
+      return ix;
+    
+    ++ix;
+  }
+  
+  return -1;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_list(void)
+{
+  int ix;
+  
+  fprintf(stderr, "There are currently %d test suites available\n",
+	  g_count);
+  
+  for(ix = 1; ix < g_count; ix++)
+    fprintf(stdout, "%-20s %s\n", g_names[ix], g_descs[ix]);
+  
+  return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_copy(void)
+{
+  mp_int  a, b;
+  int     ix;
+
+  mp_init(&a); mp_init(&b);
+
+  mp_read_radix(&a, mp3, 16);
+  mp_copy(&a, &b);
+
+  if(SIGN(&a) != SIGN(&b) || USED(&a) != USED(&b)) {
+    if(SIGN(&a) != SIGN(&b)) {
+      reason("error: sign of original is %d, sign of copy is %d\n", 
+	     SIGN(&a), SIGN(&b));
+    } else {
+      reason("error: original precision is %d, copy precision is %d\n",
+	     USED(&a), USED(&b));
+    }
+    mp_clear(&a); mp_clear(&b);
+    return 1;
+  }
+
+  for(ix = 0; ix < USED(&b); ix++) {
+    if(DIGIT(&a, ix) != DIGIT(&b, ix)) {
+      reason("error: digit %d " DIGIT_FMT " != " DIGIT_FMT "\n",
+	     ix, DIGIT(&a, ix), DIGIT(&b, ix));
+      mp_clear(&a); mp_clear(&b);
+      return 1;
+    }
+  }
+     
+  mp_clear(&a); mp_clear(&b);
+  return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_exch(void)
+{
+  mp_int  a, b;
+
+  mp_init(&a); mp_init(&b);
+  mp_read_radix(&a, mp7, 16); mp_read_radix(&b, mp1, 16);
+
+  mp_exch(&a, &b);
+  mp_toradix(&a, g_intbuf, 16);
+
+  mp_clear(&a);
+  if(strcmp(g_intbuf, mp1) != 0) {
+    mp_clear(&b);
+    reason("error: exchange failed\n");
+    return 1;
+  }
+
+  mp_toradix(&b, g_intbuf, 16);
+
+  mp_clear(&b);
+  if(strcmp(g_intbuf, mp7) != 0) {
+    reason("error: exchange failed\n");
+    return 1;
+  }
+
+  return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_zero(void)
+{
+  mp_int   a;
+
+  mp_init(&a); mp_read_radix(&a, mp7, 16);
+  mp_zero(&a);
+
+  if(USED(&a) != 1 || DIGIT(&a, 1) != 0) {
+    mp_toradix(&a, g_intbuf, 16);
+    reason("error: result is %s\n", g_intbuf);
+    mp_clear(&a);
+    return 1;
+  }
+
+  mp_clear(&a);
+  return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_set(void)
+{
+  mp_int   a;
+
+  /* Test single digit set */
+  mp_init(&a); mp_set(&a, 5);
+  if(DIGIT(&a, 0) != 5) {
+    mp_toradix(&a, g_intbuf, 16);
+    reason("error: result is %s, expected 5\n", g_intbuf);
+    mp_clear(&a);
+    return 1;
+  }
+
+  /* Test integer set */
+  mp_set_int(&a, -4938110);
+  mp_toradix(&a, g_intbuf, 16);
+  mp_clear(&a);
+  if(strcmp(g_intbuf, mp5a) != 0) {
+    reason("error: result is %s, expected %s\n", g_intbuf, mp5a);
+    return 1;
+  }
+
+  return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_abs(void)
+{
+  mp_int  a;
+
+  mp_init(&a); mp_read_radix(&a, mp4, 16);
+  mp_abs(&a, &a);
+  
+  if(SIGN(&a) != ZPOS) {
+    reason("error: sign of result is negative\n");
+    mp_clear(&a);
+    return 1;
+  }
+
+  mp_clear(&a);
+  return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_neg(void)
+{
+  mp_int  a;
+  mp_sign s;
+
+  mp_init(&a); mp_read_radix(&a, mp4, 16);
+
+  s = SIGN(&a);
+  mp_neg(&a, &a);
+  if(SIGN(&a) == s) {
+    reason("error: sign of result is same as sign of nonzero input\n");
+    mp_clear(&a);
+    return 1;
+  }
+
+  mp_clear(&a);
+  return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_add_d(void)
+{
+  mp_int  a;
+
+  mp_init(&a);
+  
+  mp_read_radix(&a, mp5, 16);
+  mp_add_d(&a, md4, &a);
+  mp_toradix(&a, g_intbuf, 16);
+
+  if(strcmp(g_intbuf, s_mp5d4) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, s_mp5d4);
+    mp_clear(&a);
+    return 1;
+  }
+
+  mp_read_radix(&a, mp2, 16);
+  mp_add_d(&a, md5, &a);
+  mp_toradix(&a, g_intbuf, 16);
+
+  if(strcmp(g_intbuf, s_mp2d5) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, s_mp2d5);
+    mp_clear(&a);
+    return 1;
+  }
+
+  mp_clear(&a);
+  return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_add(void)
+{
+  mp_int  a, b;
+  int     res = 0;
+
+  mp_init(&a); mp_init(&b);
+
+  mp_read_radix(&a, mp1, 16); mp_read_radix(&b, mp3, 16);
+  mp_add(&a, &b, &a);
+  mp_toradix(&a, g_intbuf, 16);
+
+  if(strcmp(g_intbuf, s_mp13) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, s_mp13);
+    res = 1; goto CLEANUP;
+  }
+
+  mp_read_radix(&a, mp4, 16);
+  mp_add(&a, &b, &a);
+  mp_toradix(&a, g_intbuf, 16);
+
+  if(strcmp(g_intbuf, s_mp34) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, s_mp34);
+    res = 1; goto CLEANUP;
+  }
+
+  mp_read_radix(&a, mp4, 16); mp_read_radix(&b, mp6, 16);
+  mp_add(&a, &b, &a);
+  mp_toradix(&a, g_intbuf, 16);
+
+  if(strcmp(g_intbuf, s_mp46) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, s_mp46);
+    res = 1; goto CLEANUP;
+  }
+
+  mp_read_radix(&a, mp14, 16); mp_read_radix(&b, mp15, 16);
+  mp_add(&a, &b, &a);
+  mp_toradix(&a, g_intbuf, 16);
+
+  if(strcmp(g_intbuf, s_mp1415) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, s_mp1415);
+    res = 1;
+  }
+
+ CLEANUP:
+  mp_clear(&a); mp_clear(&b);
+  return res;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_sub_d(void)
+{
+  mp_int   a;
+
+  mp_init(&a);
+  mp_read_radix(&a, mp5, 16);
+
+  mp_sub_d(&a, md4, &a);
+  mp_toradix(&a, g_intbuf, 16);
+
+  if(strcmp(g_intbuf, d_mp5d4) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, d_mp5d4);
+    mp_clear(&a);
+    return 1;
+  }
+
+  mp_read_radix(&a, mp6, 16);
+  
+  mp_sub_d(&a, md2, &a);
+  mp_toradix(&a, g_intbuf, 16);
+  
+  mp_clear(&a);
+  if(strcmp(g_intbuf, d_mp6d2) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, d_mp6d2);
+    return 1;
+  }
+
+  return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_sub(void)
+{
+  mp_int  a, b;
+
+  mp_init(&a); mp_init(&b);
+
+  mp_read_radix(&a, mp1, 16); mp_read_radix(&b, mp2, 16);
+  mp_sub(&a, &b, &a);
+  mp_toradix(&a, g_intbuf, 16);
+
+  if(strcmp(g_intbuf, d_mp12) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, d_mp12);
+    mp_clear(&a); mp_clear(&b);
+    return 1;
+  }
+
+  mp_read_radix(&a, mp3, 16); mp_read_radix(&b, mp4, 16);
+  mp_sub(&a, &b, &a);
+  mp_toradix(&a, g_intbuf, 16);
+
+  if(strcmp(g_intbuf, d_mp34) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, d_mp34);
+    mp_clear(&a); mp_clear(&b);
+    return 1;
+  }
+
+  mp_clear(&a); mp_clear(&b);
+  return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_mul_d(void)
+{
+  mp_int   a;
+
+  mp_init(&a);
+  mp_read_radix(&a, mp1, 16);
+
+  IFOK( mp_mul_d(&a, md4, &a) );
+  mp_toradix(&a, g_intbuf, 16);
+  
+  if(strcmp(g_intbuf, p_mp1d4) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, p_mp1d4);    
+    mp_clear(&a);
+    return 1;
+  }
+
+  mp_read_radix(&a, mp8, 16);
+  IFOK( mp_mul_d(&a, md6, &a) );
+  mp_toradix(&a, g_intbuf, 16);
+
+  mp_clear(&a);
+  if(strcmp(g_intbuf, p_mp8d6) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, p_mp8d6); 
+    return 1;
+  }
+
+  return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_mul(void)
+{
+  mp_int   a, b;
+  int      res = 0;
+
+  mp_init(&a); mp_init(&b);
+  mp_read_radix(&a, mp1, 16); mp_read_radix(&b, mp2, 16);
+
+  IFOK( mp_mul(&a, &b, &a) );
+  mp_toradix(&a, g_intbuf, 16);
+
+  if(strcmp(g_intbuf, p_mp12) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, p_mp12);
+    res = 1; goto CLEANUP;
+  }
+
+  mp_read_radix(&a, mp3, 16); mp_read_radix(&b, mp4, 16);
+  IFOK( mp_mul(&a, &b, &a) );
+  mp_toradix(&a, g_intbuf, 16);
+
+  if(strcmp(g_intbuf, p_mp34) !=0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, p_mp34);
+    res = 1; goto CLEANUP;
+  }
+
+  mp_read_radix(&a, mp5, 16); mp_read_radix(&b, mp7, 16);
+  IFOK( mp_mul(&a, &b, &a) );
+  mp_toradix(&a, g_intbuf, 16);
+
+  if(strcmp(g_intbuf, p_mp57) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, p_mp57);
+    res = 1; goto CLEANUP;
+  }
+
+  mp_read_radix(&a, mp11, 16); mp_read_radix(&b, mp13, 16);
+  IFOK( mp_mul(&a, &b, &a) );
+  mp_toradix(&a, g_intbuf, 16);
+
+  if(strcmp(g_intbuf, p_mp1113) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, p_mp1113);
+    res = 1; goto CLEANUP;
+  }
+
+  mp_read_radix(&a, mp14, 16); mp_read_radix(&b, mp15, 16);
+  IFOK( mp_mul(&a, &b, &a) );
+  mp_toradix(&a, g_intbuf, 16);
+
+  if(strcmp(g_intbuf, p_mp1415) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, p_mp1415);
+    res = 1;
+  }
+  mp_read_radix(&a, mp21, 10); mp_read_radix(&b, mp21, 10);
+
+  IFOK( mp_mul(&a, &b, &a) );
+  mp_toradix(&a, g_intbuf, 10);
+
+  if(strcmp(g_intbuf, p_mp2121) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, p_mp2121);
+    res = 1; goto CLEANUP;
+  }
+
+ CLEANUP:
+  mp_clear(&a); mp_clear(&b);
+  return res;
+
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_sqr(void)
+{
+  mp_int  a;
+
+  mp_init(&a); mp_read_radix(&a, mp2, 16);
+
+  mp_sqr(&a, &a);
+  mp_toradix(&a, g_intbuf, 16);
+
+  mp_clear(&a);
+  if(strcmp(g_intbuf, p_mp22) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, p_mp22);
+    return 1;
+  }
+
+  return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_div_d(void)
+{
+  mp_int    a, q;
+  mp_digit  r;
+  int       err = 0;
+
+  mp_init(&a); mp_init(&q);
+  mp_read_radix(&a, mp3, 16);
+
+  IFOK( mp_div_d(&a, md6, &q, &r) );
+  mp_toradix(&q, g_intbuf, 16);
+
+  if(strcmp(g_intbuf, q_mp3d6) != 0) {
+    reason("error: computed q = %s, expected %s\n", g_intbuf, q_mp3d6);
+    ++err;
+  }
+
+  sprintf(g_intbuf, ZS_DIGIT_FMT, r);
+
+  if(strcmp(g_intbuf, r_mp3d6) != 0) {
+    reason("error: computed r = %s, expected %s\n", g_intbuf, r_mp3d6);
+    ++err;
+  }
+
+  mp_read_radix(&a, mp9, 16);
+  IFOK( mp_div_d(&a, 16, &q, &r) );
+  mp_toradix(&q, g_intbuf, 16);
+
+  if(strcmp(g_intbuf, q_mp9c16) != 0) {
+    reason("error: computed q = %s, expected %s\n", g_intbuf, q_mp9c16);
+    ++err;
+  }
+
+  sprintf(g_intbuf, ZS_DIGIT_FMT, r);
+
+  if(strcmp(g_intbuf, r_mp9c16) != 0) {
+    reason("error: computed r = %s, expected %s\n", g_intbuf, r_mp9c16);
+    ++err;
+  }
+
+  mp_clear(&a); mp_clear(&q);
+  return err;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_div_2(void)
+{
+  mp_int  a;
+
+  mp_init(&a); mp_read_radix(&a, mp7, 16);
+  IFOK( mp_div_2(&a, &a) );
+  mp_toradix(&a, g_intbuf, 16);
+
+  mp_clear(&a);
+  if(strcmp(g_intbuf, q_mp7c2) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, q_mp7c2);
+    return 1;
+  }
+    
+  return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_div_2d(void)
+{
+  mp_int  a, q, r;
+
+  mp_init(&q); mp_init(&r);
+  mp_init(&a); mp_read_radix(&a, mp13, 16);
+
+  IFOK( mp_div_2d(&a, 64, &q, &r) );
+  mp_clear(&a);
+
+  mp_toradix(&q, g_intbuf, 16);
+
+  if(strcmp(g_intbuf, q_mp13c) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, q_mp13c);
+    mp_clear(&q); mp_clear(&r);
+    return 1;
+  }
+
+  mp_clear(&q);
+
+  mp_toradix(&r, g_intbuf, 16);
+  if(strcmp(g_intbuf, r_mp13c) != 0) {
+    reason("error, computed %s, expected %s\n", g_intbuf, r_mp13c);
+    mp_clear(&r);
+    return 1;
+  }
+
+  mp_clear(&r);
+  
+  return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_div(void)
+{
+  mp_int  a, b, r;
+  int     err = 0;
+
+  mp_init(&a); mp_init(&b); mp_init(&r);
+
+  mp_read_radix(&a, mp4, 16); mp_read_radix(&b, mp2, 16);
+  IFOK( mp_div(&a, &b, &a, &r) );
+  mp_toradix(&a, g_intbuf, 16);
+
+  if(strcmp(g_intbuf, q_mp42) != 0) {
+    reason("error: test 1 computed quot %s, expected %s\n", g_intbuf, q_mp42);
+    ++err;
+  }
+
+  mp_toradix(&r, g_intbuf, 16);
+
+  if(strcmp(g_intbuf, r_mp42) != 0) {
+    reason("error: test 1 computed rem %s, expected %s\n", g_intbuf, r_mp42);
+    ++err;
+  }
+
+  mp_read_radix(&a, mp4, 16); mp_read_radix(&b, mp5a, 16);
+  IFOK( mp_div(&a, &b, &a, &r) );
+  mp_toradix(&a, g_intbuf, 16);
+
+  if(strcmp(g_intbuf, q_mp45a) != 0) {
+    reason("error: test 2 computed quot %s, expected %s\n", g_intbuf, q_mp45a);
+    ++err;
+  }
+
+  mp_toradix(&r, g_intbuf, 16);
+
+  if(strcmp(g_intbuf, r_mp45a) != 0) {
+    reason("error: test 2 computed rem %s, expected %s\n", g_intbuf, r_mp45a);
+    ++err;
+  }
+
+  mp_read_radix(&a, mp14, 16); mp_read_radix(&b, mp4, 16);
+  IFOK( mp_div(&a, &b, &a, &r) );
+  mp_toradix(&a, g_intbuf, 16);
+
+  if(strcmp(g_intbuf, q_mp1404) != 0) {
+    reason("error: test 3 computed quot %s, expected %s\n", g_intbuf, q_mp1404);
+    ++err;
+  }
+
+  mp_toradix(&r, g_intbuf, 16);
+  
+  if(strcmp(g_intbuf, r_mp1404) != 0) {
+    reason("error: test 3 computed rem %s, expected %s\n", g_intbuf, r_mp1404);
+    ++err;
+  }
+
+  mp_clear(&a); mp_clear(&b); mp_clear(&r);
+
+  return err;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_expt_d(void)
+{
+  mp_int   a;
+
+  mp_init(&a); mp_read_radix(&a, mp5, 16);
+  mp_expt_d(&a, md9, &a);
+  mp_toradix(&a, g_intbuf, 16);
+
+  mp_clear(&a);
+  if(strcmp(g_intbuf, e_mp5d9) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, e_mp5d9);
+    return 1;
+  }
+
+  return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_expt(void)
+{
+  mp_int   a, b;
+
+  mp_init(&a); mp_init(&b);
+  mp_read_radix(&a, mp7, 16); mp_read_radix(&b, mp8, 16);
+
+  mp_expt(&a, &b, &a);
+  mp_toradix(&a, g_intbuf, 16);
+  mp_clear(&a); mp_clear(&b);
+
+  if(strcmp(g_intbuf, e_mp78) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, e_mp78);
+    return 1;
+  }
+
+  return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_2expt(void)
+{
+  mp_int   a;
+
+  mp_init(&a);
+  mp_2expt(&a, md3);
+  mp_toradix(&a, g_intbuf, 16);
+  mp_clear(&a);
+
+  if(strcmp(g_intbuf, e_mpc2d3) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, e_mpc2d3);
+    return 1;
+  }
+
+  return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_sqrt(void)
+{
+  mp_int  a;
+  int     res = 0;
+
+  mp_init(&a); mp_read_radix(&a, mp9, 16);
+  mp_sqrt(&a, &a);
+  mp_toradix(&a, g_intbuf, 16);
+
+  if(strcmp(g_intbuf, t_mp9) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, t_mp9);
+    res = 1; goto CLEANUP;
+  }
+
+  mp_read_radix(&a, mp15, 16);
+  mp_sqrt(&a, &a);
+  mp_toradix(&a, g_intbuf, 16);
+
+  if(strcmp(g_intbuf, t_mp15) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, t_mp15);
+    res = 1;
+  }
+
+ CLEANUP:
+  mp_clear(&a);
+  return res;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_mod_d(void)
+{
+  mp_int     a;
+  mp_digit   r;
+
+  mp_init(&a); mp_read_radix(&a, mp5, 16);
+  IFOK( mp_mod_d(&a, md5, &r) );
+  sprintf(g_intbuf, ZS_DIGIT_FMT, r);
+  mp_clear(&a);
+
+  if(strcmp(g_intbuf, r_mp5d5) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, r_mp5d5);
+    return 1;
+  }
+
+  return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_mod(void)
+{
+  mp_int  a, m;
+
+  mp_init(&a); mp_init(&m);
+  mp_read_radix(&a, mp4, 16); mp_read_radix(&m, mp7, 16);
+  IFOK( mp_mod(&a, &m, &a) );
+  mp_toradix(&a, g_intbuf, 16);
+  mp_clear(&a); mp_clear(&m);
+
+  if(strcmp(g_intbuf, r_mp47) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, r_mp47);
+    return 1;
+  }
+
+  return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_addmod(void)
+{
+  mp_int a, b, m;
+
+  mp_init(&a); mp_init(&b); mp_init(&m);
+  mp_read_radix(&a, mp3, 16); mp_read_radix(&b, mp4, 16);
+  mp_read_radix(&m, mp5, 16);
+
+  IFOK( mp_addmod(&a, &b, &m, &a) );
+  mp_toradix(&a, g_intbuf, 16);
+  mp_clear(&a); mp_clear(&b); mp_clear(&m);
+
+  if(strcmp(g_intbuf, ms_mp345) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, ms_mp345);
+    return 1;
+  }
+
+  return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_submod(void)
+{
+  mp_int a, b, m;
+
+  mp_init(&a); mp_init(&b); mp_init(&m);
+  mp_read_radix(&a, mp3, 16); mp_read_radix(&b, mp4, 16);
+  mp_read_radix(&m, mp5, 16);
+
+  IFOK( mp_submod(&a, &b, &m, &a) );
+  mp_toradix(&a, g_intbuf, 16);
+  mp_clear(&a); mp_clear(&b); mp_clear(&m);
+
+  if(strcmp(g_intbuf, md_mp345) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, md_mp345);
+    return 1;
+  }
+
+  return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_mulmod(void)
+{
+  mp_int a, b, m;
+
+  mp_init(&a); mp_init(&b); mp_init(&m);
+  mp_read_radix(&a, mp3, 16); mp_read_radix(&b, mp4, 16);
+  mp_read_radix(&m, mp5, 16);
+
+  IFOK( mp_mulmod(&a, &b, &m, &a) );
+  mp_toradix(&a, g_intbuf, 16);
+  mp_clear(&a); mp_clear(&b); mp_clear(&m);
+
+  if(strcmp(g_intbuf, mp_mp345) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, mp_mp345);
+    return 1;
+  }
+
+  return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_sqrmod(void)
+{
+  mp_int a, m;
+
+  mp_init(&a); mp_init(&m);
+  mp_read_radix(&a, mp3, 16); mp_read_radix(&m, mp5, 16);
+
+  IFOK( mp_sqrmod(&a, &m, &a) );
+  mp_toradix(&a, g_intbuf, 16);
+  mp_clear(&a); mp_clear(&m);
+
+  if(strcmp(g_intbuf, mp_mp335) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, mp_mp335);
+    return 1;
+  }
+
+  return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_exptmod(void)
+{
+  mp_int  a, b, m;
+  int     res = 0;
+
+  mp_init(&a); mp_init(&b); mp_init(&m);
+  mp_read_radix(&a, mp8, 16); mp_read_radix(&b, mp1, 16);
+  mp_read_radix(&m, mp7, 16);
+
+  IFOK( mp_exptmod(&a, &b, &m, &a) );
+  mp_toradix(&a, g_intbuf, 16);
+
+  if(strcmp(g_intbuf, me_mp817) != 0) {
+    reason("case 1: error: computed %s, expected %s\n", g_intbuf, me_mp817);
+    res = 1; goto CLEANUP;
+  }
+
+  mp_read_radix(&a, mp1, 16); mp_read_radix(&b, mp5, 16);
+  mp_read_radix(&m, mp12, 16);
+
+  IFOK( mp_exptmod(&a, &b, &m, &a) );
+  mp_toradix(&a, g_intbuf, 16);
+
+  if(strcmp(g_intbuf, me_mp1512) != 0) {
+    reason("case 2: error: computed %s, expected %s\n", g_intbuf, me_mp1512);
+    res = 1; goto CLEANUP;
+  }
+
+  mp_read_radix(&a, mp5, 16); mp_read_radix(&b, mp1, 16);
+  mp_read_radix(&m, mp14, 16);
+
+  IFOK( mp_exptmod(&a, &b, &m, &a) );
+  mp_toradix(&a, g_intbuf, 16);
+
+  if(strcmp(g_intbuf, me_mp5114) != 0) {
+    reason("case 3: error: computed %s, expected %s\n", g_intbuf, me_mp5114);
+    res = 1;
+  }
+
+  mp_read_radix(&a, mp16, 16); mp_read_radix(&b, mp17, 16);
+  mp_read_radix(&m, mp18, 16);
+
+  IFOK( mp_exptmod(&a, &b, &m, &a) );
+  mp_toradix(&a, g_intbuf, 16);
+
+  if(strcmp(g_intbuf, me_mp161718) != 0) {
+    reason("case 4: error: computed %s, expected %s\n", g_intbuf, me_mp161718);
+    res = 1;
+  }
+
+ CLEANUP:
+  mp_clear(&a); mp_clear(&b); mp_clear(&m);
+  return res;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_exptmod_d(void)
+{
+  mp_int  a, m;
+
+  mp_init(&a); mp_init(&m);
+  mp_read_radix(&a, mp5, 16); mp_read_radix(&m, mp7, 16);
+
+  IFOK( mp_exptmod_d(&a, md4, &m, &a) );
+  mp_toradix(&a, g_intbuf, 16);
+  mp_clear(&a); mp_clear(&m);
+
+  if(strcmp(g_intbuf, me_mp5d47) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, me_mp5d47);
+    return 1;
+  }
+
+  return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_invmod(void)
+{
+  mp_int  a, m, c;
+  mp_int  p1, p2, p3, p4, p5;
+  mp_int  t1, t2, t3, t4;
+  mp_err  res;
+
+  /* 5 128-bit primes. */
+  static const char ivp1[] = { "AAD8A5A2A2BEF644BAEE7DB0CA643719" };
+  static const char ivp2[] = { "CB371AD2B79A90BCC88D0430663E40B9" };
+  static const char ivp3[] = { "C6C818D4DF2618406CA09280C0400099" };
+  static const char ivp4[] = { "CE949C04512E68918006B1F0D7E93F27" };
+  static const char ivp5[] = { "F8EE999B6416645040687440E0B89F51" };
+
+  mp_init(&a); mp_init(&m);
+  mp_read_radix(&a, mp2, 16); mp_read_radix(&m, mp7, 16);
+
+  IFOK( mp_invmod(&a, &m, &a) );
+
+  mp_toradix(&a, g_intbuf, 16);
+  mp_clear(&a); mp_clear(&m);
+
+  if(strcmp(g_intbuf, i_mp27) != 0) {
+    reason("error: invmod test 1 computed %s, expected %s\n", g_intbuf, i_mp27);
+    return 1;
+  }
+
+  mp_init(&a); mp_init(&m);
+  mp_read_radix(&a, mp20, 16); mp_read_radix(&m, mp19, 16);
+
+  IFOK( mp_invmod(&a, &m, &a) );
+
+  mp_toradix(&a, g_intbuf, 16);
+  mp_clear(&a); mp_clear(&m);
+
+  if(strcmp(g_intbuf, i_mp2019) != 0) {
+    reason("error: invmod test 2 computed %s, expected %s\n", g_intbuf, i_mp2019);
+    return 1;
+  }
+
+/* Need the following test cases:
+  Odd modulus
+    - a is odd,      relatively prime to m
+    - a is odd,  not relatively prime to m
+    - a is even,     relatively prime to m
+    - a is even, not relatively prime to m
+  Even modulus
+    - a is even  (should fail)
+    - a is odd,  not relatively prime to m
+    - a is odd,      relatively prime to m,
+      m is not a power of 2
+	- m has factor 2**k, k < 32
+	- m has factor 2**k, k > 32
+      m is a power of 2, 2**k
+	- k < 32
+	- k > 32
+*/
+
+  mp_init(&a);  mp_init(&m);  mp_init(&c);  
+  mp_init(&p1); mp_init(&p2); mp_init(&p3); mp_init(&p4); mp_init(&p5); 
+  mp_init(&t1); mp_init(&t2); mp_init(&t3); mp_init(&t4); 
+
+  mp_read_radix(&p1, ivp1, 16);
+  mp_read_radix(&p2, ivp2, 16);
+  mp_read_radix(&p3, ivp3, 16);
+  mp_read_radix(&p4, ivp4, 16);
+  mp_read_radix(&p5, ivp5, 16);
+
+  IFOK( mp_2expt(&t2, 68) );	/* t2 = 2**68 */
+  IFOK( mp_2expt(&t3, 128) );	/* t3 = 2**128 */
+  IFOK( mp_2expt(&t4, 31) );	/* t4 = 2**31 */
+
+/* test 3: Odd modulus - a is odd, relatively prime to m */
+
+  IFOK( mp_mul(&p1, &p2, &a) );
+  IFOK( mp_mul(&p3, &p4, &m) );
+  IFOK( mp_invmod(&a, &m, &t1) );
+  IFOK( mp_invmod_xgcd(&a, &m, &c) );
+
+  if (mp_cmp(&t1, &c) != 0) {
+    mp_toradix(&t1, g_intbuf, 16);
+    mp_toradix(&c,  a_intbuf, 16);
+    reason("error: invmod test 3 computed %s, expected %s\n", 
+           g_intbuf, a_intbuf);
+    return 1;
+  }
+  mp_clear(&a);  mp_clear(&t1); mp_clear(&c);  
+  mp_init(&a);   mp_init(&t1);  mp_init(&c);   
+
+/* test 4: Odd modulus - a is odd, NOT relatively prime to m */
+
+  IFOK( mp_mul(&p1, &p3, &a) );
+  /* reuse same m as before */
+
+  res = mp_invmod_xgcd(&a, &m, &c);
+  if (res != MP_UNDEF) 
+    goto CLEANUP4;
+
+  res = mp_invmod(&a, &m, &t1); /* we expect this to fail. */
+  if (res != MP_UNDEF) {
+CLEANUP4:
+    reason("error: invmod test 4 succeeded, should have failed.\n");
+    return 1;
+  }
+  mp_clear(&a);  mp_clear(&t1); mp_clear(&c);  
+  mp_init(&a);   mp_init(&t1);  mp_init(&c);   
+
+/* test 5: Odd modulus - a is even, relatively prime to m */
+
+  IFOK( mp_mul(&p1, &t2, &a) );
+  /* reuse m */
+  IFOK( mp_invmod(&a, &m, &t1) );
+  IFOK( mp_invmod_xgcd(&a, &m, &c) );
+
+  if (mp_cmp(&t1, &c) != 0) {
+    mp_toradix(&t1, g_intbuf, 16);
+    mp_toradix(&c,  a_intbuf, 16);
+    reason("error: invmod test 5 computed %s, expected %s\n", 
+           g_intbuf, a_intbuf);
+    return 1;
+  }
+  mp_clear(&a);  mp_clear(&t1); mp_clear(&c);  
+  mp_init(&a);   mp_init(&t1);  mp_init(&c);   
+
+/* test 6: Odd modulus - a is odd, NOT relatively prime to m */
+
+  /* reuse t2 */
+  IFOK( mp_mul(&t2, &p3, &a) );
+  /* reuse same m as before */
+
+  res = mp_invmod_xgcd(&a, &m, &c);
+  if (res != MP_UNDEF) 
+    goto CLEANUP6;
+
+  res = mp_invmod(&a, &m, &t1); /* we expect this to fail. */
+  if (res != MP_UNDEF) {
+CLEANUP6:
+    reason("error: invmod test 6 succeeded, should have failed.\n");
+    return 1;
+  }
+  mp_clear(&a);  mp_clear(&m); mp_clear(&c);  mp_clear(&t1); 
+  mp_init(&a);   mp_init(&m);  mp_init(&c);   mp_init(&t1); 
+
+/* test 7: Even modulus, even a, should fail */
+
+  IFOK( mp_mul(&p3, &t3, &m) ); /* even m */
+  /* reuse t2 */
+  IFOK( mp_mul(&p1, &t2, &a) ); /* even a */
+
+  res = mp_invmod_xgcd(&a, &m, &c);
+  if (res != MP_UNDEF) 
+    goto CLEANUP7;
+
+  res = mp_invmod(&a, &m, &t1); /* we expect this to fail. */
+  if (res != MP_UNDEF) {
+CLEANUP7:
+    reason("error: invmod test 7 succeeded, should have failed.\n");
+    return 1;
+  }
+  mp_clear(&a);  mp_clear(&c);  mp_clear(&t1); 
+  mp_init(&a);   mp_init(&c);   mp_init(&t1); 
+
+/* test 8: Even modulus    - a is odd,  not relatively prime to m */
+
+  /* reuse m */
+  IFOK( mp_mul(&p3, &p1, &a) ); /* even a */
+
+  res = mp_invmod_xgcd(&a, &m, &c);
+  if (res != MP_UNDEF) 
+    goto CLEANUP8;
+
+  res = mp_invmod(&a, &m, &t1); /* we expect this to fail. */
+  if (res != MP_UNDEF) {
+CLEANUP8:
+    reason("error: invmod test 8 succeeded, should have failed.\n");
+    return 1;
+  }
+  mp_clear(&a);  mp_clear(&m); mp_clear(&c);  mp_clear(&t1); 
+  mp_init(&a);   mp_init(&m);  mp_init(&c);   mp_init(&t1); 
+
+/* test 9: Even modulus    - m has factor 2**k, k < 32
+ *	                   - a is odd, relatively prime to m,
+ */
+  IFOK( mp_mul(&p3, &t4, &m) ); /* even m */
+  IFOK( mp_mul(&p1, &p2, &a) );
+  IFOK( mp_invmod(&a, &m, &t1) );
+  IFOK( mp_invmod_xgcd(&a, &m, &c) );
+
+  if (mp_cmp(&t1, &c) != 0) {
+    mp_toradix(&t1, g_intbuf, 16);
+    mp_toradix(&c,  a_intbuf, 16);
+    reason("error: invmod test 9 computed %s, expected %s\n", 
+           g_intbuf, a_intbuf);
+    return 1;
+  }
+  mp_clear(&m);  mp_clear(&t1); mp_clear(&c);  
+  mp_init(&m);   mp_init(&t1);  mp_init(&c);   
+
+/* test 10: Even modulus    - m has factor 2**k, k > 32
+ *	                    - a is odd, relatively prime to m,
+ */
+  IFOK( mp_mul(&p3, &t3, &m) ); /* even m */
+  /* reuse a */
+  IFOK( mp_invmod(&a, &m, &t1) );
+  IFOK( mp_invmod_xgcd(&a, &m, &c) );
+
+  if (mp_cmp(&t1, &c) != 0) {
+    mp_toradix(&t1, g_intbuf, 16);
+    mp_toradix(&c,  a_intbuf, 16);
+    reason("error: invmod test 10 computed %s, expected %s\n", 
+           g_intbuf, a_intbuf);
+    return 1;
+  }
+  mp_clear(&t1); mp_clear(&c);  
+  mp_init(&t1);  mp_init(&c);   
+
+/* test 11: Even modulus    - m is a power of 2, 2**k | k < 32
+ *                          - a is odd, relatively prime to m,
+ */
+  IFOK( mp_invmod(&a, &t4, &t1) );
+  IFOK( mp_invmod_xgcd(&a, &t4, &c) );
+
+  if (mp_cmp(&t1, &c) != 0) {
+    mp_toradix(&t1, g_intbuf, 16);
+    mp_toradix(&c,  a_intbuf, 16);
+    reason("error: invmod test 11 computed %s, expected %s\n", 
+           g_intbuf, a_intbuf);
+    return 1;
+  }
+  mp_clear(&t1); mp_clear(&c);  
+  mp_init(&t1);  mp_init(&c);   
+
+/* test 12: Even modulus    - m is a power of 2, 2**k | k > 32
+ *                          - a is odd, relatively prime to m,
+ */
+  IFOK( mp_invmod(&a, &t3, &t1) );
+  IFOK( mp_invmod_xgcd(&a, &t3, &c) );
+
+  if (mp_cmp(&t1, &c) != 0) {
+    mp_toradix(&t1, g_intbuf, 16);
+    mp_toradix(&c,  a_intbuf, 16);
+    reason("error: invmod test 12 computed %s, expected %s\n", 
+           g_intbuf, a_intbuf);
+    return 1;
+  }
+
+  mp_clear(&a);  mp_clear(&m);  mp_clear(&c);  
+  mp_clear(&t1); mp_clear(&t2); mp_clear(&t3); mp_clear(&t4); 
+  mp_clear(&p1); mp_clear(&p2); mp_clear(&p3); mp_clear(&p4); mp_clear(&p5); 
+
+  return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_cmp_d(void)
+{
+  mp_int  a;
+
+  mp_init(&a); mp_read_radix(&a, mp8, 16);
+
+  if(mp_cmp_d(&a, md8) >= 0) {
+    reason("error: %s >= " DIGIT_FMT "\n", mp8, md8);
+    mp_clear(&a);
+    return 1;
+  }
+
+  mp_read_radix(&a, mp5, 16);
+
+  if(mp_cmp_d(&a, md8) <= 0) {
+    reason("error: %s <= " DIGIT_FMT "\n", mp5, md8);
+    mp_clear(&a);
+    return 1;
+  }
+
+  mp_read_radix(&a, mp6, 16);
+
+  if(mp_cmp_d(&a, md1) != 0) {
+    reason("error: %s != " DIGIT_FMT "\n", mp6, md1);
+    mp_clear(&a);
+    return 1;
+  }
+
+  mp_clear(&a);
+  return 0;
+
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_cmp_z(void)
+{
+  mp_int  a;
+
+  mp_init(&a); mp_read_radix(&a, mp6, 16);
+
+  if(mp_cmp_z(&a) != 0) {
+    reason("error: someone thinks a zero value is non-zero\n");
+    mp_clear(&a);
+    return 1;
+  }
+
+  mp_read_radix(&a, mp1, 16);
+  
+  if(mp_cmp_z(&a) <= 0) {
+    reason("error: someone thinks a positive value is non-positive\n");
+    mp_clear(&a);
+    return 1;
+  }
+
+  mp_read_radix(&a, mp4, 16);
+
+  if(mp_cmp_z(&a) >= 0) {
+    reason("error: someone thinks a negative value is non-negative\n");
+    mp_clear(&a);
+    return 1;
+  }
+
+  mp_clear(&a);
+  return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_cmp(void)
+{
+  mp_int  a, b;
+
+  mp_init(&a); mp_init(&b);
+  mp_read_radix(&a, mp3, 16); mp_read_radix(&b, mp4, 16);
+
+  if(mp_cmp(&a, &b) <= 0) {
+    reason("error: %s <= %s\n", mp3, mp4);
+    mp_clear(&a); mp_clear(&b);
+    return 1;
+  }
+
+  mp_read_radix(&b, mp3, 16);
+  if(mp_cmp(&a, &b) != 0) {
+    reason("error: %s != %s\n", mp3, mp3);
+    mp_clear(&a); mp_clear(&b);
+    return 1;
+  }
+
+  mp_read_radix(&a, mp5, 16);
+  if(mp_cmp(&a, &b) >= 0) {
+    reason("error: %s >= %s\n", mp5, mp3);
+    mp_clear(&a); mp_clear(&b);
+    return 1;
+  }
+
+  mp_read_radix(&a, mp5a, 16);
+  if(mp_cmp_int(&a, 1000000) >= 0 ||
+     (mp_cmp_int(&a, -5000000) <= 0) ||
+     (mp_cmp_int(&a, -4938110) != 0)) {
+    reason("error: long integer comparison failed (%s)", mp5a);
+    mp_clear(&a); mp_clear(&b);
+    return 1;
+  }
+
+  mp_clear(&a); mp_clear(&b);
+  return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_cmp_mag(void)
+{
+  mp_int  a, b;
+
+  mp_init(&a); mp_init(&b);
+  mp_read_radix(&a, mp5, 16); mp_read_radix(&b, mp4, 16);
+
+  if(mp_cmp_mag(&a, &b) >= 0) {
+    reason("error: %s >= %s\n", mp5, mp4);
+    mp_clear(&a); mp_clear(&b);
+    return 1;
+  }
+
+  mp_read_radix(&b, mp5, 16);
+  if(mp_cmp_mag(&a, &b) != 0) {
+    reason("error: %s != %s\n", mp5, mp5);
+    mp_clear(&a); mp_clear(&b);
+    return 1;
+  }
+
+  mp_read_radix(&a, mp1, 16);
+  if(mp_cmp_mag(&b, &a) >= 0) {
+    reason("error: %s >= %s\n", mp5, mp1);
+    mp_clear(&a); mp_clear(&b);
+    return 1;
+  }
+
+  mp_clear(&a); mp_clear(&b);
+  return 0;
+
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_parity(void)
+{
+  mp_int  a;
+
+  mp_init(&a); mp_read_radix(&a, mp1, 16);
+
+  if(!mp_isodd(&a)) {
+    reason("error: expected operand to be odd, but it isn't\n");
+    mp_clear(&a);
+    return 1;
+  }
+
+  mp_read_radix(&a, mp6, 16);
+  
+  if(!mp_iseven(&a)) {
+    reason("error: expected operand to be even, but it isn't\n");
+    mp_clear(&a);
+    return 1;
+  }
+
+  mp_clear(&a);
+  return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_gcd(void)
+{
+  mp_int  a, b;
+  int     out = 0;
+
+  mp_init(&a); mp_init(&b);
+  mp_read_radix(&a, mp7, 16); mp_read_radix(&b, mp1, 16);
+
+  mp_gcd(&a, &b, &a);
+  mp_toradix(&a, g_intbuf, 16);
+
+  if(strcmp(g_intbuf, g_mp71) != 0) {
+    reason("error: computed %s, expected %s\n", g_intbuf, g_mp71);
+    out = 1;
+  }
+
+  mp_clear(&a); mp_clear(&b);
+  return out;
+
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_lcm(void)
+{
+  mp_int  a, b;
+  int     out = 0;
+
+  mp_init(&a); mp_init(&b);
+  mp_read_radix(&a, mp10, 16); mp_read_radix(&b, mp11, 16);
+
+  mp_lcm(&a, &b, &a);
+  mp_toradix(&a, g_intbuf, 16);
+
+  if(strcmp(g_intbuf, l_mp1011) != 0) {
+    reason("error: computed %s, expected%s\n", g_intbuf, l_mp1011);
+    out = 1;
+  }
+
+  mp_clear(&a); mp_clear(&b);
+
+  return out;
+
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_convert(void)
+{
+  int    ix;
+  mp_int a;
+
+  mp_init(&a); mp_read_radix(&a, mp9, 16);
+
+  for(ix = LOW_RADIX; ix <= HIGH_RADIX; ix++) {
+    mp_toradix(&a, g_intbuf, ix);
+
+    if(strcmp(g_intbuf, v_mp9[ix - LOW_RADIX]) != 0) {
+      reason("error: radix %d, computed %s, expected %s\n",
+	     ix, g_intbuf, v_mp9[ix - LOW_RADIX]);
+      mp_clear(&a);
+      return 1;
+    }
+  }
+
+  mp_clear(&a);
+  return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_raw(void)
+{
+  int    len, out = 0;
+  mp_int a;
+  char   *buf;
+
+  mp_init(&a); mp_read_radix(&a, mp4, 16);
+
+  len = mp_raw_size(&a);
+  if(len != sizeof(b_mp4)) {
+    reason("error: test_raw: expected length %d, computed %d\n", sizeof(b_mp4),
+	   len);
+    mp_clear(&a);
+    return 1;
+  }
+
+  buf = calloc(len, sizeof(char));
+  mp_toraw(&a, buf);
+
+  if(memcmp(buf, b_mp4, sizeof(b_mp4)) != 0) {
+    reason("error: test_raw: binary output does not match test vector\n");
+    out = 1;
+  }
+
+  free(buf);
+  mp_clear(&a);
+
+  return out;
+
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_pprime(void)
+{
+  mp_int   p;
+  int      err = 0;
+  mp_err   res;
+
+  mp_init(&p);
+  mp_read_radix(&p, mp7, 16);
+
+  if(mpp_pprime(&p, 5) != MP_YES) {
+    reason("error: %s failed Rabin-Miller test, but is prime\n", mp7);
+    err = 1;
+  }
+
+  IFOK( mp_set_int(&p, 9) );
+  res = mpp_pprime(&p, 50);
+  if (res == MP_YES) {
+    reason("error: 9 is composite but passed Rabin-Miller test\n");
+    err = 1;
+  } else if (res != MP_NO) {
+    reason("test mpp_pprime(9, 50) failed: error %d\n", res); 
+    err = 1;
+  }
+
+  IFOK( mp_set_int(&p, 15) );
+  res = mpp_pprime(&p, 50);
+  if (res == MP_YES) {
+    reason("error: 15 is composite but passed Rabin-Miller test\n");
+    err = 1;
+  } else if (res != MP_NO) {
+    reason("test mpp_pprime(15, 50) failed: error %d\n", res); 
+    err = 1;
+  }
+
+  mp_clear(&p);
+
+  return err;
+
+}
+
+/*------------------------------------------------------------------------*/
+
+int test_fermat(void)
+{
+  mp_int p;
+  mp_err res;
+  int    err = 0;
+
+  mp_init(&p);
+  mp_read_radix(&p, mp7, 16);
+  
+  if((res = mpp_fermat(&p, 2)) != MP_YES) {
+    reason("error: %s failed Fermat test on 2: %s\n", mp7, 
+	   mp_strerror(res));
+    ++err;
+  }
+
+  if((res = mpp_fermat(&p, 3)) != MP_YES) {
+    reason("error: %s failed Fermat test on 3: %s\n", mp7, 
+	   mp_strerror(res));
+    ++err;
+  }
+
+  mp_clear(&p);
+
+  return err;
+
+}
+
+/*------------------------------------------------------------------------*/
+/* Like fprintf(), but only if we are behaving in a verbose manner        */
+
+void reason(char *fmt, ...)
+{
+  va_list    ap;
+
+  if(!g_verbose)
+    return;
+
+  va_start(ap, fmt);
+  vfprintf(stderr, fmt, ap);
+  va_end(ap);
+}
+
+/*------------------------------------------------------------------------*/
+/* HERE THERE BE DRAGONS                                                  */
diff --git a/security/nss/lib/freebl/mpi/mpi.c b/security/nss/lib/freebl/mpi/mpi.c
new file mode 100644
index 000000000..be062f66d
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mpi.c
@@ -0,0 +1,4850 @@
+/*
+ *  mpi.c
+ *
+ *  Arbitrary precision integer arithmetic library
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Netscape Communications Corporation
+ *   Douglas Stebila <douglas@stebila.ca> of Sun Laboratories.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include "mpi-priv.h"
+#if defined(OSF1)
+#include <c_asm.h>
+#endif
+
+#if MP_LOGTAB
+/*
+  A table of the logs of 2 for various bases (the 0 and 1 entries of
+  this table are meaningless and should not be referenced).  
+
+  This table is used to compute output lengths for the mp_toradix()
+  function.  Since a number n in radix r takes up about log_r(n)
+  digits, we estimate the output size by taking the least integer
+  greater than log_r(n), where:
+
+  log_r(n) = log_2(n) * log_r(2)
+
+  This table, therefore, is a table of log_r(2) for 2 <= r <= 36,
+  which are the output bases supported.  
+ */
+#include "logtab.h"
+#endif
+
+/* {{{ Constant strings */
+
+/* Constant strings returned by mp_strerror() */
+static const char *mp_err_string[] = {
+  "unknown result code",     /* say what?            */
+  "boolean true",            /* MP_OKAY, MP_YES      */
+  "boolean false",           /* MP_NO                */
+  "out of memory",           /* MP_MEM               */
+  "argument out of range",   /* MP_RANGE             */
+  "invalid input parameter", /* MP_BADARG            */
+  "result is undefined"      /* MP_UNDEF             */
+};
+
+/* Value to digit maps for radix conversion   */
+
+/* s_dmap_1 - standard digits and letters */
+static const char *s_dmap_1 = 
+  "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/";
+
+/* }}} */
+
+unsigned long mp_allocs;
+unsigned long mp_frees;
+unsigned long mp_copies;
+
+/* {{{ Default precision manipulation */
+
+/* Default precision for newly created mp_int's      */
+static mp_size s_mp_defprec = MP_DEFPREC;
+
+mp_size mp_get_prec(void)
+{
+  return s_mp_defprec;
+
+} /* end mp_get_prec() */
+
+void         mp_set_prec(mp_size prec)
+{
+  if(prec == 0)
+    s_mp_defprec = MP_DEFPREC;
+  else
+    s_mp_defprec = prec;
+
+} /* end mp_set_prec() */
+
+/* }}} */
+
+/*------------------------------------------------------------------------*/
+/* {{{ mp_init(mp) */
+
+/*
+  mp_init(mp)
+
+  Initialize a new zero-valued mp_int.  Returns MP_OKAY if successful,
+  MP_MEM if memory could not be allocated for the structure.
+ */
+
+mp_err mp_init(mp_int *mp)
+{
+  return mp_init_size(mp, s_mp_defprec);
+
+} /* end mp_init() */
+
+/* }}} */
+
+/* {{{ mp_init_size(mp, prec) */
+
+/*
+  mp_init_size(mp, prec)
+
+  Initialize a new zero-valued mp_int with at least the given
+  precision; returns MP_OKAY if successful, or MP_MEM if memory could
+  not be allocated for the structure.
+ */
+
+mp_err mp_init_size(mp_int *mp, mp_size prec)
+{
+  ARGCHK(mp != NULL && prec > 0, MP_BADARG);
+
+  prec = MP_ROUNDUP(prec, s_mp_defprec);
+  if((DIGITS(mp) = s_mp_alloc(prec, sizeof(mp_digit))) == NULL)
+    return MP_MEM;
+
+  SIGN(mp) = ZPOS;
+  USED(mp) = 1;
+  ALLOC(mp) = prec;
+
+  return MP_OKAY;
+
+} /* end mp_init_size() */
+
+/* }}} */
+
+/* {{{ mp_init_copy(mp, from) */
+
+/*
+  mp_init_copy(mp, from)
+
+  Initialize mp as an exact copy of from.  Returns MP_OKAY if
+  successful, MP_MEM if memory could not be allocated for the new
+  structure.
+ */
+
+mp_err mp_init_copy(mp_int *mp, const mp_int *from)
+{
+  ARGCHK(mp != NULL && from != NULL, MP_BADARG);
+
+  if(mp == from)
+    return MP_OKAY;
+
+  if((DIGITS(mp) = s_mp_alloc(ALLOC(from), sizeof(mp_digit))) == NULL)
+    return MP_MEM;
+
+  s_mp_copy(DIGITS(from), DIGITS(mp), USED(from));
+  USED(mp) = USED(from);
+  ALLOC(mp) = ALLOC(from);
+  SIGN(mp) = SIGN(from);
+
+  return MP_OKAY;
+
+} /* end mp_init_copy() */
+
+/* }}} */
+
+/* {{{ mp_copy(from, to) */
+
+/*
+  mp_copy(from, to)
+
+  Copies the mp_int 'from' to the mp_int 'to'.  It is presumed that
+  'to' has already been initialized (if not, use mp_init_copy()
+  instead). If 'from' and 'to' are identical, nothing happens.
+ */
+
+mp_err mp_copy(const mp_int *from, mp_int *to)
+{
+  ARGCHK(from != NULL && to != NULL, MP_BADARG);
+
+  if(from == to)
+    return MP_OKAY;
+
+  ++mp_copies;
+  { /* copy */
+    mp_digit   *tmp;
+
+    /*
+      If the allocated buffer in 'to' already has enough space to hold
+      all the used digits of 'from', we'll re-use it to avoid hitting
+      the memory allocater more than necessary; otherwise, we'd have
+      to grow anyway, so we just allocate a hunk and make the copy as
+      usual
+     */
+    if(ALLOC(to) >= USED(from)) {
+      s_mp_setz(DIGITS(to) + USED(from), ALLOC(to) - USED(from));
+      s_mp_copy(DIGITS(from), DIGITS(to), USED(from));
+      
+    } else {
+      if((tmp = s_mp_alloc(ALLOC(from), sizeof(mp_digit))) == NULL)
+	return MP_MEM;
+
+      s_mp_copy(DIGITS(from), tmp, USED(from));
+
+      if(DIGITS(to) != NULL) {
+#if MP_CRYPTO
+	s_mp_setz(DIGITS(to), ALLOC(to));
+#endif
+	s_mp_free(DIGITS(to));
+      }
+
+      DIGITS(to) = tmp;
+      ALLOC(to) = ALLOC(from);
+    }
+
+    /* Copy the precision and sign from the original */
+    USED(to) = USED(from);
+    SIGN(to) = SIGN(from);
+  } /* end copy */
+
+  return MP_OKAY;
+
+} /* end mp_copy() */
+
+/* }}} */
+
+/* {{{ mp_exch(mp1, mp2) */
+
+/*
+  mp_exch(mp1, mp2)
+
+  Exchange mp1 and mp2 without allocating any intermediate memory
+  (well, unless you count the stack space needed for this call and the
+  locals it creates...).  This cannot fail.
+ */
+
+void mp_exch(mp_int *mp1, mp_int *mp2)
+{
+#if MP_ARGCHK == 2
+  assert(mp1 != NULL && mp2 != NULL);
+#else
+  if(mp1 == NULL || mp2 == NULL)
+    return;
+#endif
+
+  s_mp_exch(mp1, mp2);
+
+} /* end mp_exch() */
+
+/* }}} */
+
+/* {{{ mp_clear(mp) */
+
+/*
+  mp_clear(mp)
+
+  Release the storage used by an mp_int, and void its fields so that
+  if someone calls mp_clear() again for the same int later, we won't
+  get tollchocked.
+ */
+
+void   mp_clear(mp_int *mp)
+{
+  if(mp == NULL)
+    return;
+
+  if(DIGITS(mp) != NULL) {
+#if MP_CRYPTO
+    s_mp_setz(DIGITS(mp), ALLOC(mp));
+#endif
+    s_mp_free(DIGITS(mp));
+    DIGITS(mp) = NULL;
+  }
+
+  USED(mp) = 0;
+  ALLOC(mp) = 0;
+
+} /* end mp_clear() */
+
+/* }}} */
+
+/* {{{ mp_zero(mp) */
+
+/*
+  mp_zero(mp) 
+
+  Set mp to zero.  Does not change the allocated size of the structure,
+  and therefore cannot fail (except on a bad argument, which we ignore)
+ */
+void   mp_zero(mp_int *mp)
+{
+  if(mp == NULL)
+    return;
+
+  s_mp_setz(DIGITS(mp), ALLOC(mp));
+  USED(mp) = 1;
+  SIGN(mp) = ZPOS;
+
+} /* end mp_zero() */
+
+/* }}} */
+
+/* {{{ mp_set(mp, d) */
+
+void   mp_set(mp_int *mp, mp_digit d)
+{
+  if(mp == NULL)
+    return;
+
+  mp_zero(mp);
+  DIGIT(mp, 0) = d;
+
+} /* end mp_set() */
+
+/* }}} */
+
+/* {{{ mp_set_int(mp, z) */
+
+mp_err mp_set_int(mp_int *mp, long z)
+{
+  int            ix;
+  unsigned long  v = labs(z);
+  mp_err         res;
+
+  ARGCHK(mp != NULL, MP_BADARG);
+
+  mp_zero(mp);
+  if(z == 0)
+    return MP_OKAY;  /* shortcut for zero */
+
+  if (sizeof v <= sizeof(mp_digit)) {
+    DIGIT(mp,0) = v;
+  } else {
+    for (ix = sizeof(long) - 1; ix >= 0; ix--) {
+      if ((res = s_mp_mul_d(mp, (UCHAR_MAX + 1))) != MP_OKAY)
+	return res;
+
+      res = s_mp_add_d(mp, (mp_digit)((v >> (ix * CHAR_BIT)) & UCHAR_MAX));
+      if (res != MP_OKAY)
+	return res;
+    }
+  }
+  if(z < 0)
+    SIGN(mp) = NEG;
+
+  return MP_OKAY;
+
+} /* end mp_set_int() */
+
+/* }}} */
+
+/* {{{ mp_set_ulong(mp, z) */
+
+mp_err mp_set_ulong(mp_int *mp, unsigned long z)
+{
+  int            ix;
+  mp_err         res;
+
+  ARGCHK(mp != NULL, MP_BADARG);
+
+  mp_zero(mp);
+  if(z == 0)
+    return MP_OKAY;  /* shortcut for zero */
+
+  if (sizeof z <= sizeof(mp_digit)) {
+    DIGIT(mp,0) = z;
+  } else {
+    for (ix = sizeof(long) - 1; ix >= 0; ix--) {
+      if ((res = s_mp_mul_d(mp, (UCHAR_MAX + 1))) != MP_OKAY)
+	return res;
+
+      res = s_mp_add_d(mp, (mp_digit)((z >> (ix * CHAR_BIT)) & UCHAR_MAX));
+      if (res != MP_OKAY)
+	return res;
+    }
+  }
+  return MP_OKAY;
+} /* end mp_set_ulong() */
+
+/* }}} */
+
+/*------------------------------------------------------------------------*/
+/* {{{ Digit arithmetic */
+
+/* {{{ mp_add_d(a, d, b) */
+
+/*
+  mp_add_d(a, d, b)
+
+  Compute the sum b = a + d, for a single digit d.  Respects the sign of
+  its primary addend (single digits are unsigned anyway).
+ */
+
+mp_err mp_add_d(const mp_int *a, mp_digit d, mp_int *b)
+{
+  mp_int   tmp;
+  mp_err   res;
+
+  ARGCHK(a != NULL && b != NULL, MP_BADARG);
+
+  if((res = mp_init_copy(&tmp, a)) != MP_OKAY)
+    return res;
+
+  if(SIGN(&tmp) == ZPOS) {
+    if((res = s_mp_add_d(&tmp, d)) != MP_OKAY)
+      goto CLEANUP;
+  } else if(s_mp_cmp_d(&tmp, d) >= 0) {
+    if((res = s_mp_sub_d(&tmp, d)) != MP_OKAY)
+      goto CLEANUP;
+  } else {
+    mp_neg(&tmp, &tmp);
+
+    DIGIT(&tmp, 0) = d - DIGIT(&tmp, 0);
+  }
+
+  if(s_mp_cmp_d(&tmp, 0) == 0)
+    SIGN(&tmp) = ZPOS;
+
+  s_mp_exch(&tmp, b);
+
+CLEANUP:
+  mp_clear(&tmp);
+  return res;
+
+} /* end mp_add_d() */
+
+/* }}} */
+
+/* {{{ mp_sub_d(a, d, b) */
+
+/*
+  mp_sub_d(a, d, b)
+
+  Compute the difference b = a - d, for a single digit d.  Respects the
+  sign of its subtrahend (single digits are unsigned anyway).
+ */
+
+mp_err mp_sub_d(const mp_int *a, mp_digit d, mp_int *b)
+{
+  mp_int   tmp;
+  mp_err   res;
+
+  ARGCHK(a != NULL && b != NULL, MP_BADARG);
+
+  if((res = mp_init_copy(&tmp, a)) != MP_OKAY)
+    return res;
+
+  if(SIGN(&tmp) == NEG) {
+    if((res = s_mp_add_d(&tmp, d)) != MP_OKAY)
+      goto CLEANUP;
+  } else if(s_mp_cmp_d(&tmp, d) >= 0) {
+    if((res = s_mp_sub_d(&tmp, d)) != MP_OKAY)
+      goto CLEANUP;
+  } else {
+    mp_neg(&tmp, &tmp);
+
+    DIGIT(&tmp, 0) = d - DIGIT(&tmp, 0);
+    SIGN(&tmp) = NEG;
+  }
+
+  if(s_mp_cmp_d(&tmp, 0) == 0)
+    SIGN(&tmp) = ZPOS;
+
+  s_mp_exch(&tmp, b);
+
+CLEANUP:
+  mp_clear(&tmp);
+  return res;
+
+} /* end mp_sub_d() */
+
+/* }}} */
+
+/* {{{ mp_mul_d(a, d, b) */
+
+/*
+  mp_mul_d(a, d, b)
+
+  Compute the product b = a * d, for a single digit d.  Respects the sign
+  of its multiplicand (single digits are unsigned anyway)
+ */
+
+mp_err mp_mul_d(const mp_int *a, mp_digit d, mp_int *b)
+{
+  mp_err  res;
+
+  ARGCHK(a != NULL && b != NULL, MP_BADARG);
+
+  if(d == 0) {
+    mp_zero(b);
+    return MP_OKAY;
+  }
+
+  if((res = mp_copy(a, b)) != MP_OKAY)
+    return res;
+
+  res = s_mp_mul_d(b, d);
+
+  return res;
+
+} /* end mp_mul_d() */
+
+/* }}} */
+
+/* {{{ mp_mul_2(a, c) */
+
+mp_err mp_mul_2(const mp_int *a, mp_int *c)
+{
+  mp_err  res;
+
+  ARGCHK(a != NULL && c != NULL, MP_BADARG);
+
+  if((res = mp_copy(a, c)) != MP_OKAY)
+    return res;
+
+  return s_mp_mul_2(c);
+
+} /* end mp_mul_2() */
+
+/* }}} */
+
+/* {{{ mp_div_d(a, d, q, r) */
+
+/*
+  mp_div_d(a, d, q, r)
+
+  Compute the quotient q = a / d and remainder r = a mod d, for a
+  single digit d.  Respects the sign of its divisor (single digits are
+  unsigned anyway).
+ */
+
+mp_err mp_div_d(const mp_int *a, mp_digit d, mp_int *q, mp_digit *r)
+{
+  mp_err   res;
+  mp_int   qp;
+  mp_digit rem;
+  int      pow;
+
+  ARGCHK(a != NULL, MP_BADARG);
+
+  if(d == 0)
+    return MP_RANGE;
+
+  /* Shortcut for powers of two ... */
+  if((pow = s_mp_ispow2d(d)) >= 0) {
+    mp_digit  mask;
+
+    mask = ((mp_digit)1 << pow) - 1;
+    rem = DIGIT(a, 0) & mask;
+
+    if(q) {
+      mp_copy(a, q);
+      s_mp_div_2d(q, pow);
+    }
+
+    if(r)
+      *r = rem;
+
+    return MP_OKAY;
+  }
+
+  if((res = mp_init_copy(&qp, a)) != MP_OKAY)
+    return res;
+
+  res = s_mp_div_d(&qp, d, &rem);
+
+  if(s_mp_cmp_d(&qp, 0) == 0)
+    SIGN(q) = ZPOS;
+
+  if(r)
+    *r = rem;
+
+  if(q)
+    s_mp_exch(&qp, q);
+
+  mp_clear(&qp);
+  return res;
+
+} /* end mp_div_d() */
+
+/* }}} */
+
+/* {{{ mp_div_2(a, c) */
+
+/*
+  mp_div_2(a, c)
+
+  Compute c = a / 2, disregarding the remainder.
+ */
+
+mp_err mp_div_2(const mp_int *a, mp_int *c)
+{
+  mp_err  res;
+
+  ARGCHK(a != NULL && c != NULL, MP_BADARG);
+
+  if((res = mp_copy(a, c)) != MP_OKAY)
+    return res;
+
+  s_mp_div_2(c);
+
+  return MP_OKAY;
+
+} /* end mp_div_2() */
+
+/* }}} */
+
+/* {{{ mp_expt_d(a, d, b) */
+
+mp_err mp_expt_d(const mp_int *a, mp_digit d, mp_int *c)
+{
+  mp_int   s, x;
+  mp_err   res;
+
+  ARGCHK(a != NULL && c != NULL, MP_BADARG);
+
+  if((res = mp_init(&s)) != MP_OKAY)
+    return res;
+  if((res = mp_init_copy(&x, a)) != MP_OKAY)
+    goto X;
+
+  DIGIT(&s, 0) = 1;
+
+  while(d != 0) {
+    if(d & 1) {
+      if((res = s_mp_mul(&s, &x)) != MP_OKAY)
+	goto CLEANUP;
+    }
+
+    d /= 2;
+
+    if((res = s_mp_sqr(&x)) != MP_OKAY)
+      goto CLEANUP;
+  }
+
+  s_mp_exch(&s, c);
+
+CLEANUP:
+  mp_clear(&x);
+X:
+  mp_clear(&s);
+
+  return res;
+
+} /* end mp_expt_d() */
+
+/* }}} */
+
+/* }}} */
+
+/*------------------------------------------------------------------------*/
+/* {{{ Full arithmetic */
+
+/* {{{ mp_abs(a, b) */
+
+/*
+  mp_abs(a, b)
+
+  Compute b = |a|.  'a' and 'b' may be identical.
+ */
+
+mp_err mp_abs(const mp_int *a, mp_int *b)
+{
+  mp_err   res;
+
+  ARGCHK(a != NULL && b != NULL, MP_BADARG);
+
+  if((res = mp_copy(a, b)) != MP_OKAY)
+    return res;
+
+  SIGN(b) = ZPOS;
+
+  return MP_OKAY;
+
+} /* end mp_abs() */
+
+/* }}} */
+
+/* {{{ mp_neg(a, b) */
+
+/*
+  mp_neg(a, b)
+
+  Compute b = -a.  'a' and 'b' may be identical.
+ */
+
+mp_err mp_neg(const mp_int *a, mp_int *b)
+{
+  mp_err   res;
+
+  ARGCHK(a != NULL && b != NULL, MP_BADARG);
+
+  if((res = mp_copy(a, b)) != MP_OKAY)
+    return res;
+
+  if(s_mp_cmp_d(b, 0) == MP_EQ) 
+    SIGN(b) = ZPOS;
+  else 
+    SIGN(b) = (SIGN(b) == NEG) ? ZPOS : NEG;
+
+  return MP_OKAY;
+
+} /* end mp_neg() */
+
+/* }}} */
+
+/* {{{ mp_add(a, b, c) */
+
+/*
+  mp_add(a, b, c)
+
+  Compute c = a + b.  All parameters may be identical.
+ */
+
+mp_err mp_add(const mp_int *a, const mp_int *b, mp_int *c)
+{
+  mp_err  res;
+
+  ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+
+  if(SIGN(a) == SIGN(b)) { /* same sign:  add values, keep sign */
+    MP_CHECKOK( s_mp_add_3arg(a, b, c) );
+  } else if(s_mp_cmp(a, b) >= 0) {  /* different sign: |a| >= |b|   */
+    MP_CHECKOK( s_mp_sub_3arg(a, b, c) );
+  } else {                          /* different sign: |a|  < |b|   */
+    MP_CHECKOK( s_mp_sub_3arg(b, a, c) );
+  }
+
+  if (s_mp_cmp_d(c, 0) == MP_EQ)
+    SIGN(c) = ZPOS;
+
+CLEANUP:
+  return res;
+
+} /* end mp_add() */
+
+/* }}} */
+
+/* {{{ mp_sub(a, b, c) */
+
+/*
+  mp_sub(a, b, c)
+
+  Compute c = a - b.  All parameters may be identical.
+ */
+
+mp_err mp_sub(const mp_int *a, const mp_int *b, mp_int *c)
+{
+  mp_err  res;
+  int     magDiff;
+
+  ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+
+  if (a == b) {
+    mp_zero(c);
+    return MP_OKAY;
+  }
+
+  if (MP_SIGN(a) != MP_SIGN(b)) {
+    MP_CHECKOK( s_mp_add_3arg(a, b, c) );
+  } else if (!(magDiff = s_mp_cmp(a, b))) {
+    mp_zero(c);
+    res = MP_OKAY;
+  } else if (magDiff > 0) {
+    MP_CHECKOK( s_mp_sub_3arg(a, b, c) );
+  } else {
+    MP_CHECKOK( s_mp_sub_3arg(b, a, c) );
+    MP_SIGN(c) = !MP_SIGN(a);
+  }
+
+  if (s_mp_cmp_d(c, 0) == MP_EQ)
+    MP_SIGN(c) = MP_ZPOS;
+
+CLEANUP:
+  return res;
+
+} /* end mp_sub() */
+
+/* }}} */
+
+/* {{{ mp_mul(a, b, c) */
+
+/*
+  mp_mul(a, b, c)
+
+  Compute c = a * b.  All parameters may be identical.
+ */
+mp_err   mp_mul(const mp_int *a, const mp_int *b, mp_int * c)
+{
+  mp_digit *pb;
+  mp_int   tmp;
+  mp_err   res;
+  mp_size  ib;
+  mp_size  useda, usedb;
+
+  ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+
+  if (a == c) {
+    if ((res = mp_init_copy(&tmp, a)) != MP_OKAY)
+      return res;
+    if (a == b) 
+      b = &tmp;
+    a = &tmp;
+  } else if (b == c) {
+    if ((res = mp_init_copy(&tmp, b)) != MP_OKAY)
+      return res;
+    b = &tmp;
+  } else {
+    MP_DIGITS(&tmp) = 0;
+  }
+
+  if (MP_USED(a) < MP_USED(b)) {
+    const mp_int *xch = b;	/* switch a and b, to do fewer outer loops */
+    b = a;
+    a = xch;
+  }
+
+  MP_USED(c) = 1; MP_DIGIT(c, 0) = 0;
+  if((res = s_mp_pad(c, USED(a) + USED(b))) != MP_OKAY)
+    goto CLEANUP;
+
+#ifdef NSS_USE_COMBA
+  if ((MP_USED(a) == MP_USED(b)) && IS_POWER_OF_2(MP_USED(b))) {
+      if (MP_USED(a) == 4) {
+          s_mp_mul_comba_4(a, b, c);
+          goto CLEANUP;
+      }
+      if (MP_USED(a) == 8) {
+          s_mp_mul_comba_8(a, b, c);
+          goto CLEANUP;
+      }
+      if (MP_USED(a) == 16) {
+          s_mp_mul_comba_16(a, b, c);
+          goto CLEANUP;
+      }
+      if (MP_USED(a) == 32) {
+          s_mp_mul_comba_32(a, b, c);
+          goto CLEANUP;
+      } 
+  }
+#endif
+
+  pb = MP_DIGITS(b);
+  s_mpv_mul_d(MP_DIGITS(a), MP_USED(a), *pb++, MP_DIGITS(c));
+
+  /* Outer loop:  Digits of b */
+  useda = MP_USED(a);
+  usedb = MP_USED(b);
+  for (ib = 1; ib < usedb; ib++) {
+    mp_digit b_i    = *pb++;
+
+    /* Inner product:  Digits of a */
+    if (b_i)
+      s_mpv_mul_d_add(MP_DIGITS(a), useda, b_i, MP_DIGITS(c) + ib);
+    else
+      MP_DIGIT(c, ib + useda) = b_i;
+  }
+
+  s_mp_clamp(c);
+
+  if(SIGN(a) == SIGN(b) || s_mp_cmp_d(c, 0) == MP_EQ)
+    SIGN(c) = ZPOS;
+  else
+    SIGN(c) = NEG;
+
+CLEANUP:
+  mp_clear(&tmp);
+  return res;
+} /* end mp_mul() */
+
+/* }}} */
+
+/* {{{ mp_sqr(a, sqr) */
+
+#if MP_SQUARE
+/*
+  Computes the square of a.  This can be done more
+  efficiently than a general multiplication, because many of the
+  computation steps are redundant when squaring.  The inner product
+  step is a bit more complicated, but we save a fair number of
+  iterations of the multiplication loop.
+ */
+
+/* sqr = a^2;   Caller provides both a and tmp; */
+mp_err   mp_sqr(const mp_int *a, mp_int *sqr)
+{
+  mp_digit *pa;
+  mp_digit d;
+  mp_err   res;
+  mp_size  ix;
+  mp_int   tmp;
+  int      count;
+
+  ARGCHK(a != NULL && sqr != NULL, MP_BADARG);
+
+  if (a == sqr) {
+    if((res = mp_init_copy(&tmp, a)) != MP_OKAY)
+      return res;
+    a = &tmp;
+  } else {
+    DIGITS(&tmp) = 0;
+    res = MP_OKAY;
+  }
+
+  ix = 2 * MP_USED(a);
+  if (ix > MP_ALLOC(sqr)) {
+    MP_USED(sqr) = 1; 
+    MP_CHECKOK( s_mp_grow(sqr, ix) );
+  } 
+  MP_USED(sqr) = ix;
+  MP_DIGIT(sqr, 0) = 0;
+
+#ifdef NSS_USE_COMBA
+  if (IS_POWER_OF_2(MP_USED(a))) {
+      if (MP_USED(a) == 4) {
+          s_mp_sqr_comba_4(a, sqr);
+          goto CLEANUP;
+      }
+      if (MP_USED(a) == 8) {
+          s_mp_sqr_comba_8(a, sqr);
+          goto CLEANUP;
+      }
+      if (MP_USED(a) == 16) {
+          s_mp_sqr_comba_16(a, sqr);
+          goto CLEANUP;
+      }
+      if (MP_USED(a) == 32) {
+          s_mp_sqr_comba_32(a, sqr);
+          goto CLEANUP;
+      } 
+  }
+#endif
+
+  pa = MP_DIGITS(a);
+  count = MP_USED(a) - 1;
+  if (count > 0) {
+    d = *pa++;
+    s_mpv_mul_d(pa, count, d, MP_DIGITS(sqr) + 1);
+    for (ix = 3; --count > 0; ix += 2) {
+      d = *pa++;
+      s_mpv_mul_d_add(pa, count, d, MP_DIGITS(sqr) + ix);
+    } /* for(ix ...) */
+    MP_DIGIT(sqr, MP_USED(sqr)-1) = 0; /* above loop stopped short of this. */
+
+    /* now sqr *= 2 */
+    s_mp_mul_2(sqr);
+  } else {
+    MP_DIGIT(sqr, 1) = 0;
+  }
+
+  /* now add the squares of the digits of a to sqr. */
+  s_mpv_sqr_add_prop(MP_DIGITS(a), MP_USED(a), MP_DIGITS(sqr));
+
+  SIGN(sqr) = ZPOS;
+  s_mp_clamp(sqr);
+
+CLEANUP:
+  mp_clear(&tmp);
+  return res;
+
+} /* end mp_sqr() */
+#endif
+
+/* }}} */
+
+/* {{{ mp_div(a, b, q, r) */
+
+/*
+  mp_div(a, b, q, r)
+
+  Compute q = a / b and r = a mod b.  Input parameters may be re-used
+  as output parameters.  If q or r is NULL, that portion of the
+  computation will be discarded (although it will still be computed)
+ */
+mp_err mp_div(const mp_int *a, const mp_int *b, mp_int *q, mp_int *r)
+{
+  mp_err   res;
+  mp_int   *pQ, *pR;
+  mp_int   qtmp, rtmp, btmp;
+  int      cmp;
+  mp_sign  signA;
+  mp_sign  signB;
+
+  ARGCHK(a != NULL && b != NULL, MP_BADARG);
+  
+  signA = MP_SIGN(a);
+  signB = MP_SIGN(b);
+
+  if(mp_cmp_z(b) == MP_EQ)
+    return MP_RANGE;
+
+  DIGITS(&qtmp) = 0;
+  DIGITS(&rtmp) = 0;
+  DIGITS(&btmp) = 0;
+
+  /* Set up some temporaries... */
+  if (!r || r == a || r == b) {
+    MP_CHECKOK( mp_init_copy(&rtmp, a) );
+    pR = &rtmp;
+  } else {
+    MP_CHECKOK( mp_copy(a, r) );
+    pR = r;
+  }
+
+  if (!q || q == a || q == b) {
+    MP_CHECKOK( mp_init_size(&qtmp, MP_USED(a)) );
+    pQ = &qtmp;
+  } else {
+    MP_CHECKOK( s_mp_pad(q, MP_USED(a)) );
+    pQ = q;
+    mp_zero(pQ);
+  }
+
+  /*
+    If |a| <= |b|, we can compute the solution without division;
+    otherwise, we actually do the work required.
+   */
+  if ((cmp = s_mp_cmp(a, b)) <= 0) {
+    if (cmp) {
+      /* r was set to a above. */
+      mp_zero(pQ);
+    } else {
+      mp_set(pQ, 1);
+      mp_zero(pR);
+    }
+  } else {
+    MP_CHECKOK( mp_init_copy(&btmp, b) );
+    MP_CHECKOK( s_mp_div(pR, &btmp, pQ) );
+  }
+
+  /* Compute the signs for the output  */
+  MP_SIGN(pR) = signA;   /* Sr = Sa              */
+  /* Sq = ZPOS if Sa == Sb */ /* Sq = NEG if Sa != Sb */
+  MP_SIGN(pQ) = (signA == signB) ? ZPOS : NEG;
+
+  if(s_mp_cmp_d(pQ, 0) == MP_EQ)
+    SIGN(pQ) = ZPOS;
+  if(s_mp_cmp_d(pR, 0) == MP_EQ)
+    SIGN(pR) = ZPOS;
+
+  /* Copy output, if it is needed      */
+  if(q && q != pQ) 
+    s_mp_exch(pQ, q);
+
+  if(r && r != pR) 
+    s_mp_exch(pR, r);
+
+CLEANUP:
+  mp_clear(&btmp);
+  mp_clear(&rtmp);
+  mp_clear(&qtmp);
+
+  return res;
+
+} /* end mp_div() */
+
+/* }}} */
+
+/* {{{ mp_div_2d(a, d, q, r) */
+
+mp_err mp_div_2d(const mp_int *a, mp_digit d, mp_int *q, mp_int *r)
+{
+  mp_err  res;
+
+  ARGCHK(a != NULL, MP_BADARG);
+
+  if(q) {
+    if((res = mp_copy(a, q)) != MP_OKAY)
+      return res;
+  }
+  if(r) {
+    if((res = mp_copy(a, r)) != MP_OKAY)
+      return res;
+  }
+  if(q) {
+    s_mp_div_2d(q, d);
+  }
+  if(r) {
+    s_mp_mod_2d(r, d);
+  }
+
+  return MP_OKAY;
+
+} /* end mp_div_2d() */
+
+/* }}} */
+
+/* {{{ mp_expt(a, b, c) */
+
+/*
+  mp_expt(a, b, c)
+
+  Compute c = a ** b, that is, raise a to the b power.  Uses a
+  standard iterative square-and-multiply technique.
+ */
+
+mp_err mp_expt(mp_int *a, mp_int *b, mp_int *c)
+{
+  mp_int   s, x;
+  mp_err   res;
+  mp_digit d;
+  int      dig, bit;
+
+  ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+
+  if(mp_cmp_z(b) < 0)
+    return MP_RANGE;
+
+  if((res = mp_init(&s)) != MP_OKAY)
+    return res;
+
+  mp_set(&s, 1);
+
+  if((res = mp_init_copy(&x, a)) != MP_OKAY)
+    goto X;
+
+  /* Loop over low-order digits in ascending order */
+  for(dig = 0; dig < (USED(b) - 1); dig++) {
+    d = DIGIT(b, dig);
+
+    /* Loop over bits of each non-maximal digit */
+    for(bit = 0; bit < DIGIT_BIT; bit++) {
+      if(d & 1) {
+	if((res = s_mp_mul(&s, &x)) != MP_OKAY) 
+	  goto CLEANUP;
+      }
+
+      d >>= 1;
+      
+      if((res = s_mp_sqr(&x)) != MP_OKAY)
+	goto CLEANUP;
+    }
+  }
+
+  /* Consider now the last digit... */
+  d = DIGIT(b, dig);
+
+  while(d) {
+    if(d & 1) {
+      if((res = s_mp_mul(&s, &x)) != MP_OKAY)
+	goto CLEANUP;
+    }
+
+    d >>= 1;
+
+    if((res = s_mp_sqr(&x)) != MP_OKAY)
+      goto CLEANUP;
+  }
+  
+  if(mp_iseven(b))
+    SIGN(&s) = SIGN(a);
+
+  res = mp_copy(&s, c);
+
+CLEANUP:
+  mp_clear(&x);
+X:
+  mp_clear(&s);
+
+  return res;
+
+} /* end mp_expt() */
+
+/* }}} */
+
+/* {{{ mp_2expt(a, k) */
+
+/* Compute a = 2^k */
+
+mp_err mp_2expt(mp_int *a, mp_digit k)
+{
+  ARGCHK(a != NULL, MP_BADARG);
+
+  return s_mp_2expt(a, k);
+
+} /* end mp_2expt() */
+
+/* }}} */
+
+/* {{{ mp_mod(a, m, c) */
+
+/*
+  mp_mod(a, m, c)
+
+  Compute c = a (mod m).  Result will always be 0 <= c < m.
+ */
+
+mp_err mp_mod(const mp_int *a, const mp_int *m, mp_int *c)
+{
+  mp_err  res;
+  int     mag;
+
+  ARGCHK(a != NULL && m != NULL && c != NULL, MP_BADARG);
+
+  if(SIGN(m) == NEG)
+    return MP_RANGE;
+
+  /*
+     If |a| > m, we need to divide to get the remainder and take the
+     absolute value.  
+
+     If |a| < m, we don't need to do any division, just copy and adjust
+     the sign (if a is negative).
+
+     If |a| == m, we can simply set the result to zero.
+
+     This order is intended to minimize the average path length of the
+     comparison chain on common workloads -- the most frequent cases are
+     that |a| != m, so we do those first.
+   */
+  if((mag = s_mp_cmp(a, m)) > 0) {
+    if((res = mp_div(a, m, NULL, c)) != MP_OKAY)
+      return res;
+    
+    if(SIGN(c) == NEG) {
+      if((res = mp_add(c, m, c)) != MP_OKAY)
+	return res;
+    }
+
+  } else if(mag < 0) {
+    if((res = mp_copy(a, c)) != MP_OKAY)
+      return res;
+
+    if(mp_cmp_z(a) < 0) {
+      if((res = mp_add(c, m, c)) != MP_OKAY)
+	return res;
+
+    }
+    
+  } else {
+    mp_zero(c);
+
+  }
+
+  return MP_OKAY;
+
+} /* end mp_mod() */
+
+/* }}} */
+
+/* {{{ mp_mod_d(a, d, c) */
+
+/*
+  mp_mod_d(a, d, c)
+
+  Compute c = a (mod d).  Result will always be 0 <= c < d
+ */
+mp_err mp_mod_d(const mp_int *a, mp_digit d, mp_digit *c)
+{
+  mp_err   res;
+  mp_digit rem;
+
+  ARGCHK(a != NULL && c != NULL, MP_BADARG);
+
+  if(s_mp_cmp_d(a, d) > 0) {
+    if((res = mp_div_d(a, d, NULL, &rem)) != MP_OKAY)
+      return res;
+
+  } else {
+    if(SIGN(a) == NEG)
+      rem = d - DIGIT(a, 0);
+    else
+      rem = DIGIT(a, 0);
+  }
+
+  if(c)
+    *c = rem;
+
+  return MP_OKAY;
+
+} /* end mp_mod_d() */
+
+/* }}} */
+
+/* {{{ mp_sqrt(a, b) */
+
+/*
+  mp_sqrt(a, b)
+
+  Compute the integer square root of a, and store the result in b.
+  Uses an integer-arithmetic version of Newton's iterative linear
+  approximation technique to determine this value; the result has the
+  following two properties:
+
+     b^2 <= a
+     (b+1)^2 >= a
+
+  It is a range error to pass a negative value.
+ */
+mp_err mp_sqrt(const mp_int *a, mp_int *b)
+{
+  mp_int   x, t;
+  mp_err   res;
+  mp_size  used;
+
+  ARGCHK(a != NULL && b != NULL, MP_BADARG);
+
+  /* Cannot take square root of a negative value */
+  if(SIGN(a) == NEG)
+    return MP_RANGE;
+
+  /* Special cases for zero and one, trivial     */
+  if(mp_cmp_d(a, 1) <= 0)
+    return mp_copy(a, b);
+    
+  /* Initialize the temporaries we'll use below  */
+  if((res = mp_init_size(&t, USED(a))) != MP_OKAY)
+    return res;
+
+  /* Compute an initial guess for the iteration as a itself */
+  if((res = mp_init_copy(&x, a)) != MP_OKAY)
+    goto X;
+
+  used = MP_USED(&x);
+  if (used > 1) {
+    s_mp_rshd(&x, used / 2);
+  }
+
+  for(;;) {
+    /* t = (x * x) - a */
+    mp_copy(&x, &t);      /* can't fail, t is big enough for original x */
+    if((res = mp_sqr(&t, &t)) != MP_OKAY ||
+       (res = mp_sub(&t, a, &t)) != MP_OKAY)
+      goto CLEANUP;
+
+    /* t = t / 2x       */
+    s_mp_mul_2(&x);
+    if((res = mp_div(&t, &x, &t, NULL)) != MP_OKAY)
+      goto CLEANUP;
+    s_mp_div_2(&x);
+
+    /* Terminate the loop, if the quotient is zero */
+    if(mp_cmp_z(&t) == MP_EQ)
+      break;
+
+    /* x = x - t       */
+    if((res = mp_sub(&x, &t, &x)) != MP_OKAY)
+      goto CLEANUP;
+
+  }
+
+  /* Copy result to output parameter */
+  mp_sub_d(&x, 1, &x);
+  s_mp_exch(&x, b);
+
+ CLEANUP:
+  mp_clear(&x);
+ X:
+  mp_clear(&t); 
+
+  return res;
+
+} /* end mp_sqrt() */
+
+/* }}} */
+
+/* }}} */
+
+/*------------------------------------------------------------------------*/
+/* {{{ Modular arithmetic */
+
+#if MP_MODARITH
+/* {{{ mp_addmod(a, b, m, c) */
+
+/*
+  mp_addmod(a, b, m, c)
+
+  Compute c = (a + b) mod m
+ */
+
+mp_err mp_addmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c)
+{
+  mp_err  res;
+
+  ARGCHK(a != NULL && b != NULL && m != NULL && c != NULL, MP_BADARG);
+
+  if((res = mp_add(a, b, c)) != MP_OKAY)
+    return res;
+  if((res = mp_mod(c, m, c)) != MP_OKAY)
+    return res;
+
+  return MP_OKAY;
+
+}
+
+/* }}} */
+
+/* {{{ mp_submod(a, b, m, c) */
+
+/*
+  mp_submod(a, b, m, c)
+
+  Compute c = (a - b) mod m
+ */
+
+mp_err mp_submod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c)
+{
+  mp_err  res;
+
+  ARGCHK(a != NULL && b != NULL && m != NULL && c != NULL, MP_BADARG);
+
+  if((res = mp_sub(a, b, c)) != MP_OKAY)
+    return res;
+  if((res = mp_mod(c, m, c)) != MP_OKAY)
+    return res;
+
+  return MP_OKAY;
+
+}
+
+/* }}} */
+
+/* {{{ mp_mulmod(a, b, m, c) */
+
+/*
+  mp_mulmod(a, b, m, c)
+
+  Compute c = (a * b) mod m
+ */
+
+mp_err mp_mulmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c)
+{
+  mp_err  res;
+
+  ARGCHK(a != NULL && b != NULL && m != NULL && c != NULL, MP_BADARG);
+
+  if((res = mp_mul(a, b, c)) != MP_OKAY)
+    return res;
+  if((res = mp_mod(c, m, c)) != MP_OKAY)
+    return res;
+
+  return MP_OKAY;
+
+}
+
+/* }}} */
+
+/* {{{ mp_sqrmod(a, m, c) */
+
+#if MP_SQUARE
+mp_err mp_sqrmod(const mp_int *a, const mp_int *m, mp_int *c)
+{
+  mp_err  res;
+
+  ARGCHK(a != NULL && m != NULL && c != NULL, MP_BADARG);
+
+  if((res = mp_sqr(a, c)) != MP_OKAY)
+    return res;
+  if((res = mp_mod(c, m, c)) != MP_OKAY)
+    return res;
+
+  return MP_OKAY;
+
+} /* end mp_sqrmod() */
+#endif
+
+/* }}} */
+
+/* {{{ s_mp_exptmod(a, b, m, c) */
+
+/*
+  s_mp_exptmod(a, b, m, c)
+
+  Compute c = (a ** b) mod m.  Uses a standard square-and-multiply
+  method with modular reductions at each step. (This is basically the
+  same code as mp_expt(), except for the addition of the reductions)
+  
+  The modular reductions are done using Barrett's algorithm (see
+  s_mp_reduce() below for details)
+ */
+
+mp_err s_mp_exptmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c)
+{
+  mp_int   s, x, mu;
+  mp_err   res;
+  mp_digit d;
+  int      dig, bit;
+
+  ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+
+  if(mp_cmp_z(b) < 0 || mp_cmp_z(m) <= 0)
+    return MP_RANGE;
+
+  if((res = mp_init(&s)) != MP_OKAY)
+    return res;
+  if((res = mp_init_copy(&x, a)) != MP_OKAY ||
+     (res = mp_mod(&x, m, &x)) != MP_OKAY)
+    goto X;
+  if((res = mp_init(&mu)) != MP_OKAY)
+    goto MU;
+
+  mp_set(&s, 1);
+
+  /* mu = b^2k / m */
+  s_mp_add_d(&mu, 1); 
+  s_mp_lshd(&mu, 2 * USED(m));
+  if((res = mp_div(&mu, m, &mu, NULL)) != MP_OKAY)
+    goto CLEANUP;
+
+  /* Loop over digits of b in ascending order, except highest order */
+  for(dig = 0; dig < (USED(b) - 1); dig++) {
+    d = DIGIT(b, dig);
+
+    /* Loop over the bits of the lower-order digits */
+    for(bit = 0; bit < DIGIT_BIT; bit++) {
+      if(d & 1) {
+	if((res = s_mp_mul(&s, &x)) != MP_OKAY)
+	  goto CLEANUP;
+	if((res = s_mp_reduce(&s, m, &mu)) != MP_OKAY)
+	  goto CLEANUP;
+      }
+
+      d >>= 1;
+
+      if((res = s_mp_sqr(&x)) != MP_OKAY)
+	goto CLEANUP;
+      if((res = s_mp_reduce(&x, m, &mu)) != MP_OKAY)
+	goto CLEANUP;
+    }
+  }
+
+  /* Now do the last digit... */
+  d = DIGIT(b, dig);
+
+  while(d) {
+    if(d & 1) {
+      if((res = s_mp_mul(&s, &x)) != MP_OKAY)
+	goto CLEANUP;
+      if((res = s_mp_reduce(&s, m, &mu)) != MP_OKAY)
+	goto CLEANUP;
+    }
+
+    d >>= 1;
+
+    if((res = s_mp_sqr(&x)) != MP_OKAY)
+      goto CLEANUP;
+    if((res = s_mp_reduce(&x, m, &mu)) != MP_OKAY)
+      goto CLEANUP;
+  }
+
+  s_mp_exch(&s, c);
+
+ CLEANUP:
+  mp_clear(&mu);
+ MU:
+  mp_clear(&x);
+ X:
+  mp_clear(&s);
+
+  return res;
+
+} /* end s_mp_exptmod() */
+
+/* }}} */
+
+/* {{{ mp_exptmod_d(a, d, m, c) */
+
+mp_err mp_exptmod_d(const mp_int *a, mp_digit d, const mp_int *m, mp_int *c)
+{
+  mp_int   s, x;
+  mp_err   res;
+
+  ARGCHK(a != NULL && c != NULL, MP_BADARG);
+
+  if((res = mp_init(&s)) != MP_OKAY)
+    return res;
+  if((res = mp_init_copy(&x, a)) != MP_OKAY)
+    goto X;
+
+  mp_set(&s, 1);
+
+  while(d != 0) {
+    if(d & 1) {
+      if((res = s_mp_mul(&s, &x)) != MP_OKAY ||
+	 (res = mp_mod(&s, m, &s)) != MP_OKAY)
+	goto CLEANUP;
+    }
+
+    d /= 2;
+
+    if((res = s_mp_sqr(&x)) != MP_OKAY ||
+       (res = mp_mod(&x, m, &x)) != MP_OKAY)
+      goto CLEANUP;
+  }
+
+  s_mp_exch(&s, c);
+
+CLEANUP:
+  mp_clear(&x);
+X:
+  mp_clear(&s);
+
+  return res;
+
+} /* end mp_exptmod_d() */
+
+/* }}} */
+#endif /* if MP_MODARITH */
+
+/* }}} */
+
+/*------------------------------------------------------------------------*/
+/* {{{ Comparison functions */
+
+/* {{{ mp_cmp_z(a) */
+
+/*
+  mp_cmp_z(a)
+
+  Compare a <=> 0.  Returns <0 if a<0, 0 if a=0, >0 if a>0.
+ */
+
+int    mp_cmp_z(const mp_int *a)
+{
+  if(SIGN(a) == NEG)
+    return MP_LT;
+  else if(USED(a) == 1 && DIGIT(a, 0) == 0)
+    return MP_EQ;
+  else
+    return MP_GT;
+
+} /* end mp_cmp_z() */
+
+/* }}} */
+
+/* {{{ mp_cmp_d(a, d) */
+
+/*
+  mp_cmp_d(a, d)
+
+  Compare a <=> d.  Returns <0 if a<d, 0 if a=d, >0 if a>d
+ */
+
+int    mp_cmp_d(const mp_int *a, mp_digit d)
+{
+  ARGCHK(a != NULL, MP_EQ);
+
+  if(SIGN(a) == NEG)
+    return MP_LT;
+
+  return s_mp_cmp_d(a, d);
+
+} /* end mp_cmp_d() */
+
+/* }}} */
+
+/* {{{ mp_cmp(a, b) */
+
+int    mp_cmp(const mp_int *a, const mp_int *b)
+{
+  ARGCHK(a != NULL && b != NULL, MP_EQ);
+
+  if(SIGN(a) == SIGN(b)) {
+    int  mag;
+
+    if((mag = s_mp_cmp(a, b)) == MP_EQ)
+      return MP_EQ;
+
+    if(SIGN(a) == ZPOS)
+      return mag;
+    else
+      return -mag;
+
+  } else if(SIGN(a) == ZPOS) {
+    return MP_GT;
+  } else {
+    return MP_LT;
+  }
+
+} /* end mp_cmp() */
+
+/* }}} */
+
+/* {{{ mp_cmp_mag(a, b) */
+
+/*
+  mp_cmp_mag(a, b)
+
+  Compares |a| <=> |b|, and returns an appropriate comparison result
+ */
+
+int    mp_cmp_mag(mp_int *a, mp_int *b)
+{
+  ARGCHK(a != NULL && b != NULL, MP_EQ);
+
+  return s_mp_cmp(a, b);
+
+} /* end mp_cmp_mag() */
+
+/* }}} */
+
+/* {{{ mp_cmp_int(a, z) */
+
+/*
+  This just converts z to an mp_int, and uses the existing comparison
+  routines.  This is sort of inefficient, but it's not clear to me how
+  frequently this wil get used anyway.  For small positive constants,
+  you can always use mp_cmp_d(), and for zero, there is mp_cmp_z().
+ */
+int    mp_cmp_int(const mp_int *a, long z)
+{
+  mp_int  tmp;
+  int     out;
+
+  ARGCHK(a != NULL, MP_EQ);
+  
+  mp_init(&tmp); mp_set_int(&tmp, z);
+  out = mp_cmp(a, &tmp);
+  mp_clear(&tmp);
+
+  return out;
+
+} /* end mp_cmp_int() */
+
+/* }}} */
+
+/* {{{ mp_isodd(a) */
+
+/*
+  mp_isodd(a)
+
+  Returns a true (non-zero) value if a is odd, false (zero) otherwise.
+ */
+int    mp_isodd(const mp_int *a)
+{
+  ARGCHK(a != NULL, 0);
+
+  return (int)(DIGIT(a, 0) & 1);
+
+} /* end mp_isodd() */
+
+/* }}} */
+
+/* {{{ mp_iseven(a) */
+
+int    mp_iseven(const mp_int *a)
+{
+  return !mp_isodd(a);
+
+} /* end mp_iseven() */
+
+/* }}} */
+
+/* }}} */
+
+/*------------------------------------------------------------------------*/
+/* {{{ Number theoretic functions */
+
+#if MP_NUMTH
+/* {{{ mp_gcd(a, b, c) */
+
+/*
+  Like the old mp_gcd() function, except computes the GCD using the
+  binary algorithm due to Josef Stein in 1961 (via Knuth).
+ */
+mp_err mp_gcd(mp_int *a, mp_int *b, mp_int *c)
+{
+  mp_err   res;
+  mp_int   u, v, t;
+  mp_size  k = 0;
+
+  ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+
+  if(mp_cmp_z(a) == MP_EQ && mp_cmp_z(b) == MP_EQ)
+      return MP_RANGE;
+  if(mp_cmp_z(a) == MP_EQ) {
+    return mp_copy(b, c);
+  } else if(mp_cmp_z(b) == MP_EQ) {
+    return mp_copy(a, c);
+  }
+
+  if((res = mp_init(&t)) != MP_OKAY)
+    return res;
+  if((res = mp_init_copy(&u, a)) != MP_OKAY)
+    goto U;
+  if((res = mp_init_copy(&v, b)) != MP_OKAY)
+    goto V;
+
+  SIGN(&u) = ZPOS;
+  SIGN(&v) = ZPOS;
+
+  /* Divide out common factors of 2 until at least 1 of a, b is even */
+  while(mp_iseven(&u) && mp_iseven(&v)) {
+    s_mp_div_2(&u);
+    s_mp_div_2(&v);
+    ++k;
+  }
+
+  /* Initialize t */
+  if(mp_isodd(&u)) {
+    if((res = mp_copy(&v, &t)) != MP_OKAY)
+      goto CLEANUP;
+    
+    /* t = -v */
+    if(SIGN(&v) == ZPOS)
+      SIGN(&t) = NEG;
+    else
+      SIGN(&t) = ZPOS;
+    
+  } else {
+    if((res = mp_copy(&u, &t)) != MP_OKAY)
+      goto CLEANUP;
+
+  }
+
+  for(;;) {
+    while(mp_iseven(&t)) {
+      s_mp_div_2(&t);
+    }
+
+    if(mp_cmp_z(&t) == MP_GT) {
+      if((res = mp_copy(&t, &u)) != MP_OKAY)
+	goto CLEANUP;
+
+    } else {
+      if((res = mp_copy(&t, &v)) != MP_OKAY)
+	goto CLEANUP;
+
+      /* v = -t */
+      if(SIGN(&t) == ZPOS)
+	SIGN(&v) = NEG;
+      else
+	SIGN(&v) = ZPOS;
+    }
+
+    if((res = mp_sub(&u, &v, &t)) != MP_OKAY)
+      goto CLEANUP;
+
+    if(s_mp_cmp_d(&t, 0) == MP_EQ)
+      break;
+  }
+
+  s_mp_2expt(&v, k);       /* v = 2^k   */
+  res = mp_mul(&u, &v, c); /* c = u * v */
+
+ CLEANUP:
+  mp_clear(&v);
+ V:
+  mp_clear(&u);
+ U:
+  mp_clear(&t);
+
+  return res;
+
+} /* end mp_gcd() */
+
+/* }}} */
+
+/* {{{ mp_lcm(a, b, c) */
+
+/* We compute the least common multiple using the rule:
+
+   ab = [a, b](a, b)
+
+   ... by computing the product, and dividing out the gcd.
+ */
+
+mp_err mp_lcm(mp_int *a, mp_int *b, mp_int *c)
+{
+  mp_int  gcd, prod;
+  mp_err  res;
+
+  ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+
+  /* Set up temporaries */
+  if((res = mp_init(&gcd)) != MP_OKAY)
+    return res;
+  if((res = mp_init(&prod)) != MP_OKAY)
+    goto GCD;
+
+  if((res = mp_mul(a, b, &prod)) != MP_OKAY)
+    goto CLEANUP;
+  if((res = mp_gcd(a, b, &gcd)) != MP_OKAY)
+    goto CLEANUP;
+
+  res = mp_div(&prod, &gcd, c, NULL);
+
+ CLEANUP:
+  mp_clear(&prod);
+ GCD:
+  mp_clear(&gcd);
+
+  return res;
+
+} /* end mp_lcm() */
+
+/* }}} */
+
+/* {{{ mp_xgcd(a, b, g, x, y) */
+
+/*
+  mp_xgcd(a, b, g, x, y)
+
+  Compute g = (a, b) and values x and y satisfying Bezout's identity
+  (that is, ax + by = g).  This uses the binary extended GCD algorithm
+  based on the Stein algorithm used for mp_gcd()
+  See algorithm 14.61 in Handbook of Applied Cryptogrpahy.
+ */
+
+mp_err mp_xgcd(const mp_int *a, const mp_int *b, mp_int *g, mp_int *x, mp_int *y)
+{
+  mp_int   gx, xc, yc, u, v, A, B, C, D;
+  mp_int  *clean[9];
+  mp_err   res;
+  int      last = -1;
+
+  if(mp_cmp_z(b) == 0)
+    return MP_RANGE;
+
+  /* Initialize all these variables we need */
+  MP_CHECKOK( mp_init(&u) );
+  clean[++last] = &u;
+  MP_CHECKOK( mp_init(&v) );
+  clean[++last] = &v;
+  MP_CHECKOK( mp_init(&gx) );
+  clean[++last] = &gx;
+  MP_CHECKOK( mp_init(&A) );
+  clean[++last] = &A;
+  MP_CHECKOK( mp_init(&B) );
+  clean[++last] = &B;
+  MP_CHECKOK( mp_init(&C) );
+  clean[++last] = &C;
+  MP_CHECKOK( mp_init(&D) );
+  clean[++last] = &D;
+  MP_CHECKOK( mp_init_copy(&xc, a) );
+  clean[++last] = &xc;
+  mp_abs(&xc, &xc);
+  MP_CHECKOK( mp_init_copy(&yc, b) );
+  clean[++last] = &yc;
+  mp_abs(&yc, &yc);
+
+  mp_set(&gx, 1);
+
+  /* Divide by two until at least one of them is odd */
+  while(mp_iseven(&xc) && mp_iseven(&yc)) {
+    mp_size nx = mp_trailing_zeros(&xc);
+    mp_size ny = mp_trailing_zeros(&yc);
+    mp_size n  = MP_MIN(nx, ny);
+    s_mp_div_2d(&xc,n);
+    s_mp_div_2d(&yc,n);
+    MP_CHECKOK( s_mp_mul_2d(&gx,n) );
+  }
+
+  mp_copy(&xc, &u);
+  mp_copy(&yc, &v);
+  mp_set(&A, 1); mp_set(&D, 1);
+
+  /* Loop through binary GCD algorithm */
+  do {
+    while(mp_iseven(&u)) {
+      s_mp_div_2(&u);
+
+      if(mp_iseven(&A) && mp_iseven(&B)) {
+	s_mp_div_2(&A); s_mp_div_2(&B);
+      } else {
+	MP_CHECKOK( mp_add(&A, &yc, &A) );
+	s_mp_div_2(&A);
+	MP_CHECKOK( mp_sub(&B, &xc, &B) );
+	s_mp_div_2(&B);
+      }
+    }
+
+    while(mp_iseven(&v)) {
+      s_mp_div_2(&v);
+
+      if(mp_iseven(&C) && mp_iseven(&D)) {
+	s_mp_div_2(&C); s_mp_div_2(&D);
+      } else {
+	MP_CHECKOK( mp_add(&C, &yc, &C) );
+	s_mp_div_2(&C);
+	MP_CHECKOK( mp_sub(&D, &xc, &D) );
+	s_mp_div_2(&D);
+      }
+    }
+
+    if(mp_cmp(&u, &v) >= 0) {
+      MP_CHECKOK( mp_sub(&u, &v, &u) );
+      MP_CHECKOK( mp_sub(&A, &C, &A) );
+      MP_CHECKOK( mp_sub(&B, &D, &B) );
+    } else {
+      MP_CHECKOK( mp_sub(&v, &u, &v) );
+      MP_CHECKOK( mp_sub(&C, &A, &C) );
+      MP_CHECKOK( mp_sub(&D, &B, &D) );
+    }
+  } while (mp_cmp_z(&u) != 0);
+
+  /* copy results to output */
+  if(x)
+    MP_CHECKOK( mp_copy(&C, x) );
+
+  if(y)
+    MP_CHECKOK( mp_copy(&D, y) );
+      
+  if(g)
+    MP_CHECKOK( mp_mul(&gx, &v, g) );
+
+ CLEANUP:
+  while(last >= 0)
+    mp_clear(clean[last--]);
+
+  return res;
+
+} /* end mp_xgcd() */
+
+/* }}} */
+
+mp_size mp_trailing_zeros(const mp_int *mp)
+{
+  mp_digit d;
+  mp_size  n = 0;
+  int      ix;
+
+  if (!mp || !MP_DIGITS(mp) || !mp_cmp_z(mp))
+    return n;
+
+  for (ix = 0; !(d = MP_DIGIT(mp,ix)) && (ix < MP_USED(mp)); ++ix)
+    n += MP_DIGIT_BIT;
+  if (!d)
+    return 0;	/* shouldn't happen, but ... */
+#if !defined(MP_USE_UINT_DIGIT)
+  if (!(d & 0xffffffffU)) {
+    d >>= 32;
+    n  += 32;
+  }
+#endif
+  if (!(d & 0xffffU)) {
+    d >>= 16;
+    n  += 16;
+  }
+  if (!(d & 0xffU)) {
+    d >>= 8;
+    n  += 8;
+  }
+  if (!(d & 0xfU)) {
+    d >>= 4;
+    n  += 4;
+  }
+  if (!(d & 0x3U)) {
+    d >>= 2;
+    n  += 2;
+  }
+  if (!(d & 0x1U)) {
+    d >>= 1;
+    n  += 1;
+  }
+#if MP_ARGCHK == 2
+  assert(0 != (d & 1));
+#endif
+  return n;
+}
+
+/* Given a and prime p, computes c and k such that a*c == 2**k (mod p).
+** Returns k (positive) or error (negative).
+** This technique from the paper "Fast Modular Reciprocals" (unpublished)
+** by Richard Schroeppel (a.k.a. Captain Nemo).
+*/
+mp_err s_mp_almost_inverse(const mp_int *a, const mp_int *p, mp_int *c)
+{
+  mp_err res;
+  mp_err k    = 0;
+  mp_int d, f, g;
+
+  ARGCHK(a && p && c, MP_BADARG);
+
+  MP_DIGITS(&d) = 0;
+  MP_DIGITS(&f) = 0;
+  MP_DIGITS(&g) = 0;
+  MP_CHECKOK( mp_init(&d) );
+  MP_CHECKOK( mp_init_copy(&f, a) );	/* f = a */
+  MP_CHECKOK( mp_init_copy(&g, p) );	/* g = p */
+
+  mp_set(c, 1);
+  mp_zero(&d);
+
+  if (mp_cmp_z(&f) == 0) {
+    res = MP_UNDEF;
+  } else 
+  for (;;) {
+    int diff_sign;
+    while (mp_iseven(&f)) {
+      mp_size n = mp_trailing_zeros(&f);
+      if (!n) {
+	res = MP_UNDEF;
+	goto CLEANUP;
+      }
+      s_mp_div_2d(&f, n);
+      MP_CHECKOK( s_mp_mul_2d(&d, n) );
+      k += n;
+    }
+    if (mp_cmp_d(&f, 1) == MP_EQ) {	/* f == 1 */
+      res = k;
+      break;
+    }
+    diff_sign = mp_cmp(&f, &g);
+    if (diff_sign < 0) {		/* f < g */
+      s_mp_exch(&f, &g);
+      s_mp_exch(c, &d);
+    } else if (diff_sign == 0) {		/* f == g */
+      res = MP_UNDEF;		/* a and p are not relatively prime */
+      break;
+    }
+    if ((MP_DIGIT(&f,0) % 4) == (MP_DIGIT(&g,0) % 4)) {
+      MP_CHECKOK( mp_sub(&f, &g, &f) );	/* f = f - g */
+      MP_CHECKOK( mp_sub(c,  &d,  c) );	/* c = c - d */
+    } else {
+      MP_CHECKOK( mp_add(&f, &g, &f) );	/* f = f + g */
+      MP_CHECKOK( mp_add(c,  &d,  c) );	/* c = c + d */
+    }
+  }
+  if (res >= 0) {
+    while (MP_SIGN(c) != MP_ZPOS) {
+      MP_CHECKOK( mp_add(c, p, c) );
+    }
+    res = k;
+  }
+
+CLEANUP:
+  mp_clear(&d);
+  mp_clear(&f);
+  mp_clear(&g);
+  return res;
+}
+
+/* Compute T = (P ** -1) mod MP_RADIX.  Also works for 16-bit mp_digits.
+** This technique from the paper "Fast Modular Reciprocals" (unpublished)
+** by Richard Schroeppel (a.k.a. Captain Nemo).
+*/
+mp_digit  s_mp_invmod_radix(mp_digit P)
+{
+  mp_digit T = P;
+  T *= 2 - (P * T);
+  T *= 2 - (P * T);
+  T *= 2 - (P * T);
+  T *= 2 - (P * T);
+#if !defined(MP_USE_UINT_DIGIT)
+  T *= 2 - (P * T);
+  T *= 2 - (P * T);
+#endif
+  return T;
+}
+
+/* Given c, k, and prime p, where a*c == 2**k (mod p), 
+** Compute x = (a ** -1) mod p.  This is similar to Montgomery reduction.
+** This technique from the paper "Fast Modular Reciprocals" (unpublished)
+** by Richard Schroeppel (a.k.a. Captain Nemo).
+*/
+mp_err  s_mp_fixup_reciprocal(const mp_int *c, const mp_int *p, int k, mp_int *x)
+{
+  int      k_orig = k;
+  mp_digit r;
+  mp_size  ix;
+  mp_err   res;
+
+  if (mp_cmp_z(c) < 0) {		/* c < 0 */
+    MP_CHECKOK( mp_add(c, p, x) );	/* x = c + p */
+  } else {
+    MP_CHECKOK( mp_copy(c, x) );	/* x = c */
+  }
+
+  /* make sure x is large enough */
+  ix = MP_HOWMANY(k, MP_DIGIT_BIT) + MP_USED(p) + 1;
+  ix = MP_MAX(ix, MP_USED(x));
+  MP_CHECKOK( s_mp_pad(x, ix) );
+
+  r = 0 - s_mp_invmod_radix(MP_DIGIT(p,0));
+
+  for (ix = 0; k > 0; ix++) {
+    int      j = MP_MIN(k, MP_DIGIT_BIT);
+    mp_digit v = r * MP_DIGIT(x, ix);
+    if (j < MP_DIGIT_BIT) {
+      v &= ((mp_digit)1 << j) - 1;	/* v = v mod (2 ** j) */
+    }
+    s_mp_mul_d_add_offset(p, v, x, ix); /* x += p * v * (RADIX ** ix) */
+    k -= j;
+  }
+  s_mp_clamp(x);
+  s_mp_div_2d(x, k_orig);
+  res = MP_OKAY;
+
+CLEANUP:
+  return res;
+}
+
+/* compute mod inverse using Schroeppel's method, only if m is odd */
+mp_err s_mp_invmod_odd_m(const mp_int *a, const mp_int *m, mp_int *c)
+{
+  int k;
+  mp_err  res;
+  mp_int  x;
+
+  ARGCHK(a && m && c, MP_BADARG);
+
+  if(mp_cmp_z(a) == 0 || mp_cmp_z(m) == 0)
+    return MP_RANGE;
+  if (mp_iseven(m))
+    return MP_UNDEF;
+
+  MP_DIGITS(&x) = 0;
+
+  if (a == c) {
+    if ((res = mp_init_copy(&x, a)) != MP_OKAY)
+      return res;
+    if (a == m) 
+      m = &x;
+    a = &x;
+  } else if (m == c) {
+    if ((res = mp_init_copy(&x, m)) != MP_OKAY)
+      return res;
+    m = &x;
+  } else {
+    MP_DIGITS(&x) = 0;
+  }
+
+  MP_CHECKOK( s_mp_almost_inverse(a, m, c) );
+  k = res;
+  MP_CHECKOK( s_mp_fixup_reciprocal(c, m, k, c) );
+CLEANUP:
+  mp_clear(&x);
+  return res;
+}
+
+/* Known good algorithm for computing modular inverse.  But slow. */
+mp_err mp_invmod_xgcd(const mp_int *a, const mp_int *m, mp_int *c)
+{
+  mp_int  g, x;
+  mp_err  res;
+
+  ARGCHK(a && m && c, MP_BADARG);
+
+  if(mp_cmp_z(a) == 0 || mp_cmp_z(m) == 0)
+    return MP_RANGE;
+
+  MP_DIGITS(&g) = 0;
+  MP_DIGITS(&x) = 0;
+  MP_CHECKOK( mp_init(&x) );
+  MP_CHECKOK( mp_init(&g) );
+
+  MP_CHECKOK( mp_xgcd(a, m, &g, &x, NULL) );
+
+  if (mp_cmp_d(&g, 1) != MP_EQ) {
+    res = MP_UNDEF;
+    goto CLEANUP;
+  }
+
+  res = mp_mod(&x, m, c);
+  SIGN(c) = SIGN(a);
+
+CLEANUP:
+  mp_clear(&x);
+  mp_clear(&g);
+
+  return res;
+}
+
+/* modular inverse where modulus is 2**k. */
+/* c = a**-1 mod 2**k */
+mp_err s_mp_invmod_2d(const mp_int *a, mp_size k, mp_int *c)
+{
+  mp_err res;
+  mp_size ix = k + 4;
+  mp_int t0, t1, val, tmp, two2k;
+
+  static const mp_digit d2 = 2;
+  static const mp_int two = { MP_ZPOS, 1, 1, (mp_digit *)&d2 };
+
+  if (mp_iseven(a))
+    return MP_UNDEF;
+  if (k <= MP_DIGIT_BIT) {
+    mp_digit i = s_mp_invmod_radix(MP_DIGIT(a,0));
+    if (k < MP_DIGIT_BIT)
+      i &= ((mp_digit)1 << k) - (mp_digit)1;
+    mp_set(c, i);
+    return MP_OKAY;
+  }
+  MP_DIGITS(&t0) = 0;
+  MP_DIGITS(&t1) = 0;
+  MP_DIGITS(&val) = 0;
+  MP_DIGITS(&tmp) = 0;
+  MP_DIGITS(&two2k) = 0;
+  MP_CHECKOK( mp_init_copy(&val, a) );
+  s_mp_mod_2d(&val, k);
+  MP_CHECKOK( mp_init_copy(&t0, &val) );
+  MP_CHECKOK( mp_init_copy(&t1, &t0)  );
+  MP_CHECKOK( mp_init(&tmp) );
+  MP_CHECKOK( mp_init(&two2k) );
+  MP_CHECKOK( s_mp_2expt(&two2k, k) );
+  do {
+    MP_CHECKOK( mp_mul(&val, &t1, &tmp)  );
+    MP_CHECKOK( mp_sub(&two, &tmp, &tmp) );
+    MP_CHECKOK( mp_mul(&t1, &tmp, &t1)   );
+    s_mp_mod_2d(&t1, k);
+    while (MP_SIGN(&t1) != MP_ZPOS) {
+      MP_CHECKOK( mp_add(&t1, &two2k, &t1) );
+    }
+    if (mp_cmp(&t1, &t0) == MP_EQ) 
+      break;
+    MP_CHECKOK( mp_copy(&t1, &t0) );
+  } while (--ix > 0);
+  if (!ix) {
+    res = MP_UNDEF;
+  } else {
+    mp_exch(c, &t1);
+  }
+
+CLEANUP:
+  mp_clear(&t0);
+  mp_clear(&t1);
+  mp_clear(&val);
+  mp_clear(&tmp);
+  mp_clear(&two2k);
+  return res;
+}
+
+mp_err s_mp_invmod_even_m(const mp_int *a, const mp_int *m, mp_int *c)
+{
+  mp_err res;
+  mp_size k;
+  mp_int oddFactor, evenFactor;	/* factors of the modulus */
+  mp_int oddPart, evenPart;	/* parts to combine via CRT. */
+  mp_int C2, tmp1, tmp2;
+
+  /*static const mp_digit d1 = 1; */
+  /*static const mp_int one = { MP_ZPOS, 1, 1, (mp_digit *)&d1 }; */
+
+  if ((res = s_mp_ispow2(m)) >= 0) {
+    k = res;
+    return s_mp_invmod_2d(a, k, c);
+  }
+  MP_DIGITS(&oddFactor) = 0;
+  MP_DIGITS(&evenFactor) = 0;
+  MP_DIGITS(&oddPart) = 0;
+  MP_DIGITS(&evenPart) = 0;
+  MP_DIGITS(&C2)     = 0;
+  MP_DIGITS(&tmp1)   = 0;
+  MP_DIGITS(&tmp2)   = 0;
+
+  MP_CHECKOK( mp_init_copy(&oddFactor, m) );    /* oddFactor = m */
+  MP_CHECKOK( mp_init(&evenFactor) );
+  MP_CHECKOK( mp_init(&oddPart) );
+  MP_CHECKOK( mp_init(&evenPart) );
+  MP_CHECKOK( mp_init(&C2)     );
+  MP_CHECKOK( mp_init(&tmp1)   );
+  MP_CHECKOK( mp_init(&tmp2)   );
+
+  k = mp_trailing_zeros(m);
+  s_mp_div_2d(&oddFactor, k);
+  MP_CHECKOK( s_mp_2expt(&evenFactor, k) );
+
+  /* compute a**-1 mod oddFactor. */
+  MP_CHECKOK( s_mp_invmod_odd_m(a, &oddFactor, &oddPart) );
+  /* compute a**-1 mod evenFactor, where evenFactor == 2**k. */
+  MP_CHECKOK( s_mp_invmod_2d(   a,       k,    &evenPart) );
+
+  /* Use Chinese Remainer theorem to compute a**-1 mod m. */
+  /* let m1 = oddFactor,  v1 = oddPart, 
+   * let m2 = evenFactor, v2 = evenPart.
+   */
+
+  /* Compute C2 = m1**-1 mod m2. */
+  MP_CHECKOK( s_mp_invmod_2d(&oddFactor, k,    &C2) );
+
+  /* compute u = (v2 - v1)*C2 mod m2 */
+  MP_CHECKOK( mp_sub(&evenPart, &oddPart,   &tmp1) );
+  MP_CHECKOK( mp_mul(&tmp1,     &C2,        &tmp2) );
+  s_mp_mod_2d(&tmp2, k);
+  while (MP_SIGN(&tmp2) != MP_ZPOS) {
+    MP_CHECKOK( mp_add(&tmp2, &evenFactor, &tmp2) );
+  }
+
+  /* compute answer = v1 + u*m1 */
+  MP_CHECKOK( mp_mul(&tmp2,     &oddFactor, c) );
+  MP_CHECKOK( mp_add(&oddPart,  c,          c) );
+  /* not sure this is necessary, but it's low cost if not. */
+  MP_CHECKOK( mp_mod(c,         m,          c) );
+
+CLEANUP:
+  mp_clear(&oddFactor);
+  mp_clear(&evenFactor);
+  mp_clear(&oddPart);
+  mp_clear(&evenPart);
+  mp_clear(&C2);
+  mp_clear(&tmp1);
+  mp_clear(&tmp2);
+  return res;
+}
+
+
+/* {{{ mp_invmod(a, m, c) */
+
+/*
+  mp_invmod(a, m, c)
+
+  Compute c = a^-1 (mod m), if there is an inverse for a (mod m).
+  This is equivalent to the question of whether (a, m) = 1.  If not,
+  MP_UNDEF is returned, and there is no inverse.
+ */
+
+mp_err mp_invmod(const mp_int *a, const mp_int *m, mp_int *c)
+{
+
+  ARGCHK(a && m && c, MP_BADARG);
+
+  if(mp_cmp_z(a) == 0 || mp_cmp_z(m) == 0)
+    return MP_RANGE;
+
+  if (mp_isodd(m)) {
+    return s_mp_invmod_odd_m(a, m, c);
+  }
+  if (mp_iseven(a))
+    return MP_UNDEF;	/* not invertable */
+
+  return s_mp_invmod_even_m(a, m, c);
+
+} /* end mp_invmod() */
+
+/* }}} */
+#endif /* if MP_NUMTH */
+
+/* }}} */
+
+/*------------------------------------------------------------------------*/
+/* {{{ mp_print(mp, ofp) */
+
+#if MP_IOFUNC
+/*
+  mp_print(mp, ofp)
+
+  Print a textual representation of the given mp_int on the output
+  stream 'ofp'.  Output is generated using the internal radix.
+ */
+
+void   mp_print(mp_int *mp, FILE *ofp)
+{
+  int   ix;
+
+  if(mp == NULL || ofp == NULL)
+    return;
+
+  fputc((SIGN(mp) == NEG) ? '-' : '+', ofp);
+
+  for(ix = USED(mp) - 1; ix >= 0; ix--) {
+    fprintf(ofp, DIGIT_FMT, DIGIT(mp, ix));
+  }
+
+} /* end mp_print() */
+
+#endif /* if MP_IOFUNC */
+
+/* }}} */
+
+/*------------------------------------------------------------------------*/
+/* {{{ More I/O Functions */
+
+/* {{{ mp_read_raw(mp, str, len) */
+
+/* 
+   mp_read_raw(mp, str, len)
+
+   Read in a raw value (base 256) into the given mp_int
+ */
+
+mp_err  mp_read_raw(mp_int *mp, char *str, int len)
+{
+  int            ix;
+  mp_err         res;
+  unsigned char *ustr = (unsigned char *)str;
+
+  ARGCHK(mp != NULL && str != NULL && len > 0, MP_BADARG);
+
+  mp_zero(mp);
+
+  /* Get sign from first byte */
+  if(ustr[0])
+    SIGN(mp) = NEG;
+  else
+    SIGN(mp) = ZPOS;
+
+  /* Read the rest of the digits */
+  for(ix = 1; ix < len; ix++) {
+    if((res = mp_mul_d(mp, 256, mp)) != MP_OKAY)
+      return res;
+    if((res = mp_add_d(mp, ustr[ix], mp)) != MP_OKAY)
+      return res;
+  }
+
+  return MP_OKAY;
+
+} /* end mp_read_raw() */
+
+/* }}} */
+
+/* {{{ mp_raw_size(mp) */
+
+int    mp_raw_size(mp_int *mp)
+{
+  ARGCHK(mp != NULL, 0);
+
+  return (USED(mp) * sizeof(mp_digit)) + 1;
+
+} /* end mp_raw_size() */
+
+/* }}} */
+
+/* {{{ mp_toraw(mp, str) */
+
+mp_err mp_toraw(mp_int *mp, char *str)
+{
+  int  ix, jx, pos = 1;
+
+  ARGCHK(mp != NULL && str != NULL, MP_BADARG);
+
+  str[0] = (char)SIGN(mp);
+
+  /* Iterate over each digit... */
+  for(ix = USED(mp) - 1; ix >= 0; ix--) {
+    mp_digit  d = DIGIT(mp, ix);
+
+    /* Unpack digit bytes, high order first */
+    for(jx = sizeof(mp_digit) - 1; jx >= 0; jx--) {
+      str[pos++] = (char)(d >> (jx * CHAR_BIT));
+    }
+  }
+
+  return MP_OKAY;
+
+} /* end mp_toraw() */
+
+/* }}} */
+
+/* {{{ mp_read_radix(mp, str, radix) */
+
+/*
+  mp_read_radix(mp, str, radix)
+
+  Read an integer from the given string, and set mp to the resulting
+  value.  The input is presumed to be in base 10.  Leading non-digit
+  characters are ignored, and the function reads until a non-digit
+  character or the end of the string.
+ */
+
+mp_err  mp_read_radix(mp_int *mp, const char *str, int radix)
+{
+  int     ix = 0, val = 0;
+  mp_err  res;
+  mp_sign sig = ZPOS;
+
+  ARGCHK(mp != NULL && str != NULL && radix >= 2 && radix <= MAX_RADIX, 
+	 MP_BADARG);
+
+  mp_zero(mp);
+
+  /* Skip leading non-digit characters until a digit or '-' or '+' */
+  while(str[ix] && 
+	(s_mp_tovalue(str[ix], radix) < 0) && 
+	str[ix] != '-' &&
+	str[ix] != '+') {
+    ++ix;
+  }
+
+  if(str[ix] == '-') {
+    sig = NEG;
+    ++ix;
+  } else if(str[ix] == '+') {
+    sig = ZPOS; /* this is the default anyway... */
+    ++ix;
+  }
+
+  while((val = s_mp_tovalue(str[ix], radix)) >= 0) {
+    if((res = s_mp_mul_d(mp, radix)) != MP_OKAY)
+      return res;
+    if((res = s_mp_add_d(mp, val)) != MP_OKAY)
+      return res;
+    ++ix;
+  }
+
+  if(s_mp_cmp_d(mp, 0) == MP_EQ)
+    SIGN(mp) = ZPOS;
+  else
+    SIGN(mp) = sig;
+
+  return MP_OKAY;
+
+} /* end mp_read_radix() */
+
+mp_err mp_read_variable_radix(mp_int *a, const char * str, int default_radix)
+{
+  int     radix = default_radix;
+  int     cx;
+  mp_sign sig   = ZPOS;
+  mp_err  res;
+
+  /* Skip leading non-digit characters until a digit or '-' or '+' */
+  while ((cx = *str) != 0 && 
+	(s_mp_tovalue(cx, radix) < 0) && 
+	cx != '-' &&
+	cx != '+') {
+    ++str;
+  }
+
+  if (cx == '-') {
+    sig = NEG;
+    ++str;
+  } else if (cx == '+') {
+    sig = ZPOS; /* this is the default anyway... */
+    ++str;
+  }
+
+  if (str[0] == '0') {
+    if ((str[1] | 0x20) == 'x') {
+      radix = 16;
+      str += 2;
+    } else {
+      radix = 8;
+      str++;
+    }
+  }
+  res = mp_read_radix(a, str, radix);
+  if (res == MP_OKAY) {
+    MP_SIGN(a) = (s_mp_cmp_d(a, 0) == MP_EQ) ? ZPOS : sig;
+  }
+  return res;
+}
+
+/* }}} */
+
+/* {{{ mp_radix_size(mp, radix) */
+
+int    mp_radix_size(mp_int *mp, int radix)
+{
+  int  bits;
+
+  if(!mp || radix < 2 || radix > MAX_RADIX)
+    return 0;
+
+  bits = USED(mp) * DIGIT_BIT - 1;
+ 
+  return s_mp_outlen(bits, radix);
+
+} /* end mp_radix_size() */
+
+/* }}} */
+
+/* {{{ mp_toradix(mp, str, radix) */
+
+mp_err mp_toradix(mp_int *mp, char *str, int radix)
+{
+  int  ix, pos = 0;
+
+  ARGCHK(mp != NULL && str != NULL, MP_BADARG);
+  ARGCHK(radix > 1 && radix <= MAX_RADIX, MP_RANGE);
+
+  if(mp_cmp_z(mp) == MP_EQ) {
+    str[0] = '0';
+    str[1] = '\0';
+  } else {
+    mp_err   res;
+    mp_int   tmp;
+    mp_sign  sgn;
+    mp_digit rem, rdx = (mp_digit)radix;
+    char     ch;
+
+    if((res = mp_init_copy(&tmp, mp)) != MP_OKAY)
+      return res;
+
+    /* Save sign for later, and take absolute value */
+    sgn = SIGN(&tmp); SIGN(&tmp) = ZPOS;
+
+    /* Generate output digits in reverse order      */
+    while(mp_cmp_z(&tmp) != 0) {
+      if((res = mp_div_d(&tmp, rdx, &tmp, &rem)) != MP_OKAY) {
+	mp_clear(&tmp);
+	return res;
+      }
+
+      /* Generate digits, use capital letters */
+      ch = s_mp_todigit(rem, radix, 0);
+
+      str[pos++] = ch;
+    }
+
+    /* Add - sign if original value was negative */
+    if(sgn == NEG)
+      str[pos++] = '-';
+
+    /* Add trailing NUL to end the string        */
+    str[pos--] = '\0';
+
+    /* Reverse the digits and sign indicator     */
+    ix = 0;
+    while(ix < pos) {
+      char tmp = str[ix];
+
+      str[ix] = str[pos];
+      str[pos] = tmp;
+      ++ix;
+      --pos;
+    }
+    
+    mp_clear(&tmp);
+  }
+
+  return MP_OKAY;
+
+} /* end mp_toradix() */
+
+/* }}} */
+
+/* {{{ mp_tovalue(ch, r) */
+
+int    mp_tovalue(char ch, int r)
+{
+  return s_mp_tovalue(ch, r);
+
+} /* end mp_tovalue() */
+
+/* }}} */
+
+/* }}} */
+
+/* {{{ mp_strerror(ec) */
+
+/*
+  mp_strerror(ec)
+
+  Return a string describing the meaning of error code 'ec'.  The
+  string returned is allocated in static memory, so the caller should
+  not attempt to modify or free the memory associated with this
+  string.
+ */
+const char  *mp_strerror(mp_err ec)
+{
+  int   aec = (ec < 0) ? -ec : ec;
+
+  /* Code values are negative, so the senses of these comparisons
+     are accurate */
+  if(ec < MP_LAST_CODE || ec > MP_OKAY) {
+    return mp_err_string[0];  /* unknown error code */
+  } else {
+    return mp_err_string[aec + 1];
+  }
+
+} /* end mp_strerror() */
+
+/* }}} */
+
+/*========================================================================*/
+/*------------------------------------------------------------------------*/
+/* Static function definitions (internal use only)                        */
+
+/* {{{ Memory management */
+
+/* {{{ s_mp_grow(mp, min) */
+
+/* Make sure there are at least 'min' digits allocated to mp              */
+mp_err   s_mp_grow(mp_int *mp, mp_size min)
+{
+  if(min > ALLOC(mp)) {
+    mp_digit   *tmp;
+
+    /* Set min to next nearest default precision block size */
+    min = MP_ROUNDUP(min, s_mp_defprec);
+
+    if((tmp = s_mp_alloc(min, sizeof(mp_digit))) == NULL)
+      return MP_MEM;
+
+    s_mp_copy(DIGITS(mp), tmp, USED(mp));
+
+#if MP_CRYPTO
+    s_mp_setz(DIGITS(mp), ALLOC(mp));
+#endif
+    s_mp_free(DIGITS(mp));
+    DIGITS(mp) = tmp;
+    ALLOC(mp) = min;
+  }
+
+  return MP_OKAY;
+
+} /* end s_mp_grow() */
+
+/* }}} */
+
+/* {{{ s_mp_pad(mp, min) */
+
+/* Make sure the used size of mp is at least 'min', growing if needed     */
+mp_err   s_mp_pad(mp_int *mp, mp_size min)
+{
+  if(min > USED(mp)) {
+    mp_err  res;
+
+    /* Make sure there is room to increase precision  */
+    if (min > ALLOC(mp)) {
+      if ((res = s_mp_grow(mp, min)) != MP_OKAY)
+	return res;
+    } else {
+      s_mp_setz(DIGITS(mp) + USED(mp), min - USED(mp));
+    }
+
+    /* Increase precision; should already be 0-filled */
+    USED(mp) = min;
+  }
+
+  return MP_OKAY;
+
+} /* end s_mp_pad() */
+
+/* }}} */
+
+/* {{{ s_mp_setz(dp, count) */
+
+#if MP_MACRO == 0
+/* Set 'count' digits pointed to by dp to be zeroes                       */
+void s_mp_setz(mp_digit *dp, mp_size count)
+{
+#if MP_MEMSET == 0
+  int  ix;
+
+  for(ix = 0; ix < count; ix++)
+    dp[ix] = 0;
+#else
+  memset(dp, 0, count * sizeof(mp_digit));
+#endif
+
+} /* end s_mp_setz() */
+#endif
+
+/* }}} */
+
+/* {{{ s_mp_copy(sp, dp, count) */
+
+#if MP_MACRO == 0
+/* Copy 'count' digits from sp to dp                                      */
+void s_mp_copy(const mp_digit *sp, mp_digit *dp, mp_size count)
+{
+#if MP_MEMCPY == 0
+  int  ix;
+
+  for(ix = 0; ix < count; ix++)
+    dp[ix] = sp[ix];
+#else
+  memcpy(dp, sp, count * sizeof(mp_digit));
+#endif
+
+} /* end s_mp_copy() */
+#endif
+
+/* }}} */
+
+/* {{{ s_mp_alloc(nb, ni) */
+
+#if MP_MACRO == 0
+/* Allocate ni records of nb bytes each, and return a pointer to that     */
+void    *s_mp_alloc(size_t nb, size_t ni)
+{
+  ++mp_allocs;
+  return calloc(nb, ni);
+
+} /* end s_mp_alloc() */
+#endif
+
+/* }}} */
+
+/* {{{ s_mp_free(ptr) */
+
+#if MP_MACRO == 0
+/* Free the memory pointed to by ptr                                      */
+void     s_mp_free(void *ptr)
+{
+  if(ptr) {
+    ++mp_frees;
+    free(ptr);
+  }
+} /* end s_mp_free() */
+#endif
+
+/* }}} */
+
+/* {{{ s_mp_clamp(mp) */
+
+#if MP_MACRO == 0
+/* Remove leading zeroes from the given value                             */
+void     s_mp_clamp(mp_int *mp)
+{
+  mp_size used = MP_USED(mp);
+  while (used > 1 && DIGIT(mp, used - 1) == 0)
+    --used;
+  MP_USED(mp) = used;
+} /* end s_mp_clamp() */
+#endif
+
+/* }}} */
+
+/* {{{ s_mp_exch(a, b) */
+
+/* Exchange the data for a and b; (b, a) = (a, b)                         */
+void     s_mp_exch(mp_int *a, mp_int *b)
+{
+  mp_int   tmp;
+
+  tmp = *a;
+  *a = *b;
+  *b = tmp;
+
+} /* end s_mp_exch() */
+
+/* }}} */
+
+/* }}} */
+
+/* {{{ Arithmetic helpers */
+
+/* {{{ s_mp_lshd(mp, p) */
+
+/* 
+   Shift mp leftward by p digits, growing if needed, and zero-filling
+   the in-shifted digits at the right end.  This is a convenient
+   alternative to multiplication by powers of the radix
+   The value of USED(mp) must already have been set to the value for
+   the shifted result.
+ */   
+
+mp_err   s_mp_lshd(mp_int *mp, mp_size p)
+{
+  mp_err  res;
+  mp_size pos;
+  int     ix;
+
+  if(p == 0)
+    return MP_OKAY;
+
+  if (MP_USED(mp) == 1 && MP_DIGIT(mp, 0) == 0)
+    return MP_OKAY;
+
+  if((res = s_mp_pad(mp, USED(mp) + p)) != MP_OKAY)
+    return res;
+
+  pos = USED(mp) - 1;
+
+  /* Shift all the significant figures over as needed */
+  for(ix = pos - p; ix >= 0; ix--) 
+    DIGIT(mp, ix + p) = DIGIT(mp, ix);
+
+  /* Fill the bottom digits with zeroes */
+  for(ix = 0; ix < p; ix++)
+    DIGIT(mp, ix) = 0;
+
+  return MP_OKAY;
+
+} /* end s_mp_lshd() */
+
+/* }}} */
+
+/* {{{ s_mp_mul_2d(mp, d) */
+
+/*
+  Multiply the integer by 2^d, where d is a number of bits.  This
+  amounts to a bitwise shift of the value.
+ */
+mp_err   s_mp_mul_2d(mp_int *mp, mp_digit d)
+{
+  mp_err   res;
+  mp_digit dshift, bshift;
+  mp_digit mask;
+
+  ARGCHK(mp != NULL,  MP_BADARG);
+
+  dshift = d / MP_DIGIT_BIT;
+  bshift = d % MP_DIGIT_BIT;
+  /* bits to be shifted out of the top word */
+  mask   = ((mp_digit)~0 << (MP_DIGIT_BIT - bshift)); 
+  mask  &= MP_DIGIT(mp, MP_USED(mp) - 1);
+
+  if (MP_OKAY != (res = s_mp_pad(mp, MP_USED(mp) + dshift + (mask != 0) )))
+    return res;
+
+  if (dshift && MP_OKAY != (res = s_mp_lshd(mp, dshift)))
+    return res;
+
+  if (bshift) { 
+    mp_digit *pa = MP_DIGITS(mp);
+    mp_digit *alim = pa + MP_USED(mp);
+    mp_digit  prev = 0;
+
+    for (pa += dshift; pa < alim; ) {
+      mp_digit x = *pa;
+      *pa++ = (x << bshift) | prev;
+      prev = x >> (DIGIT_BIT - bshift);
+    }
+  }
+
+  s_mp_clamp(mp);
+  return MP_OKAY;
+} /* end s_mp_mul_2d() */
+
+/* {{{ s_mp_rshd(mp, p) */
+
+/* 
+   Shift mp rightward by p digits.  Maintains the invariant that
+   digits above the precision are all zero.  Digits shifted off the
+   end are lost.  Cannot fail.
+ */
+
+void     s_mp_rshd(mp_int *mp, mp_size p)
+{
+  mp_size  ix;
+  mp_digit *src, *dst;
+
+  if(p == 0)
+    return;
+
+  /* Shortcut when all digits are to be shifted off */
+  if(p >= USED(mp)) {
+    s_mp_setz(DIGITS(mp), ALLOC(mp));
+    USED(mp) = 1;
+    SIGN(mp) = ZPOS;
+    return;
+  }
+
+  /* Shift all the significant figures over as needed */
+  dst = MP_DIGITS(mp);
+  src = dst + p;
+  for (ix = USED(mp) - p; ix > 0; ix--)
+    *dst++ = *src++;
+
+  MP_USED(mp) -= p;
+  /* Fill the top digits with zeroes */
+  while (p-- > 0)
+    *dst++ = 0;
+
+#if 0
+  /* Strip off any leading zeroes    */
+  s_mp_clamp(mp);
+#endif
+
+} /* end s_mp_rshd() */
+
+/* }}} */
+
+/* {{{ s_mp_div_2(mp) */
+
+/* Divide by two -- take advantage of radix properties to do it fast      */
+void     s_mp_div_2(mp_int *mp)
+{
+  s_mp_div_2d(mp, 1);
+
+} /* end s_mp_div_2() */
+
+/* }}} */
+
+/* {{{ s_mp_mul_2(mp) */
+
+mp_err s_mp_mul_2(mp_int *mp)
+{
+  mp_digit *pd;
+  int      ix, used;
+  mp_digit kin = 0;
+
+  /* Shift digits leftward by 1 bit */
+  used = MP_USED(mp);
+  pd = MP_DIGITS(mp);
+  for (ix = 0; ix < used; ix++) {
+    mp_digit d = *pd;
+    *pd++ = (d << 1) | kin;
+    kin = (d >> (DIGIT_BIT - 1));
+  }
+
+  /* Deal with rollover from last digit */
+  if (kin) {
+    if (ix >= ALLOC(mp)) {
+      mp_err res;
+      if((res = s_mp_grow(mp, ALLOC(mp) + 1)) != MP_OKAY)
+	return res;
+    }
+
+    DIGIT(mp, ix) = kin;
+    USED(mp) += 1;
+  }
+
+  return MP_OKAY;
+
+} /* end s_mp_mul_2() */
+
+/* }}} */
+
+/* {{{ s_mp_mod_2d(mp, d) */
+
+/*
+  Remainder the integer by 2^d, where d is a number of bits.  This
+  amounts to a bitwise AND of the value, and does not require the full
+  division code
+ */
+void     s_mp_mod_2d(mp_int *mp, mp_digit d)
+{
+  mp_size  ndig = (d / DIGIT_BIT), nbit = (d % DIGIT_BIT);
+  mp_size  ix;
+  mp_digit dmask;
+
+  if(ndig >= USED(mp))
+    return;
+
+  /* Flush all the bits above 2^d in its digit */
+  dmask = ((mp_digit)1 << nbit) - 1;
+  DIGIT(mp, ndig) &= dmask;
+
+  /* Flush all digits above the one with 2^d in it */
+  for(ix = ndig + 1; ix < USED(mp); ix++)
+    DIGIT(mp, ix) = 0;
+
+  s_mp_clamp(mp);
+
+} /* end s_mp_mod_2d() */
+
+/* }}} */
+
+/* {{{ s_mp_div_2d(mp, d) */
+
+/*
+  Divide the integer by 2^d, where d is a number of bits.  This
+  amounts to a bitwise shift of the value, and does not require the
+  full division code (used in Barrett reduction, see below)
+ */
+void     s_mp_div_2d(mp_int *mp, mp_digit d)
+{
+  int       ix;
+  mp_digit  save, next, mask;
+
+  s_mp_rshd(mp, d / DIGIT_BIT);
+  d %= DIGIT_BIT;
+  if (d) {
+    mask = ((mp_digit)1 << d) - 1;
+    save = 0;
+    for(ix = USED(mp) - 1; ix >= 0; ix--) {
+      next = DIGIT(mp, ix) & mask;
+      DIGIT(mp, ix) = (DIGIT(mp, ix) >> d) | (save << (DIGIT_BIT - d));
+      save = next;
+    }
+  }
+  s_mp_clamp(mp);
+
+} /* end s_mp_div_2d() */
+
+/* }}} */
+
+/* {{{ s_mp_norm(a, b, *d) */
+
+/*
+  s_mp_norm(a, b, *d)
+
+  Normalize a and b for division, where b is the divisor.  In order
+  that we might make good guesses for quotient digits, we want the
+  leading digit of b to be at least half the radix, which we
+  accomplish by multiplying a and b by a power of 2.  The exponent 
+  (shift count) is placed in *pd, so that the remainder can be shifted 
+  back at the end of the division process.
+ */
+
+mp_err   s_mp_norm(mp_int *a, mp_int *b, mp_digit *pd)
+{
+  mp_digit  d;
+  mp_digit  mask;
+  mp_digit  b_msd;
+  mp_err    res    = MP_OKAY;
+
+  d = 0;
+  mask  = DIGIT_MAX & ~(DIGIT_MAX >> 1);	/* mask is msb of digit */
+  b_msd = DIGIT(b, USED(b) - 1);
+  while (!(b_msd & mask)) {
+    b_msd <<= 1;
+    ++d;
+  }
+
+  if (d) {
+    MP_CHECKOK( s_mp_mul_2d(a, d) );
+    MP_CHECKOK( s_mp_mul_2d(b, d) );
+  }
+
+  *pd = d;
+CLEANUP:
+  return res;
+
+} /* end s_mp_norm() */
+
+/* }}} */
+
+/* }}} */
+
+/* {{{ Primitive digit arithmetic */
+
+/* {{{ s_mp_add_d(mp, d) */
+
+/* Add d to |mp| in place                                                 */
+mp_err   s_mp_add_d(mp_int *mp, mp_digit d)    /* unsigned digit addition */
+{
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
+  mp_word   w, k = 0;
+  mp_size   ix = 1;
+
+  w = (mp_word)DIGIT(mp, 0) + d;
+  DIGIT(mp, 0) = ACCUM(w);
+  k = CARRYOUT(w);
+
+  while(ix < USED(mp) && k) {
+    w = (mp_word)DIGIT(mp, ix) + k;
+    DIGIT(mp, ix) = ACCUM(w);
+    k = CARRYOUT(w);
+    ++ix;
+  }
+
+  if(k != 0) {
+    mp_err  res;
+
+    if((res = s_mp_pad(mp, USED(mp) + 1)) != MP_OKAY)
+      return res;
+
+    DIGIT(mp, ix) = (mp_digit)k;
+  }
+
+  return MP_OKAY;
+#else
+  mp_digit * pmp = MP_DIGITS(mp);
+  mp_digit sum, mp_i, carry = 0;
+  mp_err   res = MP_OKAY;
+  int used = (int)MP_USED(mp);
+
+  mp_i = *pmp;
+  *pmp++ = sum = d + mp_i;
+  carry = (sum < d);
+  while (carry && --used > 0) {
+    mp_i = *pmp;
+    *pmp++ = sum = carry + mp_i;
+    carry = !sum;
+  }
+  if (carry && !used) {
+    /* mp is growing */
+    used = MP_USED(mp);
+    MP_CHECKOK( s_mp_pad(mp, used + 1) );
+    MP_DIGIT(mp, used) = carry;
+  }
+CLEANUP:
+  return res;
+#endif
+} /* end s_mp_add_d() */
+
+/* }}} */
+
+/* {{{ s_mp_sub_d(mp, d) */
+
+/* Subtract d from |mp| in place, assumes |mp| > d                        */
+mp_err   s_mp_sub_d(mp_int *mp, mp_digit d)    /* unsigned digit subtract */
+{
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
+  mp_word   w, b = 0;
+  mp_size   ix = 1;
+
+  /* Compute initial subtraction    */
+  w = (RADIX + (mp_word)DIGIT(mp, 0)) - d;
+  b = CARRYOUT(w) ? 0 : 1;
+  DIGIT(mp, 0) = ACCUM(w);
+
+  /* Propagate borrows leftward     */
+  while(b && ix < USED(mp)) {
+    w = (RADIX + (mp_word)DIGIT(mp, ix)) - b;
+    b = CARRYOUT(w) ? 0 : 1;
+    DIGIT(mp, ix) = ACCUM(w);
+    ++ix;
+  }
+
+  /* Remove leading zeroes          */
+  s_mp_clamp(mp);
+
+  /* If we have a borrow out, it's a violation of the input invariant */
+  if(b)
+    return MP_RANGE;
+  else
+    return MP_OKAY;
+#else
+  mp_digit *pmp = MP_DIGITS(mp);
+  mp_digit mp_i, diff, borrow;
+  mp_size  used = MP_USED(mp);
+
+  mp_i = *pmp;
+  *pmp++ = diff = mp_i - d;
+  borrow = (diff > mp_i);
+  while (borrow && --used) {
+    mp_i = *pmp;
+    *pmp++ = diff = mp_i - borrow;
+    borrow = (diff > mp_i);
+  }
+  s_mp_clamp(mp);
+  return (borrow && !used) ? MP_RANGE : MP_OKAY;
+#endif
+} /* end s_mp_sub_d() */
+
+/* }}} */
+
+/* {{{ s_mp_mul_d(a, d) */
+
+/* Compute a = a * d, single digit multiplication                         */
+mp_err   s_mp_mul_d(mp_int *a, mp_digit d)
+{
+  mp_err  res;
+  mp_size used;
+  int     pow;
+
+  if (!d) {
+    mp_zero(a);
+    return MP_OKAY;
+  }
+  if (d == 1)
+    return MP_OKAY;
+  if (0 <= (pow = s_mp_ispow2d(d))) {
+    return s_mp_mul_2d(a, (mp_digit)pow);
+  }
+
+  used = MP_USED(a);
+  MP_CHECKOK( s_mp_pad(a, used + 1) );
+
+  s_mpv_mul_d(MP_DIGITS(a), used, d, MP_DIGITS(a));
+
+  s_mp_clamp(a);
+
+CLEANUP:
+  return res;
+  
+} /* end s_mp_mul_d() */
+
+/* }}} */
+
+/* {{{ s_mp_div_d(mp, d, r) */
+
+/*
+  s_mp_div_d(mp, d, r)
+
+  Compute the quotient mp = mp / d and remainder r = mp mod d, for a
+  single digit d.  If r is null, the remainder will be discarded.
+ */
+
+mp_err   s_mp_div_d(mp_int *mp, mp_digit d, mp_digit *r)
+{
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_DIV_WORD)
+  mp_word   w = 0, q;
+#else
+  mp_digit  w, q;
+#endif
+  int       ix;
+  mp_err    res;
+  mp_int    quot;
+  mp_int    rem;
+
+  if(d == 0)
+    return MP_RANGE;
+  if (d == 1) {
+    if (r)
+      *r = 0;
+    return MP_OKAY;
+  }
+  /* could check for power of 2 here, but mp_div_d does that. */
+  if (MP_USED(mp) == 1) {
+    mp_digit n   = MP_DIGIT(mp,0);
+    mp_digit rem;
+
+    q   = n / d;
+    rem = n % d;
+    MP_DIGIT(mp,0) = q;
+    if (r)
+      *r = rem;
+    return MP_OKAY;
+  }
+
+  MP_DIGITS(&rem)  = 0;
+  MP_DIGITS(&quot) = 0;
+  /* Make room for the quotient */
+  MP_CHECKOK( mp_init_size(&quot, USED(mp)) );
+
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_DIV_WORD)
+  for(ix = USED(mp) - 1; ix >= 0; ix--) {
+    w = (w << DIGIT_BIT) | DIGIT(mp, ix);
+
+    if(w >= d) {
+      q = w / d;
+      w = w % d;
+    } else {
+      q = 0;
+    }
+
+    s_mp_lshd(&quot, 1);
+    DIGIT(&quot, 0) = (mp_digit)q;
+  }
+#else
+  {
+    mp_digit p;
+#if !defined(MP_ASSEMBLY_DIV_2DX1D)
+    mp_digit norm;
+#endif
+
+    MP_CHECKOK( mp_init_copy(&rem, mp) );
+
+#if !defined(MP_ASSEMBLY_DIV_2DX1D)
+    MP_DIGIT(&quot, 0) = d;
+    MP_CHECKOK( s_mp_norm(&rem, &quot, &norm) );
+    if (norm)
+      d <<= norm;
+    MP_DIGIT(&quot, 0) = 0;
+#endif
+
+    p = 0;
+    for (ix = USED(&rem) - 1; ix >= 0; ix--) {
+      w = DIGIT(&rem, ix);
+
+      if (p) {
+        MP_CHECKOK( s_mpv_div_2dx1d(p, w, d, &q, &w) );
+      } else if (w >= d) {
+	q = w / d;
+	w = w % d;
+      } else {
+	q = 0;
+      }
+
+      MP_CHECKOK( s_mp_lshd(&quot, 1) );
+      DIGIT(&quot, 0) = q;
+      p = w;
+    }
+#if !defined(MP_ASSEMBLY_DIV_2DX1D)
+    if (norm)
+      w >>= norm;
+#endif
+  }
+#endif
+
+  /* Deliver the remainder, if desired */
+  if(r)
+    *r = (mp_digit)w;
+
+  s_mp_clamp(&quot);
+  mp_exch(&quot, mp);
+CLEANUP:
+  mp_clear(&quot);
+  mp_clear(&rem);
+
+  return res;
+} /* end s_mp_div_d() */
+
+/* }}} */
+
+
+/* }}} */
+
+/* {{{ Primitive full arithmetic */
+
+/* {{{ s_mp_add(a, b) */
+
+/* Compute a = |a| + |b|                                                  */
+mp_err   s_mp_add(mp_int *a, const mp_int *b)  /* magnitude addition      */
+{
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
+  mp_word   w = 0;
+#else
+  mp_digit  d, sum, carry = 0;
+#endif
+  mp_digit *pa, *pb;
+  mp_size   ix;
+  mp_size   used;
+  mp_err    res;
+
+  /* Make sure a has enough precision for the output value */
+  if((USED(b) > USED(a)) && (res = s_mp_pad(a, USED(b))) != MP_OKAY)
+    return res;
+
+  /*
+    Add up all digits up to the precision of b.  If b had initially
+    the same precision as a, or greater, we took care of it by the
+    padding step above, so there is no problem.  If b had initially
+    less precision, we'll have to make sure the carry out is duly
+    propagated upward among the higher-order digits of the sum.
+   */
+  pa = MP_DIGITS(a);
+  pb = MP_DIGITS(b);
+  used = MP_USED(b);
+  for(ix = 0; ix < used; ix++) {
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
+    w = w + *pa + *pb++;
+    *pa++ = ACCUM(w);
+    w = CARRYOUT(w);
+#else
+    d = *pa;
+    sum = d + *pb++;
+    d = (sum < d);			/* detect overflow */
+    *pa++ = sum += carry;
+    carry = d + (sum < carry);		/* detect overflow */
+#endif
+  }
+
+  /* If we run out of 'b' digits before we're actually done, make
+     sure the carries get propagated upward...  
+   */
+  used = MP_USED(a);
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
+  while (w && ix < used) {
+    w = w + *pa;
+    *pa++ = ACCUM(w);
+    w = CARRYOUT(w);
+    ++ix;
+  }
+#else
+  while (carry && ix < used) {
+    sum = carry + *pa;
+    *pa++ = sum;
+    carry = !sum;
+    ++ix;
+  }
+#endif
+
+  /* If there's an overall carry out, increase precision and include
+     it.  We could have done this initially, but why touch the memory
+     allocator unless we're sure we have to?
+   */
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
+  if (w) {
+    if((res = s_mp_pad(a, used + 1)) != MP_OKAY)
+      return res;
+
+    DIGIT(a, ix) = (mp_digit)w;
+  }
+#else
+  if (carry) {
+    if((res = s_mp_pad(a, used + 1)) != MP_OKAY)
+      return res;
+
+    DIGIT(a, used) = carry;
+  }
+#endif
+
+  return MP_OKAY;
+} /* end s_mp_add() */
+
+/* }}} */
+
+/* Compute c = |a| + |b|         */ /* magnitude addition      */
+mp_err   s_mp_add_3arg(const mp_int *a, const mp_int *b, mp_int *c)  
+{
+  mp_digit *pa, *pb, *pc;
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
+  mp_word   w = 0;
+#else
+  mp_digit  sum, carry = 0, d;
+#endif
+  mp_size   ix;
+  mp_size   used;
+  mp_err    res;
+
+  MP_SIGN(c) = MP_SIGN(a);
+  if (MP_USED(a) < MP_USED(b)) {
+    const mp_int *xch = a;
+    a = b;
+    b = xch;
+  }
+
+  /* Make sure a has enough precision for the output value */
+  if (MP_OKAY != (res = s_mp_pad(c, MP_USED(a))))
+    return res;
+
+  /*
+    Add up all digits up to the precision of b.  If b had initially
+    the same precision as a, or greater, we took care of it by the
+    exchange step above, so there is no problem.  If b had initially
+    less precision, we'll have to make sure the carry out is duly
+    propagated upward among the higher-order digits of the sum.
+   */
+  pa = MP_DIGITS(a);
+  pb = MP_DIGITS(b);
+  pc = MP_DIGITS(c);
+  used = MP_USED(b);
+  for (ix = 0; ix < used; ix++) {
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
+    w = w + *pa++ + *pb++;
+    *pc++ = ACCUM(w);
+    w = CARRYOUT(w);
+#else
+    d = *pa++;
+    sum = d + *pb++;
+    d = (sum < d);			/* detect overflow */
+    *pc++ = sum += carry;
+    carry = d + (sum < carry);		/* detect overflow */
+#endif
+  }
+
+  /* If we run out of 'b' digits before we're actually done, make
+     sure the carries get propagated upward...  
+   */
+  for (used = MP_USED(a); ix < used; ++ix) {
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
+    w = w + *pa++;
+    *pc++ = ACCUM(w);
+    w = CARRYOUT(w);
+#else
+    *pc++ = sum = carry + *pa++;
+    carry = (sum < carry);
+#endif
+  }
+
+  /* If there's an overall carry out, increase precision and include
+     it.  We could have done this initially, but why touch the memory
+     allocator unless we're sure we have to?
+   */
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
+  if (w) {
+    if((res = s_mp_pad(c, used + 1)) != MP_OKAY)
+      return res;
+
+    DIGIT(c, used) = (mp_digit)w;
+    ++used;
+  }
+#else
+  if (carry) {
+    if((res = s_mp_pad(c, used + 1)) != MP_OKAY)
+      return res;
+
+    DIGIT(c, used) = carry;
+    ++used;
+  }
+#endif
+  MP_USED(c) = used;
+  return MP_OKAY;
+}
+/* {{{ s_mp_add_offset(a, b, offset) */
+
+/* Compute a = |a| + ( |b| * (RADIX ** offset) )             */
+mp_err   s_mp_add_offset(mp_int *a, mp_int *b, mp_size offset)   
+{
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
+  mp_word   w, k = 0;
+#else
+  mp_digit  d, sum, carry = 0;
+#endif
+  mp_size   ib;
+  mp_size   ia;
+  mp_size   lim;
+  mp_err    res;
+
+  /* Make sure a has enough precision for the output value */
+  lim = MP_USED(b) + offset;
+  if((lim > USED(a)) && (res = s_mp_pad(a, lim)) != MP_OKAY)
+    return res;
+
+  /*
+    Add up all digits up to the precision of b.  If b had initially
+    the same precision as a, or greater, we took care of it by the
+    padding step above, so there is no problem.  If b had initially
+    less precision, we'll have to make sure the carry out is duly
+    propagated upward among the higher-order digits of the sum.
+   */
+  lim = USED(b);
+  for(ib = 0, ia = offset; ib < lim; ib++, ia++) {
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
+    w = (mp_word)DIGIT(a, ia) + DIGIT(b, ib) + k;
+    DIGIT(a, ia) = ACCUM(w);
+    k = CARRYOUT(w);
+#else
+    d = MP_DIGIT(a, ia);
+    sum = d + MP_DIGIT(b, ib);
+    d = (sum < d);
+    MP_DIGIT(a,ia) = sum += carry;
+    carry = d + (sum < carry);
+#endif
+  }
+
+  /* If we run out of 'b' digits before we're actually done, make
+     sure the carries get propagated upward...  
+   */
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
+  for (lim = MP_USED(a); k && (ia < lim); ++ia) {
+    w = (mp_word)DIGIT(a, ia) + k;
+    DIGIT(a, ia) = ACCUM(w);
+    k = CARRYOUT(w);
+  }
+#else
+  for (lim = MP_USED(a); carry && (ia < lim); ++ia) {
+    d = MP_DIGIT(a, ia);
+    MP_DIGIT(a,ia) = sum = d + carry;
+    carry = (sum < d);
+  }
+#endif
+
+  /* If there's an overall carry out, increase precision and include
+     it.  We could have done this initially, but why touch the memory
+     allocator unless we're sure we have to?
+   */
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
+  if(k) {
+    if((res = s_mp_pad(a, USED(a) + 1)) != MP_OKAY)
+      return res;
+
+    DIGIT(a, ia) = (mp_digit)k;
+  }
+#else
+  if (carry) {
+    if((res = s_mp_pad(a, lim + 1)) != MP_OKAY)
+      return res;
+
+    DIGIT(a, lim) = carry;
+  }
+#endif
+  s_mp_clamp(a);
+
+  return MP_OKAY;
+
+} /* end s_mp_add_offset() */
+
+/* }}} */
+
+/* {{{ s_mp_sub(a, b) */
+
+/* Compute a = |a| - |b|, assumes |a| >= |b|                              */
+mp_err   s_mp_sub(mp_int *a, const mp_int *b)  /* magnitude subtract      */
+{
+  mp_digit *pa, *pb, *limit;
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
+  mp_sword  w = 0;
+#else
+  mp_digit  d, diff, borrow = 0;
+#endif
+
+  /*
+    Subtract and propagate borrow.  Up to the precision of b, this
+    accounts for the digits of b; after that, we just make sure the
+    carries get to the right place.  This saves having to pad b out to
+    the precision of a just to make the loops work right...
+   */
+  pa = MP_DIGITS(a);
+  pb = MP_DIGITS(b);
+  limit = pb + MP_USED(b);
+  while (pb < limit) {
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
+    w = w + *pa - *pb++;
+    *pa++ = ACCUM(w);
+    w >>= MP_DIGIT_BIT;
+#else
+    d = *pa;
+    diff = d - *pb++;
+    d = (diff > d);				/* detect borrow */
+    if (borrow && --diff == MP_DIGIT_MAX)
+      ++d;
+    *pa++ = diff;
+    borrow = d;	
+#endif
+  }
+  limit = MP_DIGITS(a) + MP_USED(a);
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
+  while (w && pa < limit) {
+    w = w + *pa;
+    *pa++ = ACCUM(w);
+    w >>= MP_DIGIT_BIT;
+  }
+#else
+  while (borrow && pa < limit) {
+    d = *pa;
+    *pa++ = diff = d - borrow;
+    borrow = (diff > d);
+  }
+#endif
+
+  /* Clobber any leading zeroes we created    */
+  s_mp_clamp(a);
+
+  /* 
+     If there was a borrow out, then |b| > |a| in violation
+     of our input invariant.  We've already done the work,
+     but we'll at least complain about it...
+   */
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
+  return w ? MP_RANGE : MP_OKAY;
+#else
+  return borrow ? MP_RANGE : MP_OKAY;
+#endif
+} /* end s_mp_sub() */
+
+/* }}} */
+
+/* Compute c = |a| - |b|, assumes |a| >= |b| */ /* magnitude subtract      */
+mp_err   s_mp_sub_3arg(const mp_int *a, const mp_int *b, mp_int *c)  
+{
+  mp_digit *pa, *pb, *pc;
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
+  mp_sword  w = 0;
+#else
+  mp_digit  d, diff, borrow = 0;
+#endif
+  int       ix, limit;
+  mp_err    res;
+
+  MP_SIGN(c) = MP_SIGN(a);
+
+  /* Make sure a has enough precision for the output value */
+  if (MP_OKAY != (res = s_mp_pad(c, MP_USED(a))))
+    return res;
+
+  /*
+    Subtract and propagate borrow.  Up to the precision of b, this
+    accounts for the digits of b; after that, we just make sure the
+    carries get to the right place.  This saves having to pad b out to
+    the precision of a just to make the loops work right...
+   */
+  pa = MP_DIGITS(a);
+  pb = MP_DIGITS(b);
+  pc = MP_DIGITS(c);
+  limit = MP_USED(b);
+  for (ix = 0; ix < limit; ++ix) {
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
+    w = w + *pa++ - *pb++;
+    *pc++ = ACCUM(w);
+    w >>= MP_DIGIT_BIT;
+#else
+    d = *pa++;
+    diff = d - *pb++;
+    d = (diff > d);
+    if (borrow && --diff == MP_DIGIT_MAX)
+      ++d;
+    *pc++ = diff;
+    borrow = d;
+#endif
+  }
+  for (limit = MP_USED(a); ix < limit; ++ix) {
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
+    w = w + *pa++;
+    *pc++ = ACCUM(w);
+    w >>= MP_DIGIT_BIT;
+#else
+    d = *pa++;
+    *pc++ = diff = d - borrow;
+    borrow = (diff > d);
+#endif
+  }
+
+  /* Clobber any leading zeroes we created    */
+  MP_USED(c) = ix;
+  s_mp_clamp(c);
+
+  /* 
+     If there was a borrow out, then |b| > |a| in violation
+     of our input invariant.  We've already done the work,
+     but we'll at least complain about it...
+   */
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
+  return w ? MP_RANGE : MP_OKAY;
+#else
+  return borrow ? MP_RANGE : MP_OKAY;
+#endif
+}
+/* {{{ s_mp_mul(a, b) */
+
+/* Compute a = |a| * |b|                                                  */
+mp_err   s_mp_mul(mp_int *a, const mp_int *b)
+{
+  return mp_mul(a, b, a);
+} /* end s_mp_mul() */
+
+/* }}} */
+
+#if defined(MP_USE_UINT_DIGIT) && defined(MP_USE_LONG_LONG_MULTIPLY)
+/* This trick works on Sparc V8 CPUs with the Workshop compilers. */
+#define MP_MUL_DxD(a, b, Phi, Plo) \
+  { unsigned long long product = (unsigned long long)a * b; \
+    Plo = (mp_digit)product; \
+    Phi = (mp_digit)(product >> MP_DIGIT_BIT); }
+#elif defined(OSF1)
+#define MP_MUL_DxD(a, b, Phi, Plo) \
+  { Plo = asm ("mulq %a0, %a1, %v0", a, b);\
+    Phi = asm ("umulh %a0, %a1, %v0", a, b); }
+#else
+#define MP_MUL_DxD(a, b, Phi, Plo) \
+  { mp_digit a0b1, a1b0; \
+    Plo = (a & MP_HALF_DIGIT_MAX) * (b & MP_HALF_DIGIT_MAX); \
+    Phi = (a >> MP_HALF_DIGIT_BIT) * (b >> MP_HALF_DIGIT_BIT); \
+    a0b1 = (a & MP_HALF_DIGIT_MAX) * (b >> MP_HALF_DIGIT_BIT); \
+    a1b0 = (a >> MP_HALF_DIGIT_BIT) * (b & MP_HALF_DIGIT_MAX); \
+    a1b0 += a0b1; \
+    Phi += a1b0 >> MP_HALF_DIGIT_BIT; \
+    if (a1b0 < a0b1)  \
+      Phi += MP_HALF_RADIX; \
+    a1b0 <<= MP_HALF_DIGIT_BIT; \
+    Plo += a1b0; \
+    if (Plo < a1b0) \
+      ++Phi; \
+  }
+#endif
+
+#if !defined(MP_ASSEMBLY_MULTIPLY)
+/* c = a * b */
+void s_mpv_mul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+{
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_MUL_WORD)
+  mp_digit   d = 0;
+
+  /* Inner product:  Digits of a */
+  while (a_len--) {
+    mp_word w = ((mp_word)b * *a++) + d;
+    *c++ = ACCUM(w);
+    d = CARRYOUT(w);
+  }
+  *c = d;
+#else
+  mp_digit carry = 0;
+  while (a_len--) {
+    mp_digit a_i = *a++;
+    mp_digit a0b0, a1b1;
+
+    MP_MUL_DxD(a_i, b, a1b1, a0b0);
+
+    a0b0 += carry;
+    if (a0b0 < carry)
+      ++a1b1;
+    *c++ = a0b0;
+    carry = a1b1;
+  }
+  *c = carry;
+#endif
+}
+
+/* c += a * b */
+void s_mpv_mul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, 
+			      mp_digit *c)
+{
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_MUL_WORD)
+  mp_digit   d = 0;
+
+  /* Inner product:  Digits of a */
+  while (a_len--) {
+    mp_word w = ((mp_word)b * *a++) + *c + d;
+    *c++ = ACCUM(w);
+    d = CARRYOUT(w);
+  }
+  *c = d;
+#else
+  mp_digit carry = 0;
+  while (a_len--) {
+    mp_digit a_i = *a++;
+    mp_digit a0b0, a1b1;
+
+    MP_MUL_DxD(a_i, b, a1b1, a0b0);
+
+    a0b0 += carry;
+    if (a0b0 < carry)
+      ++a1b1;
+    a0b0 += a_i = *c;
+    if (a0b0 < a_i)
+      ++a1b1;
+    *c++ = a0b0;
+    carry = a1b1;
+  }
+  *c = carry;
+#endif
+}
+
+/* Presently, this is only used by the Montgomery arithmetic code. */
+/* c += a * b */
+void s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+{
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_MUL_WORD)
+  mp_digit   d = 0;
+
+  /* Inner product:  Digits of a */
+  while (a_len--) {
+    mp_word w = ((mp_word)b * *a++) + *c + d;
+    *c++ = ACCUM(w);
+    d = CARRYOUT(w);
+  }
+
+  while (d) {
+    mp_word w = (mp_word)*c + d;
+    *c++ = ACCUM(w);
+    d = CARRYOUT(w);
+  }
+#else
+  mp_digit carry = 0;
+  while (a_len--) {
+    mp_digit a_i = *a++;
+    mp_digit a0b0, a1b1;
+
+    MP_MUL_DxD(a_i, b, a1b1, a0b0);
+
+    a0b0 += carry;
+    if (a0b0 < carry)
+      ++a1b1;
+
+    a0b0 += a_i = *c;
+    if (a0b0 < a_i)
+      ++a1b1;
+
+    *c++ = a0b0;
+    carry = a1b1;
+  }
+  while (carry) {
+    mp_digit c_i = *c;
+    carry += c_i;
+    *c++ = carry;
+    carry = carry < c_i;
+  }
+#endif
+}
+#endif
+
+#if defined(MP_USE_UINT_DIGIT) && defined(MP_USE_LONG_LONG_MULTIPLY)
+/* This trick works on Sparc V8 CPUs with the Workshop compilers. */
+#define MP_SQR_D(a, Phi, Plo) \
+  { unsigned long long square = (unsigned long long)a * a; \
+    Plo = (mp_digit)square; \
+    Phi = (mp_digit)(square >> MP_DIGIT_BIT); }
+#elif defined(OSF1)
+#define MP_SQR_D(a, Phi, Plo) \
+  { Plo = asm ("mulq  %a0, %a0, %v0", a);\
+    Phi = asm ("umulh %a0, %a0, %v0", a); }
+#else
+#define MP_SQR_D(a, Phi, Plo) \
+  { mp_digit Pmid; \
+    Plo  = (a  & MP_HALF_DIGIT_MAX) * (a  & MP_HALF_DIGIT_MAX); \
+    Phi  = (a >> MP_HALF_DIGIT_BIT) * (a >> MP_HALF_DIGIT_BIT); \
+    Pmid = (a  & MP_HALF_DIGIT_MAX) * (a >> MP_HALF_DIGIT_BIT); \
+    Phi += Pmid >> (MP_HALF_DIGIT_BIT - 1);  \
+    Pmid <<= (MP_HALF_DIGIT_BIT + 1);  \
+    Plo += Pmid;  \
+    if (Plo < Pmid)  \
+      ++Phi;  \
+  }
+#endif
+
+#if !defined(MP_ASSEMBLY_SQUARE)
+/* Add the squares of the digits of a to the digits of b. */
+void s_mpv_sqr_add_prop(const mp_digit *pa, mp_size a_len, mp_digit *ps)
+{
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_MUL_WORD)
+  mp_word  w;
+  mp_digit d;
+  mp_size  ix;
+
+  w  = 0;
+#define ADD_SQUARE(n) \
+    d = pa[n]; \
+    w += (d * (mp_word)d) + ps[2*n]; \
+    ps[2*n] = ACCUM(w); \
+    w = (w >> DIGIT_BIT) + ps[2*n+1]; \
+    ps[2*n+1] = ACCUM(w); \
+    w = (w >> DIGIT_BIT)
+
+  for (ix = a_len; ix >= 4; ix -= 4) {
+    ADD_SQUARE(0);
+    ADD_SQUARE(1);
+    ADD_SQUARE(2);
+    ADD_SQUARE(3);
+    pa += 4;
+    ps += 8;
+  }
+  if (ix) {
+    ps += 2*ix;
+    pa += ix;
+    switch (ix) {
+    case 3: ADD_SQUARE(-3); /* FALLTHRU */
+    case 2: ADD_SQUARE(-2); /* FALLTHRU */
+    case 1: ADD_SQUARE(-1); /* FALLTHRU */
+    case 0: break;
+    }
+  }
+  while (w) {
+    w += *ps;
+    *ps++ = ACCUM(w);
+    w = (w >> DIGIT_BIT);
+  }
+#else
+  mp_digit carry = 0;
+  while (a_len--) {
+    mp_digit a_i = *pa++;
+    mp_digit a0a0, a1a1;
+
+    MP_SQR_D(a_i, a1a1, a0a0);
+
+    /* here a1a1 and a0a0 constitute a_i ** 2 */
+    a0a0 += carry;
+    if (a0a0 < carry)
+      ++a1a1;
+
+    /* now add to ps */
+    a0a0 += a_i = *ps;
+    if (a0a0 < a_i)
+      ++a1a1;
+    *ps++ = a0a0;
+    a1a1 += a_i = *ps;
+    carry = (a1a1 < a_i);
+    *ps++ = a1a1;
+  }
+  while (carry) {
+    mp_digit s_i = *ps;
+    carry += s_i;
+    *ps++ = carry;
+    carry = carry < s_i;
+  }
+#endif
+}
+#endif
+
+#if (defined(MP_NO_MP_WORD) || defined(MP_NO_DIV_WORD)) \
+&& !defined(MP_ASSEMBLY_DIV_2DX1D)
+/*
+** Divide 64-bit (Nhi,Nlo) by 32-bit divisor, which must be normalized 
+** so its high bit is 1.   This code is from NSPR.
+*/
+mp_err s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo, mp_digit divisor, 
+		       mp_digit *qp, mp_digit *rp)
+{
+    mp_digit d1, d0, q1, q0;
+    mp_digit r1, r0, m;
+
+    d1 = divisor >> MP_HALF_DIGIT_BIT;
+    d0 = divisor & MP_HALF_DIGIT_MAX;
+    r1 = Nhi % d1;
+    q1 = Nhi / d1;
+    m = q1 * d0;
+    r1 = (r1 << MP_HALF_DIGIT_BIT) | (Nlo >> MP_HALF_DIGIT_BIT);
+    if (r1 < m) {
+        q1--, r1 += divisor;
+        if (r1 >= divisor && r1 < m) {
+	    q1--, r1 += divisor;
+	}
+    }
+    r1 -= m;
+    r0 = r1 % d1;
+    q0 = r1 / d1;
+    m = q0 * d0;
+    r0 = (r0 << MP_HALF_DIGIT_BIT) | (Nlo & MP_HALF_DIGIT_MAX);
+    if (r0 < m) {
+        q0--, r0 += divisor;
+        if (r0 >= divisor && r0 < m) {
+	    q0--, r0 += divisor;
+	}
+    }
+    if (qp)
+	*qp = (q1 << MP_HALF_DIGIT_BIT) | q0;
+    if (rp)
+	*rp = r0 - m;
+    return MP_OKAY;
+}
+#endif
+
+#if MP_SQUARE
+/* {{{ s_mp_sqr(a) */
+
+mp_err   s_mp_sqr(mp_int *a)
+{
+  mp_err   res;
+  mp_int   tmp;
+
+  if((res = mp_init_size(&tmp, 2 * USED(a))) != MP_OKAY)
+    return res;
+  res = mp_sqr(a, &tmp);
+  if (res == MP_OKAY) {
+    s_mp_exch(&tmp, a);
+  }
+  mp_clear(&tmp);
+  return res;
+}
+
+/* }}} */
+#endif
+
+/* {{{ s_mp_div(a, b) */
+
+/*
+  s_mp_div(a, b)
+
+  Compute a = a / b and b = a mod b.  Assumes b > a.
+ */
+
+mp_err   s_mp_div(mp_int *rem, 	/* i: dividend, o: remainder */
+                  mp_int *div, 	/* i: divisor                */
+		  mp_int *quot)	/* i: 0;        o: quotient  */
+{
+  mp_int   part, t;
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_DIV_WORD)
+  mp_word  q_msd;
+#else
+  mp_digit q_msd;
+#endif
+  mp_err   res;
+  mp_digit d;
+  mp_digit div_msd;
+  int      ix;
+
+  if(mp_cmp_z(div) == 0)
+    return MP_RANGE;
+
+  /* Shortcut if divisor is power of two */
+  if((ix = s_mp_ispow2(div)) >= 0) {
+    MP_CHECKOK( mp_copy(rem, quot) );
+    s_mp_div_2d(quot, (mp_digit)ix);
+    s_mp_mod_2d(rem,  (mp_digit)ix);
+
+    return MP_OKAY;
+  }
+
+  DIGITS(&t) = 0;
+  MP_SIGN(rem) = ZPOS;
+  MP_SIGN(div) = ZPOS;
+
+  /* A working temporary for division     */
+  MP_CHECKOK( mp_init_size(&t, MP_ALLOC(rem)));
+
+  /* Normalize to optimize guessing       */
+  MP_CHECKOK( s_mp_norm(rem, div, &d) );
+
+  part = *rem;
+
+  /* Perform the division itself...woo!   */
+  MP_USED(quot) = MP_ALLOC(quot);
+
+  /* Find a partial substring of rem which is at least div */
+  /* If we didn't find one, we're finished dividing    */
+  while (MP_USED(rem) > MP_USED(div) || s_mp_cmp(rem, div) >= 0) {
+    int i;
+    int unusedRem;
+
+    unusedRem = MP_USED(rem) - MP_USED(div);
+    MP_DIGITS(&part) = MP_DIGITS(rem) + unusedRem;
+    MP_ALLOC(&part)  = MP_ALLOC(rem)  - unusedRem;
+    MP_USED(&part)   = MP_USED(div);
+    if (s_mp_cmp(&part, div) < 0) {
+      -- unusedRem;
+#if MP_ARGCHK == 2
+      assert(unusedRem >= 0);
+#endif
+      -- MP_DIGITS(&part);
+      ++ MP_USED(&part);
+      ++ MP_ALLOC(&part);
+    }
+
+    /* Compute a guess for the next quotient digit       */
+    q_msd = MP_DIGIT(&part, MP_USED(&part) - 1);
+    div_msd = MP_DIGIT(div, MP_USED(div) - 1);
+    if (q_msd >= div_msd) {
+      q_msd = 1;
+    } else if (MP_USED(&part) > 1) {
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_DIV_WORD)
+      q_msd = (q_msd << MP_DIGIT_BIT) | MP_DIGIT(&part, MP_USED(&part) - 2);
+      q_msd /= div_msd;
+      if (q_msd == RADIX)
+        --q_msd;
+#else
+      mp_digit r;
+      MP_CHECKOK( s_mpv_div_2dx1d(q_msd, MP_DIGIT(&part, MP_USED(&part) - 2), 
+				  div_msd, &q_msd, &r) );
+#endif
+    } else {
+      q_msd = 0;
+    }
+#if MP_ARGCHK == 2
+    assert(q_msd > 0); /* This case should never occur any more. */
+#endif
+    if (q_msd <= 0)
+      break;
+
+    /* See what that multiplies out to                   */
+    mp_copy(div, &t);
+    MP_CHECKOK( s_mp_mul_d(&t, (mp_digit)q_msd) );
+
+    /* 
+       If it's too big, back it off.  We should not have to do this
+       more than once, or, in rare cases, twice.  Knuth describes a
+       method by which this could be reduced to a maximum of once, but
+       I didn't implement that here.
+     * When using s_mpv_div_2dx1d, we may have to do this 3 times.
+     */
+    for (i = 4; s_mp_cmp(&t, &part) > 0 && i > 0; --i) {
+      --q_msd;
+      s_mp_sub(&t, div);	/* t -= div */
+    }
+    if (i < 0) {
+      res = MP_RANGE;
+      goto CLEANUP;
+    }
+
+    /* At this point, q_msd should be the right next digit   */
+    MP_CHECKOK( s_mp_sub(&part, &t) );	/* part -= t */
+    s_mp_clamp(rem);
+
+    /*
+      Include the digit in the quotient.  We allocated enough memory
+      for any quotient we could ever possibly get, so we should not
+      have to check for failures here
+     */
+    MP_DIGIT(quot, unusedRem) = (mp_digit)q_msd;
+  }
+
+  /* Denormalize remainder                */
+  if (d) {
+    s_mp_div_2d(rem, d);
+  }
+
+  s_mp_clamp(quot);
+
+CLEANUP:
+  mp_clear(&t);
+
+  return res;
+
+} /* end s_mp_div() */
+
+
+/* }}} */
+
+/* {{{ s_mp_2expt(a, k) */
+
+mp_err   s_mp_2expt(mp_int *a, mp_digit k)
+{
+  mp_err    res;
+  mp_size   dig, bit;
+
+  dig = k / DIGIT_BIT;
+  bit = k % DIGIT_BIT;
+
+  mp_zero(a);
+  if((res = s_mp_pad(a, dig + 1)) != MP_OKAY)
+    return res;
+  
+  DIGIT(a, dig) |= ((mp_digit)1 << bit);
+
+  return MP_OKAY;
+
+} /* end s_mp_2expt() */
+
+/* }}} */
+
+/* {{{ s_mp_reduce(x, m, mu) */
+
+/*
+  Compute Barrett reduction, x (mod m), given a precomputed value for
+  mu = b^2k / m, where b = RADIX and k = #digits(m).  This should be
+  faster than straight division, when many reductions by the same
+  value of m are required (such as in modular exponentiation).  This
+  can nearly halve the time required to do modular exponentiation,
+  as compared to using the full integer divide to reduce.
+
+  This algorithm was derived from the _Handbook of Applied
+  Cryptography_ by Menezes, Oorschot and VanStone, Ch. 14,
+  pp. 603-604.  
+ */
+
+mp_err   s_mp_reduce(mp_int *x, const mp_int *m, const mp_int *mu)
+{
+  mp_int   q;
+  mp_err   res;
+
+  if((res = mp_init_copy(&q, x)) != MP_OKAY)
+    return res;
+
+  s_mp_rshd(&q, USED(m) - 1);  /* q1 = x / b^(k-1)  */
+  s_mp_mul(&q, mu);            /* q2 = q1 * mu      */
+  s_mp_rshd(&q, USED(m) + 1);  /* q3 = q2 / b^(k+1) */
+
+  /* x = x mod b^(k+1), quick (no division) */
+  s_mp_mod_2d(x, DIGIT_BIT * (USED(m) + 1));
+
+  /* q = q * m mod b^(k+1), quick (no division) */
+  s_mp_mul(&q, m);
+  s_mp_mod_2d(&q, DIGIT_BIT * (USED(m) + 1));
+
+  /* x = x - q */
+  if((res = mp_sub(x, &q, x)) != MP_OKAY)
+    goto CLEANUP;
+
+  /* If x < 0, add b^(k+1) to it */
+  if(mp_cmp_z(x) < 0) {
+    mp_set(&q, 1);
+    if((res = s_mp_lshd(&q, USED(m) + 1)) != MP_OKAY)
+      goto CLEANUP;
+    if((res = mp_add(x, &q, x)) != MP_OKAY)
+      goto CLEANUP;
+  }
+
+  /* Back off if it's too big */
+  while(mp_cmp(x, m) >= 0) {
+    if((res = s_mp_sub(x, m)) != MP_OKAY)
+      break;
+  }
+
+ CLEANUP:
+  mp_clear(&q);
+
+  return res;
+
+} /* end s_mp_reduce() */
+
+/* }}} */
+
+/* }}} */
+
+/* {{{ Primitive comparisons */
+
+/* {{{ s_mp_cmp(a, b) */
+
+/* Compare |a| <=> |b|, return 0 if equal, <0 if a<b, >0 if a>b           */
+int      s_mp_cmp(const mp_int *a, const mp_int *b)
+{
+  mp_size used_a = MP_USED(a);
+  {
+    mp_size used_b = MP_USED(b);
+
+    if (used_a > used_b)
+      goto IS_GT;
+    if (used_a < used_b)
+      goto IS_LT;
+  }
+  {
+    mp_digit *pa, *pb;
+    mp_digit da = 0, db = 0;
+
+#define CMP_AB(n) if ((da = pa[n]) != (db = pb[n])) goto done
+
+    pa = MP_DIGITS(a) + used_a;
+    pb = MP_DIGITS(b) + used_a;
+    while (used_a >= 4) {
+      pa     -= 4;
+      pb     -= 4;
+      used_a -= 4;
+      CMP_AB(3);
+      CMP_AB(2);
+      CMP_AB(1);
+      CMP_AB(0);
+    }
+    while (used_a-- > 0 && ((da = *--pa) == (db = *--pb))) 
+      /* do nothing */;
+done:
+    if (da > db)
+      goto IS_GT;
+    if (da < db) 
+      goto IS_LT;
+  }
+  return MP_EQ;
+IS_LT:
+  return MP_LT;
+IS_GT:
+  return MP_GT;
+} /* end s_mp_cmp() */
+
+/* }}} */
+
+/* {{{ s_mp_cmp_d(a, d) */
+
+/* Compare |a| <=> d, return 0 if equal, <0 if a<d, >0 if a>d             */
+int      s_mp_cmp_d(const mp_int *a, mp_digit d)
+{
+  if(USED(a) > 1)
+    return MP_GT;
+
+  if(DIGIT(a, 0) < d)
+    return MP_LT;
+  else if(DIGIT(a, 0) > d)
+    return MP_GT;
+  else
+    return MP_EQ;
+
+} /* end s_mp_cmp_d() */
+
+/* }}} */
+
+/* {{{ s_mp_ispow2(v) */
+
+/*
+  Returns -1 if the value is not a power of two; otherwise, it returns
+  k such that v = 2^k, i.e. lg(v).
+ */
+int      s_mp_ispow2(const mp_int *v)
+{
+  mp_digit d;
+  int      extra = 0, ix;
+
+  ix = MP_USED(v) - 1;
+  d = MP_DIGIT(v, ix); /* most significant digit of v */
+
+  extra = s_mp_ispow2d(d);
+  if (extra < 0 || ix == 0)
+    return extra;
+
+  while (--ix >= 0) {
+    if (DIGIT(v, ix) != 0)
+      return -1; /* not a power of two */
+    extra += MP_DIGIT_BIT;
+  }
+
+  return extra;
+
+} /* end s_mp_ispow2() */
+
+/* }}} */
+
+/* {{{ s_mp_ispow2d(d) */
+
+int      s_mp_ispow2d(mp_digit d)
+{
+  if ((d != 0) && ((d & (d-1)) == 0)) { /* d is a power of 2 */
+    int pow = 0;
+#if defined (MP_USE_UINT_DIGIT)
+    if (d & 0xffff0000U)
+      pow += 16;
+    if (d & 0xff00ff00U)
+      pow += 8;
+    if (d & 0xf0f0f0f0U)
+      pow += 4;
+    if (d & 0xccccccccU)
+      pow += 2;
+    if (d & 0xaaaaaaaaU)
+      pow += 1;
+#elif defined(MP_USE_LONG_LONG_DIGIT)
+    if (d & 0xffffffff00000000ULL)
+      pow += 32;
+    if (d & 0xffff0000ffff0000ULL)
+      pow += 16;
+    if (d & 0xff00ff00ff00ff00ULL)
+      pow += 8;
+    if (d & 0xf0f0f0f0f0f0f0f0ULL)
+      pow += 4;
+    if (d & 0xccccccccccccccccULL)
+      pow += 2;
+    if (d & 0xaaaaaaaaaaaaaaaaULL)
+      pow += 1;
+#elif defined(MP_USE_LONG_DIGIT)
+    if (d & 0xffffffff00000000UL)
+      pow += 32;
+    if (d & 0xffff0000ffff0000UL)
+      pow += 16;
+    if (d & 0xff00ff00ff00ff00UL)
+      pow += 8;
+    if (d & 0xf0f0f0f0f0f0f0f0UL)
+      pow += 4;
+    if (d & 0xccccccccccccccccUL)
+      pow += 2;
+    if (d & 0xaaaaaaaaaaaaaaaaUL)
+      pow += 1;
+#else
+#error "unknown type for mp_digit"
+#endif
+    return pow;
+  }
+  return -1;
+
+} /* end s_mp_ispow2d() */
+
+/* }}} */
+
+/* }}} */
+
+/* {{{ Primitive I/O helpers */
+
+/* {{{ s_mp_tovalue(ch, r) */
+
+/*
+  Convert the given character to its digit value, in the given radix.
+  If the given character is not understood in the given radix, -1 is
+  returned.  Otherwise the digit's numeric value is returned.
+
+  The results will be odd if you use a radix < 2 or > 62, you are
+  expected to know what you're up to.
+ */
+int      s_mp_tovalue(char ch, int r)
+{
+  int    val, xch;
+  
+  if(r > 36)
+    xch = ch;
+  else
+    xch = toupper(ch);
+
+  if(isdigit(xch))
+    val = xch - '0';
+  else if(isupper(xch))
+    val = xch - 'A' + 10;
+  else if(islower(xch))
+    val = xch - 'a' + 36;
+  else if(xch == '+')
+    val = 62;
+  else if(xch == '/')
+    val = 63;
+  else 
+    return -1;
+
+  if(val < 0 || val >= r)
+    return -1;
+
+  return val;
+
+} /* end s_mp_tovalue() */
+
+/* }}} */
+
+/* {{{ s_mp_todigit(val, r, low) */
+
+/*
+  Convert val to a radix-r digit, if possible.  If val is out of range
+  for r, returns zero.  Otherwise, returns an ASCII character denoting
+  the value in the given radix.
+
+  The results may be odd if you use a radix < 2 or > 64, you are
+  expected to know what you're doing.
+ */
+  
+char     s_mp_todigit(mp_digit val, int r, int low)
+{
+  char   ch;
+
+  if(val >= r)
+    return 0;
+
+  ch = s_dmap_1[val];
+
+  if(r <= 36 && low)
+    ch = tolower(ch);
+
+  return ch;
+
+} /* end s_mp_todigit() */
+
+/* }}} */
+
+/* {{{ s_mp_outlen(bits, radix) */
+
+/* 
+   Return an estimate for how long a string is needed to hold a radix
+   r representation of a number with 'bits' significant bits, plus an
+   extra for a zero terminator (assuming C style strings here)
+ */
+int      s_mp_outlen(int bits, int r)
+{
+  return (int)((double)bits * LOG_V_2(r) + 1.5) + 1;
+
+} /* end s_mp_outlen() */
+
+/* }}} */
+
+/* }}} */
+
+/* {{{ mp_read_unsigned_octets(mp, str, len) */
+/* mp_read_unsigned_octets(mp, str, len)
+   Read in a raw value (base 256) into the given mp_int
+   No sign bit, number is positive.  Leading zeros ignored.
+ */
+
+mp_err  
+mp_read_unsigned_octets(mp_int *mp, const unsigned char *str, mp_size len)
+{
+  int            count;
+  mp_err         res;
+  mp_digit       d;
+
+  ARGCHK(mp != NULL && str != NULL && len > 0, MP_BADARG);
+
+  mp_zero(mp);
+
+  count = len % sizeof(mp_digit);
+  if (count) {
+    for (d = 0; count-- > 0; --len) {
+      d = (d << 8) | *str++;
+    }
+    MP_DIGIT(mp, 0) = d;
+  }
+
+  /* Read the rest of the digits */
+  for(; len > 0; len -= sizeof(mp_digit)) {
+    for (d = 0, count = sizeof(mp_digit); count > 0; --count) {
+      d = (d << 8) | *str++;
+    }
+    if (MP_EQ == mp_cmp_z(mp)) {
+      if (!d)
+	continue;
+    } else {
+      if((res = s_mp_lshd(mp, 1)) != MP_OKAY)
+	return res;
+    }
+    MP_DIGIT(mp, 0) = d;
+  }
+  return MP_OKAY;
+} /* end mp_read_unsigned_octets() */
+/* }}} */
+
+/* {{{ mp_unsigned_octet_size(mp) */
+int    
+mp_unsigned_octet_size(const mp_int *mp)
+{
+  int  bytes;
+  int  ix;
+  mp_digit  d = 0;
+
+  ARGCHK(mp != NULL, MP_BADARG);
+  ARGCHK(MP_ZPOS == SIGN(mp), MP_BADARG);
+
+  bytes = (USED(mp) * sizeof(mp_digit));
+
+  /* subtract leading zeros. */
+  /* Iterate over each digit... */
+  for(ix = USED(mp) - 1; ix >= 0; ix--) {
+    d = DIGIT(mp, ix);
+    if (d) 
+	break;
+    bytes -= sizeof(d);
+  }
+  if (!bytes)
+    return 1;
+
+  /* Have MSD, check digit bytes, high order first */
+  for(ix = sizeof(mp_digit) - 1; ix >= 0; ix--) {
+    unsigned char x = (unsigned char)(d >> (ix * CHAR_BIT));
+    if (x) 
+	break;
+    --bytes;
+  }
+  return bytes;
+} /* end mp_unsigned_octet_size() */
+/* }}} */
+
+/* {{{ mp_to_unsigned_octets(mp, str) */
+/* output a buffer of big endian octets no longer than specified. */
+mp_err 
+mp_to_unsigned_octets(const mp_int *mp, unsigned char *str, mp_size maxlen)
+{
+  int  ix, pos = 0;
+  int  bytes;
+
+  ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG);
+
+  bytes = mp_unsigned_octet_size(mp);
+  ARGCHK(bytes <= maxlen, MP_BADARG);
+
+  /* Iterate over each digit... */
+  for(ix = USED(mp) - 1; ix >= 0; ix--) {
+    mp_digit  d = DIGIT(mp, ix);
+    int       jx;
+
+    /* Unpack digit bytes, high order first */
+    for(jx = sizeof(mp_digit) - 1; jx >= 0; jx--) {
+      unsigned char x = (unsigned char)(d >> (jx * CHAR_BIT));
+      if (!pos && !x)	/* suppress leading zeros */
+	continue;
+      str[pos++] = x;
+    }
+  }
+  if (!pos)
+    str[pos++] = 0;
+  return pos;
+} /* end mp_to_unsigned_octets() */
+/* }}} */
+
+/* {{{ mp_to_signed_octets(mp, str) */
+/* output a buffer of big endian octets no longer than specified. */
+mp_err 
+mp_to_signed_octets(const mp_int *mp, unsigned char *str, mp_size maxlen)
+{
+  int  ix, pos = 0;
+  int  bytes;
+
+  ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG);
+
+  bytes = mp_unsigned_octet_size(mp);
+  ARGCHK(bytes <= maxlen, MP_BADARG);
+
+  /* Iterate over each digit... */
+  for(ix = USED(mp) - 1; ix >= 0; ix--) {
+    mp_digit  d = DIGIT(mp, ix);
+    int       jx;
+
+    /* Unpack digit bytes, high order first */
+    for(jx = sizeof(mp_digit) - 1; jx >= 0; jx--) {
+      unsigned char x = (unsigned char)(d >> (jx * CHAR_BIT));
+      if (!pos) {
+	if (!x)		/* suppress leading zeros */
+	  continue;
+	if (x & 0x80) { /* add one leading zero to make output positive.  */
+	  ARGCHK(bytes + 1 <= maxlen, MP_BADARG);
+	  if (bytes + 1 > maxlen)
+	    return MP_BADARG;
+	  str[pos++] = 0;
+	}
+      }
+      str[pos++] = x;
+    }
+  }
+  if (!pos)
+    str[pos++] = 0;
+  return pos;
+} /* end mp_to_signed_octets() */
+/* }}} */
+
+/* {{{ mp_to_fixlen_octets(mp, str) */
+/* output a buffer of big endian octets exactly as long as requested. */
+mp_err 
+mp_to_fixlen_octets(const mp_int *mp, unsigned char *str, mp_size length)
+{
+  int  ix, pos = 0;
+  int  bytes;
+
+  ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG);
+
+  bytes = mp_unsigned_octet_size(mp);
+  ARGCHK(bytes <= length, MP_BADARG);
+
+  /* place any needed leading zeros */
+  for (;length > bytes; --length) {
+	*str++ = 0;
+  }
+
+  /* Iterate over each digit... */
+  for(ix = USED(mp) - 1; ix >= 0; ix--) {
+    mp_digit  d = DIGIT(mp, ix);
+    int       jx;
+
+    /* Unpack digit bytes, high order first */
+    for(jx = sizeof(mp_digit) - 1; jx >= 0; jx--) {
+      unsigned char x = (unsigned char)(d >> (jx * CHAR_BIT));
+      if (!pos && !x)	/* suppress leading zeros */
+	continue;
+      str[pos++] = x;
+    }
+  }
+  if (!pos)
+    str[pos++] = 0;
+  return MP_OKAY;
+} /* end mp_to_fixlen_octets() */
+/* }}} */
+
+
+/*------------------------------------------------------------------------*/
+/* HERE THERE BE DRAGONS                                                  */
diff --git a/security/nss/lib/freebl/mpi/mpi.h b/security/nss/lib/freebl/mpi/mpi.h
new file mode 100644
index 000000000..788d65205
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mpi.h
@@ -0,0 +1,336 @@
+/*
+ *  mpi.h
+ *
+ *  Arbitrary precision integer arithmetic library
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Netscape Communications Corporation
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#ifndef _H_MPI_
+#define _H_MPI_
+
+#include "mpi-config.h"
+
+#if MP_DEBUG
+#undef MP_IOFUNC
+#define MP_IOFUNC 1
+#endif
+
+#if MP_IOFUNC
+#include <stdio.h>
+#include <ctype.h>
+#endif
+
+#include <limits.h>
+
+#if defined(BSDI)
+#undef ULLONG_MAX
+#endif
+
+#if defined( macintosh )
+#include <Types.h>
+#elif defined( _WIN32_WCE)
+/* #include <sys/types.h> What do we need here ?? */
+#else
+#include <sys/types.h>
+#endif
+
+#define  MP_NEG    1
+#define  MP_ZPOS   0
+
+#define  MP_OKAY          0 /* no error, all is well */
+#define  MP_YES           0 /* yes (boolean result)  */
+#define  MP_NO           -1 /* no (boolean result)   */
+#define  MP_MEM          -2 /* out of memory         */
+#define  MP_RANGE        -3 /* argument out of range */
+#define  MP_BADARG       -4 /* invalid parameter     */
+#define  MP_UNDEF        -5 /* answer is undefined   */
+#define  MP_LAST_CODE    MP_UNDEF
+
+typedef unsigned int      mp_sign;
+typedef unsigned int      mp_size;
+typedef int               mp_err;
+
+#define MP_32BIT_MAX 4294967295U
+
+#if !defined(ULONG_MAX) 
+#error "ULONG_MAX not defined"
+#elif !defined(UINT_MAX)
+#error "UINT_MAX not defined"
+#elif !defined(USHRT_MAX)
+#error "USHRT_MAX not defined"
+#endif
+
+#if defined(ULONG_LONG_MAX)			/* GCC, HPUX */
+#define MP_ULONG_LONG_MAX ULONG_LONG_MAX
+#elif defined(ULLONG_MAX)			/* Solaris */
+#define MP_ULONG_LONG_MAX ULLONG_MAX
+/* MP_ULONG_LONG_MAX was defined to be ULLONG_MAX */
+#elif defined(ULONGLONG_MAX)			/* IRIX, AIX */
+#define MP_ULONG_LONG_MAX ULONGLONG_MAX
+#endif
+
+/* We only use unsigned long for mp_digit iff long is more than 32 bits. */
+#if !defined(MP_USE_UINT_DIGIT) && ULONG_MAX > MP_32BIT_MAX
+typedef unsigned long     mp_digit;
+#define MP_DIGIT_MAX      ULONG_MAX
+#define MP_DIGIT_FMT      "%016lX"   /* printf() format for 1 digit */
+#define MP_HALF_DIGIT_MAX UINT_MAX
+#undef  MP_NO_MP_WORD
+#define MP_NO_MP_WORD 1
+#undef  MP_USE_LONG_DIGIT
+#define MP_USE_LONG_DIGIT 1
+#undef  MP_USE_LONG_LONG_DIGIT
+
+#elif !defined(MP_USE_UINT_DIGIT) && defined(MP_ULONG_LONG_MAX) 
+typedef unsigned long long mp_digit;
+#define MP_DIGIT_MAX       MP_ULONG_LONG_MAX
+#define MP_DIGIT_FMT      "%016llX"  /* printf() format for 1 digit */
+#define MP_HALF_DIGIT_MAX  UINT_MAX
+#undef  MP_NO_MP_WORD
+#define MP_NO_MP_WORD 1
+#undef  MP_USE_LONG_LONG_DIGIT
+#define MP_USE_LONG_LONG_DIGIT 1
+#undef  MP_USE_LONG_DIGIT
+
+#else
+typedef unsigned int      mp_digit;
+#define MP_DIGIT_MAX      UINT_MAX
+#define MP_DIGIT_FMT      "%08X"     /* printf() format for 1 digit */
+#define MP_HALF_DIGIT_MAX USHRT_MAX
+#undef  MP_USE_UINT_DIGIT
+#define MP_USE_UINT_DIGIT 1
+#undef  MP_USE_LONG_LONG_DIGIT
+#undef  MP_USE_LONG_DIGIT
+#endif
+
+#if !defined(MP_NO_MP_WORD) 
+#if  defined(MP_USE_UINT_DIGIT) && \
+    (defined(MP_ULONG_LONG_MAX) || (ULONG_MAX > UINT_MAX))
+
+#if (ULONG_MAX > UINT_MAX)
+typedef unsigned long     mp_word;
+typedef          long     mp_sword;
+#define MP_WORD_MAX       ULONG_MAX
+
+#else
+typedef unsigned long long mp_word;
+typedef          long long mp_sword;
+#define MP_WORD_MAX       MP_ULONG_LONG_MAX
+#endif
+
+#else 
+#define MP_NO_MP_WORD 1
+#endif
+#endif /* !defined(MP_NO_MP_WORD) */
+
+#if !defined(MP_WORD_MAX) && defined(MP_DEFINE_SMALL_WORD)
+typedef unsigned int      mp_word;
+typedef          int      mp_sword;
+#define MP_WORD_MAX       UINT_MAX
+#endif
+
+#define MP_DIGIT_BIT      (CHAR_BIT*sizeof(mp_digit))
+#define MP_WORD_BIT       (CHAR_BIT*sizeof(mp_word))
+#define MP_RADIX          (1+(mp_word)MP_DIGIT_MAX)
+
+#define MP_HALF_DIGIT_BIT (MP_DIGIT_BIT/2)
+#define MP_HALF_RADIX     (1+(mp_digit)MP_HALF_DIGIT_MAX)
+/* MP_HALF_RADIX really ought to be called MP_SQRT_RADIX, but it's named 
+** MP_HALF_RADIX because it's the radix for MP_HALF_DIGITs, and it's 
+** consistent with the other _HALF_ names.
+*/
+
+
+/* Macros for accessing the mp_int internals           */
+#define  MP_SIGN(MP)     ((MP)->sign)
+#define  MP_USED(MP)     ((MP)->used)
+#define  MP_ALLOC(MP)    ((MP)->alloc)
+#define  MP_DIGITS(MP)   ((MP)->dp)
+#define  MP_DIGIT(MP,N)  (MP)->dp[(N)]
+
+/* This defines the maximum I/O base (minimum is 2)   */
+#define MP_MAX_RADIX         64
+
+typedef struct {
+  mp_sign       sign;    /* sign of this quantity      */
+  mp_size       alloc;   /* how many digits allocated  */
+  mp_size       used;    /* how many digits used       */
+  mp_digit     *dp;      /* the digits themselves      */
+} mp_int;
+
+/* Default precision       */
+mp_size mp_get_prec(void);
+void    mp_set_prec(mp_size prec);
+
+/* Memory management       */
+mp_err mp_init(mp_int *mp);
+mp_err mp_init_size(mp_int *mp, mp_size prec);
+mp_err mp_init_copy(mp_int *mp, const mp_int *from);
+mp_err mp_copy(const mp_int *from, mp_int *to);
+void   mp_exch(mp_int *mp1, mp_int *mp2);
+void   mp_clear(mp_int *mp);
+void   mp_zero(mp_int *mp);
+void   mp_set(mp_int *mp, mp_digit d);
+mp_err mp_set_int(mp_int *mp, long z);
+#define mp_set_long(mp,z) mp_set_int(mp,z)
+mp_err mp_set_ulong(mp_int *mp, unsigned long z);
+
+/* Single digit arithmetic */
+mp_err mp_add_d(const mp_int *a, mp_digit d, mp_int *b);
+mp_err mp_sub_d(const mp_int *a, mp_digit d, mp_int *b);
+mp_err mp_mul_d(const mp_int *a, mp_digit d, mp_int *b);
+mp_err mp_mul_2(const mp_int *a, mp_int *c);
+mp_err mp_div_d(const mp_int *a, mp_digit d, mp_int *q, mp_digit *r);
+mp_err mp_div_2(const mp_int *a, mp_int *c);
+mp_err mp_expt_d(const mp_int *a, mp_digit d, mp_int *c);
+
+/* Sign manipulations      */
+mp_err mp_abs(const mp_int *a, mp_int *b);
+mp_err mp_neg(const mp_int *a, mp_int *b);
+
+/* Full arithmetic         */
+mp_err mp_add(const mp_int *a, const mp_int *b, mp_int *c);
+mp_err mp_sub(const mp_int *a, const mp_int *b, mp_int *c);
+mp_err mp_mul(const mp_int *a, const mp_int *b, mp_int *c);
+#if MP_SQUARE
+mp_err mp_sqr(const mp_int *a, mp_int *b);
+#else
+#define mp_sqr(a, b) mp_mul(a, a, b)
+#endif
+mp_err mp_div(const mp_int *a, const mp_int *b, mp_int *q, mp_int *r);
+mp_err mp_div_2d(const mp_int *a, mp_digit d, mp_int *q, mp_int *r);
+mp_err mp_expt(mp_int *a, mp_int *b, mp_int *c);
+mp_err mp_2expt(mp_int *a, mp_digit k);
+mp_err mp_sqrt(const mp_int *a, mp_int *b);
+
+/* Modular arithmetic      */
+#if MP_MODARITH
+mp_err mp_mod(const mp_int *a, const mp_int *m, mp_int *c);
+mp_err mp_mod_d(const mp_int *a, mp_digit d, mp_digit *c);
+mp_err mp_addmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c);
+mp_err mp_submod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c);
+mp_err mp_mulmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c);
+#if MP_SQUARE
+mp_err mp_sqrmod(const mp_int *a, const mp_int *m, mp_int *c);
+#else
+#define mp_sqrmod(a, m, c) mp_mulmod(a, a, m, c)
+#endif
+mp_err mp_exptmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c);
+mp_err mp_exptmod_d(const mp_int *a, mp_digit d, const mp_int *m, mp_int *c);
+#endif /* MP_MODARITH */
+
+/* Comparisons             */
+int    mp_cmp_z(const mp_int *a);
+int    mp_cmp_d(const mp_int *a, mp_digit d);
+int    mp_cmp(const mp_int *a, const mp_int *b);
+int    mp_cmp_mag(mp_int *a, mp_int *b);
+int    mp_cmp_int(const mp_int *a, long z);
+int    mp_isodd(const mp_int *a);
+int    mp_iseven(const mp_int *a);
+
+/* Number theoretic        */
+#if MP_NUMTH
+mp_err mp_gcd(mp_int *a, mp_int *b, mp_int *c);
+mp_err mp_lcm(mp_int *a, mp_int *b, mp_int *c);
+mp_err mp_xgcd(const mp_int *a, const mp_int *b, mp_int *g, mp_int *x, mp_int *y);
+mp_err mp_invmod(const mp_int *a, const mp_int *m, mp_int *c);
+mp_err mp_invmod_xgcd(const mp_int *a, const mp_int *m, mp_int *c);
+#endif /* end MP_NUMTH */
+
+/* Input and output        */
+#if MP_IOFUNC
+void   mp_print(mp_int *mp, FILE *ofp);
+#endif /* end MP_IOFUNC */
+
+/* Base conversion         */
+mp_err mp_read_raw(mp_int *mp, char *str, int len);
+int    mp_raw_size(mp_int *mp);
+mp_err mp_toraw(mp_int *mp, char *str);
+mp_err mp_read_radix(mp_int *mp, const char *str, int radix);
+mp_err mp_read_variable_radix(mp_int *a, const char * str, int default_radix);
+int    mp_radix_size(mp_int *mp, int radix);
+mp_err mp_toradix(mp_int *mp, char *str, int radix);
+int    mp_tovalue(char ch, int r);
+
+#define mp_tobinary(M, S)  mp_toradix((M), (S), 2)
+#define mp_tooctal(M, S)   mp_toradix((M), (S), 8)
+#define mp_todecimal(M, S) mp_toradix((M), (S), 10)
+#define mp_tohex(M, S)     mp_toradix((M), (S), 16)
+
+/* Error strings           */
+const  char  *mp_strerror(mp_err ec);
+
+/* Octet string conversion functions */
+mp_err mp_read_unsigned_octets(mp_int *mp, const unsigned char *str, mp_size len);
+int    mp_unsigned_octet_size(const mp_int *mp);
+mp_err mp_to_unsigned_octets(const mp_int *mp, unsigned char *str, mp_size maxlen);
+mp_err mp_to_signed_octets(const mp_int *mp, unsigned char *str, mp_size maxlen);
+mp_err mp_to_fixlen_octets(const mp_int *mp, unsigned char *str, mp_size len);
+
+/* Miscellaneous */
+mp_size mp_trailing_zeros(const mp_int *mp);
+
+#define MP_CHECKOK(x)  if (MP_OKAY > (res = (x))) goto CLEANUP
+#define MP_CHECKERR(x) if (MP_OKAY > (res = (x))) goto CLEANUP
+
+#if defined(MP_API_COMPATIBLE)
+#define NEG             MP_NEG
+#define ZPOS            MP_ZPOS
+#define DIGIT_MAX       MP_DIGIT_MAX
+#define DIGIT_BIT       MP_DIGIT_BIT
+#define DIGIT_FMT       MP_DIGIT_FMT
+#define RADIX           MP_RADIX
+#define MAX_RADIX       MP_MAX_RADIX
+#define SIGN(MP)        MP_SIGN(MP)
+#define USED(MP)        MP_USED(MP)
+#define ALLOC(MP)       MP_ALLOC(MP)
+#define DIGITS(MP)      MP_DIGITS(MP)
+#define DIGIT(MP,N)     MP_DIGIT(MP,N)
+
+#if MP_ARGCHK == 1
+#define  ARGCHK(X,Y)  {if(!(X)){return (Y);}}
+#elif MP_ARGCHK == 2
+#include <assert.h>
+#define  ARGCHK(X,Y)  assert(X)
+#else
+#define  ARGCHK(X,Y)  /*  */
+#endif
+#endif /* defined MP_API_COMPATIBLE */
+
+#endif /* end _H_MPI_ */
diff --git a/security/nss/lib/freebl/mpi/mpi_amd64.c b/security/nss/lib/freebl/mpi/mpi_amd64.c
new file mode 100644
index 000000000..5befb8753
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mpi_amd64.c
@@ -0,0 +1,65 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Solaris software cryptographic token.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems, Inc.
+ * Portions created by the Initial Developer are Copyright (C) 2005
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Sun Microsystems, Inc.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#ifndef MPI_AMD64
+#error This file only works on AMD64 platforms.
+#endif
+
+#include <mpi-priv.h>
+
+/*
+ * MPI glue
+ *
+ */
+
+/* Presently, this is only used by the Montgomery arithmetic code. */
+/* c += a * b */
+void MPI_ASM_DECL s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len,
+                                       mp_digit b, mp_digit *c)
+{
+  mp_digit w;
+  mp_digit d;
+
+  d = s_mpv_mul_add_vec64(c, a, a_len, b);
+  c += a_len;
+  while (d) {
+    w = c[0] + d;
+    d = (w < c[0] || w < d);
+    *c++ = w;
+  }
+}
+
diff --git a/security/nss/lib/freebl/mpi/mpi_amd64_gas.s b/security/nss/lib/freebl/mpi/mpi_amd64_gas.s
new file mode 100644
index 000000000..86e16e362
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mpi_amd64_gas.s
@@ -0,0 +1,422 @@
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+# 
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+# 
+# The Original Code is the Solaris software cryptographic token.
+# 
+# The Initial Developer of the Original Code is
+# Sun Microsystems, Inc.
+# Portions created by the Initial Developer are Copyright (C) 2005
+# the Initial Developer. All Rights Reserved.
+# 
+# Contributor(s):
+#   Sun Microsystems, Inc.
+# 
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+# 
+# ***** END LICENSE BLOCK ***** */
+
+
+# ------------------------------------------------------------------------
+#
+#  Implementation of s_mpv_mul_set_vec which exploits
+#  the 64X64->128 bit  unsigned multiply instruction.
+#
+# ------------------------------------------------------------------------
+
+# r = a * digit, r and a are vectors of length len
+# returns the carry digit
+# r and a are 64 bit aligned.
+#
+# uint64_t
+# s_mpv_mul_set_vec64(uint64_t *r, uint64_t *a, int len, uint64_t digit)
+#
+
+.text; .align 16; .globl s_mpv_mul_set_vec64; .type s_mpv_mul_set_vec64, @function; s_mpv_mul_set_vec64:
+
+	xorq	%rax, %rax		# if (len == 0) return (0)
+	testq	%rdx, %rdx
+	jz	.L17
+
+	movq	%rdx, %r8		# Use r8 for len; %rdx is used by mul
+	xorq	%r9, %r9		# cy = 0
+
+.L15:
+	cmpq	$8, %r8			# 8 - len
+	jb	.L16
+	movq	0(%rsi), %rax		# rax = a[0]
+	movq	8(%rsi), %r11		# prefetch a[1]
+	mulq	%rcx			# p = a[0] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 0(%rdi)		# r[0] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	movq	%r11, %rax
+	movq	16(%rsi), %r11		# prefetch a[2]
+	mulq	%rcx			# p = a[1] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 8(%rdi)		# r[1] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	movq	%r11, %rax
+	movq	24(%rsi), %r11		# prefetch a[3]
+	mulq	%rcx			# p = a[2] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 16(%rdi)		# r[2] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	movq	%r11, %rax
+	movq	32(%rsi), %r11		# prefetch a[4]
+	mulq	%rcx			# p = a[3] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 24(%rdi)		# r[3] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	movq	%r11, %rax
+	movq	40(%rsi), %r11		# prefetch a[5]
+	mulq	%rcx			# p = a[4] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 32(%rdi)		# r[4] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	movq	%r11, %rax
+	movq	48(%rsi), %r11		# prefetch a[6]
+	mulq	%rcx			# p = a[5] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 40(%rdi)		# r[5] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	movq	%r11, %rax
+	movq	56(%rsi), %r11		# prefetch a[7]
+	mulq	%rcx			# p = a[6] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 48(%rdi)		# r[6] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	movq	%r11, %rax
+	mulq	%rcx			# p = a[7] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 56(%rdi)		# r[7] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	addq	$64, %rsi
+	addq	$64, %rdi
+	subq	$8, %r8
+
+	jz	.L17
+	jmp	.L15
+
+.L16:
+	movq	0(%rsi), %rax
+	mulq	%rcx			# p = a[0] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 0(%rdi)		# r[0] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+	decq	%r8
+	jz	.L17
+
+	movq	8(%rsi), %rax
+	mulq	%rcx			# p = a[1] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 8(%rdi)		# r[1] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+	decq	%r8
+	jz	.L17
+
+	movq	16(%rsi), %rax
+	mulq	%rcx			# p = a[2] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 16(%rdi)		# r[2] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+	decq	%r8
+	jz	.L17
+
+	movq	24(%rsi), %rax
+	mulq	%rcx			# p = a[3] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 24(%rdi)		# r[3] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+	decq	%r8
+	jz	.L17
+
+	movq	32(%rsi), %rax
+	mulq	%rcx			# p = a[4] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 32(%rdi)		# r[4] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+	decq	%r8
+	jz	.L17
+
+	movq	40(%rsi), %rax
+	mulq	%rcx			# p = a[5] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 40(%rdi)		# r[5] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+	decq	%r8
+	jz	.L17
+
+	movq	48(%rsi), %rax
+	mulq	%rcx			# p = a[6] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 48(%rdi)		# r[6] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+	decq	%r8
+	jz	.L17
+
+
+.L17:
+	movq	%r9, %rax
+	ret
+
+.size s_mpv_mul_set_vec64, [.-s_mpv_mul_set_vec64]
+
+# ------------------------------------------------------------------------
+#
+#  Implementation of s_mpv_mul_add_vec which exploits
+#  the 64X64->128 bit  unsigned multiply instruction.
+#
+# ------------------------------------------------------------------------
+
+# r += a * digit, r and a are vectors of length len
+# returns the carry digit
+# r and a are 64 bit aligned.
+#
+# uint64_t
+# s_mpv_mul_add_vec64(uint64_t *r, uint64_t *a, int len, uint64_t digit)
+#
+
+.text; .align 16; .globl s_mpv_mul_add_vec64; .type s_mpv_mul_add_vec64, @function; s_mpv_mul_add_vec64:
+
+	xorq	%rax, %rax		# if (len == 0) return (0)
+	testq	%rdx, %rdx
+	jz	.L27
+
+	movq	%rdx, %r8		# Use r8 for len; %rdx is used by mul
+	xorq	%r9, %r9		# cy = 0
+
+.L25:
+	cmpq	$8, %r8			# 8 - len
+	jb	.L26
+	movq	0(%rsi), %rax		# rax = a[0]
+	movq	0(%rdi), %r10		# r10 = r[0]
+	movq	8(%rsi), %r11		# prefetch a[1]
+	mulq	%rcx			# p = a[0] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		# p += r[0]
+	movq	8(%rdi), %r10		# prefetch r[1]
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 0(%rdi)		# r[0] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	movq	%r11, %rax
+	movq	16(%rsi), %r11		# prefetch a[2]
+	mulq	%rcx			# p = a[1] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		# p += r[1]
+	movq	16(%rdi), %r10		# prefetch r[2]
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 8(%rdi)		# r[1] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	movq	%r11, %rax
+	movq	24(%rsi), %r11		# prefetch a[3]
+	mulq	%rcx			# p = a[2] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		# p += r[2]
+	movq	24(%rdi), %r10		# prefetch r[3]
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 16(%rdi)		# r[2] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	movq	%r11, %rax
+	movq	32(%rsi), %r11		# prefetch a[4]
+	mulq	%rcx			# p = a[3] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		# p += r[3]
+	movq	32(%rdi), %r10		# prefetch r[4]
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 24(%rdi)		# r[3] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	movq	%r11, %rax
+	movq	40(%rsi), %r11		# prefetch a[5]
+	mulq	%rcx			# p = a[4] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		# p += r[4]
+	movq	40(%rdi), %r10		# prefetch r[5]
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 32(%rdi)		# r[4] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	movq	%r11, %rax
+	movq	48(%rsi), %r11		# prefetch a[6]
+	mulq	%rcx			# p = a[5] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		# p += r[5]
+	movq	48(%rdi), %r10		# prefetch r[6]
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 40(%rdi)		# r[5] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	movq	%r11, %rax
+	movq	56(%rsi), %r11		# prefetch a[7]
+	mulq	%rcx			# p = a[6] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		# p += r[6]
+	movq	56(%rdi), %r10		# prefetch r[7]
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 48(%rdi)		# r[6] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	movq	%r11, %rax
+	mulq	%rcx			# p = a[7] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		# p += r[7]
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 56(%rdi)		# r[7] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	addq	$64, %rsi
+	addq	$64, %rdi
+	subq	$8, %r8
+
+	jz	.L27
+	jmp	.L25
+
+.L26:
+	movq	0(%rsi), %rax
+	movq	0(%rdi), %r10
+	mulq	%rcx			# p = a[0] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		# p += r[0]
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 0(%rdi)		# r[0] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+	decq	%r8
+	jz	.L27
+
+	movq	8(%rsi), %rax
+	movq	8(%rdi), %r10
+	mulq	%rcx			# p = a[1] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		# p += r[1]
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 8(%rdi)		# r[1] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+	decq	%r8
+	jz	.L27
+
+	movq	16(%rsi), %rax
+	movq	16(%rdi), %r10
+	mulq	%rcx			# p = a[2] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		# p += r[2]
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 16(%rdi)		# r[2] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+	decq	%r8
+	jz	.L27
+
+	movq	24(%rsi), %rax
+	movq	24(%rdi), %r10
+	mulq	%rcx			# p = a[3] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		# p += r[3]
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 24(%rdi)		# r[3] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+	decq	%r8
+	jz	.L27
+
+	movq	32(%rsi), %rax
+	movq	32(%rdi), %r10
+	mulq	%rcx			# p = a[4] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		# p += r[4]
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 32(%rdi)		# r[4] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+	decq	%r8
+	jz	.L27
+
+	movq	40(%rsi), %rax
+	movq	40(%rdi), %r10
+	mulq	%rcx			# p = a[5] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		# p += r[5]
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 40(%rdi)		# r[5] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+	decq	%r8
+	jz	.L27
+
+	movq	48(%rsi), %rax
+	movq	48(%rdi), %r10
+	mulq	%rcx			# p = a[6] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		# p += r[6]
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 48(%rdi)		# r[6] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+	decq	%r8
+	jz	.L27
+
+
+.L27:
+	movq	%r9, %rax
+	ret
+        
+.size s_mpv_mul_add_vec64, [.-s_mpv_mul_add_vec64]
+
+# Magic indicating no need for an executable stack
+.section .note.GNU-stack, "", @progbits
+.previous
diff --git a/security/nss/lib/freebl/mpi/mpi_amd64_sun.s b/security/nss/lib/freebl/mpi/mpi_amd64_sun.s
new file mode 100644
index 000000000..ac7107415
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mpi_amd64_sun.s
@@ -0,0 +1,418 @@
+/ ***** BEGIN LICENSE BLOCK *****
+/ Version: MPL 1.1/GPL 2.0/LGPL 2.1
+/ 
+/ The contents of this file are subject to the Mozilla Public License Version
+/ 1.1 (the "License"); you may not use this file except in compliance with
+/ the License. You may obtain a copy of the License at
+/ http://www.mozilla.org/MPL/
+/ 
+/ Software distributed under the License is distributed on an "AS IS" basis,
+/ WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+/ for the specific language governing rights and limitations under the
+/ License.
+/ 
+/ The Original Code is the Solaris software cryptographic token.
+/ 
+/ The Initial Developer of the Original Code is
+/ Sun Microsystems, Inc.
+/ Portions created by the Initial Developer are Copyright (C) 2005
+/ the Initial Developer. All Rights Reserved.
+/ 
+/ Contributor(s):
+/   Sun Microsystems, Inc.
+/ 
+/ Alternatively, the contents of this file may be used under the terms of
+/ either the GNU General Public License Version 2 or later (the "GPL"), or
+/ the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+/ in which case the provisions of the GPL or the LGPL are applicable instead
+/ of those above. If you wish to allow use of your version of this file only
+/ under the terms of either the GPL or the LGPL, and not to allow others to
+/ use your version of this file under the terms of the MPL, indicate your
+/ decision by deleting the provisions above and replace them with the notice
+/ and other provisions required by the GPL or the LGPL. If you do not delete
+/ the provisions above, a recipient may use your version of this file under
+/ the terms of any one of the MPL, the GPL or the LGPL.
+/ 
+/ ***** END LICENSE BLOCK ***** */
+
+
+/ ------------------------------------------------------------------------
+/
+/  Implementation of s_mpv_mul_set_vec which exploits
+/  the 64X64->128 bit  unsigned multiply instruction.
+/
+/ ------------------------------------------------------------------------
+
+/ r = a * digit, r and a are vectors of length len
+/ returns the carry digit
+/ r and a are 64 bit aligned.
+/
+/ uint64_t
+/ s_mpv_mul_set_vec64(uint64_t *r, uint64_t *a, int len, uint64_t digit)
+/
+
+.text; .align 16; .globl s_mpv_mul_set_vec64; .type s_mpv_mul_set_vec64, @function; s_mpv_mul_set_vec64:
+
+	xorq	%rax, %rax		/ if (len == 0) return (0)
+	testq	%rdx, %rdx
+	jz	.L17
+
+	movq	%rdx, %r8		/ Use r8 for len; %rdx is used by mul
+	xorq	%r9, %r9		/ cy = 0
+
+.L15:
+	cmpq	$8, %r8			/ 8 - len
+	jb	.L16
+	movq	0(%rsi), %rax		/ rax = a[0]
+	movq	8(%rsi), %r11		/ prefetch a[1]
+	mulq	%rcx			/ p = a[0] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 0(%rdi)		/ r[0] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	movq	%r11, %rax
+	movq	16(%rsi), %r11		/ prefetch a[2]
+	mulq	%rcx			/ p = a[1] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 8(%rdi)		/ r[1] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	movq	%r11, %rax
+	movq	24(%rsi), %r11		/ prefetch a[3]
+	mulq	%rcx			/ p = a[2] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 16(%rdi)		/ r[2] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	movq	%r11, %rax
+	movq	32(%rsi), %r11		/ prefetch a[4]
+	mulq	%rcx			/ p = a[3] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 24(%rdi)		/ r[3] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	movq	%r11, %rax
+	movq	40(%rsi), %r11		/ prefetch a[5]
+	mulq	%rcx			/ p = a[4] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 32(%rdi)		/ r[4] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	movq	%r11, %rax
+	movq	48(%rsi), %r11		/ prefetch a[6]
+	mulq	%rcx			/ p = a[5] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 40(%rdi)		/ r[5] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	movq	%r11, %rax
+	movq	56(%rsi), %r11		/ prefetch a[7]
+	mulq	%rcx			/ p = a[6] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 48(%rdi)		/ r[6] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	movq	%r11, %rax
+	mulq	%rcx			/ p = a[7] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 56(%rdi)		/ r[7] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	addq	$64, %rsi
+	addq	$64, %rdi
+	subq	$8, %r8
+
+	jz	.L17
+	jmp	.L15
+
+.L16:
+	movq	0(%rsi), %rax
+	mulq	%rcx			/ p = a[0] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 0(%rdi)		/ r[0] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+	decq	%r8
+	jz	.L17
+
+	movq	8(%rsi), %rax
+	mulq	%rcx			/ p = a[1] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 8(%rdi)		/ r[1] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+	decq	%r8
+	jz	.L17
+
+	movq	16(%rsi), %rax
+	mulq	%rcx			/ p = a[2] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 16(%rdi)		/ r[2] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+	decq	%r8
+	jz	.L17
+
+	movq	24(%rsi), %rax
+	mulq	%rcx			/ p = a[3] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 24(%rdi)		/ r[3] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+	decq	%r8
+	jz	.L17
+
+	movq	32(%rsi), %rax
+	mulq	%rcx			/ p = a[4] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 32(%rdi)		/ r[4] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+	decq	%r8
+	jz	.L17
+
+	movq	40(%rsi), %rax
+	mulq	%rcx			/ p = a[5] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 40(%rdi)		/ r[5] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+	decq	%r8
+	jz	.L17
+
+	movq	48(%rsi), %rax
+	mulq	%rcx			/ p = a[6] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 48(%rdi)		/ r[6] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+	decq	%r8
+	jz	.L17
+
+
+.L17:
+	movq	%r9, %rax
+	ret
+
+.size s_mpv_mul_set_vec64, [.-s_mpv_mul_set_vec64]
+
+/ ------------------------------------------------------------------------
+/
+/  Implementation of s_mpv_mul_add_vec which exploits
+/  the 64X64->128 bit  unsigned multiply instruction.
+/
+/ ------------------------------------------------------------------------
+
+/ r += a * digit, r and a are vectors of length len
+/ returns the carry digit
+/ r and a are 64 bit aligned.
+/
+/ uint64_t
+/ s_mpv_mul_add_vec64(uint64_t *r, uint64_t *a, int len, uint64_t digit)
+/
+
+.text; .align 16; .globl s_mpv_mul_add_vec64; .type s_mpv_mul_add_vec64, @function; s_mpv_mul_add_vec64:
+
+	xorq	%rax, %rax		/ if (len == 0) return (0)
+	testq	%rdx, %rdx
+	jz	.L27
+
+	movq	%rdx, %r8		/ Use r8 for len; %rdx is used by mul
+	xorq	%r9, %r9		/ cy = 0
+
+.L25:
+	cmpq	$8, %r8			/ 8 - len
+	jb	.L26
+	movq	0(%rsi), %rax		/ rax = a[0]
+	movq	0(%rdi), %r10		/ r10 = r[0]
+	movq	8(%rsi), %r11		/ prefetch a[1]
+	mulq	%rcx			/ p = a[0] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		/ p += r[0]
+	movq	8(%rdi), %r10		/ prefetch r[1]
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 0(%rdi)		/ r[0] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	movq	%r11, %rax
+	movq	16(%rsi), %r11		/ prefetch a[2]
+	mulq	%rcx			/ p = a[1] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		/ p += r[1]
+	movq	16(%rdi), %r10		/ prefetch r[2]
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 8(%rdi)		/ r[1] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	movq	%r11, %rax
+	movq	24(%rsi), %r11		/ prefetch a[3]
+	mulq	%rcx			/ p = a[2] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		/ p += r[2]
+	movq	24(%rdi), %r10		/ prefetch r[3]
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 16(%rdi)		/ r[2] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	movq	%r11, %rax
+	movq	32(%rsi), %r11		/ prefetch a[4]
+	mulq	%rcx			/ p = a[3] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		/ p += r[3]
+	movq	32(%rdi), %r10		/ prefetch r[4]
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 24(%rdi)		/ r[3] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	movq	%r11, %rax
+	movq	40(%rsi), %r11		/ prefetch a[5]
+	mulq	%rcx			/ p = a[4] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		/ p += r[4]
+	movq	40(%rdi), %r10		/ prefetch r[5]
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 32(%rdi)		/ r[4] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	movq	%r11, %rax
+	movq	48(%rsi), %r11		/ prefetch a[6]
+	mulq	%rcx			/ p = a[5] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		/ p += r[5]
+	movq	48(%rdi), %r10		/ prefetch r[6]
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 40(%rdi)		/ r[5] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	movq	%r11, %rax
+	movq	56(%rsi), %r11		/ prefetch a[7]
+	mulq	%rcx			/ p = a[6] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		/ p += r[6]
+	movq	56(%rdi), %r10		/ prefetch r[7]
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 48(%rdi)		/ r[6] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	movq	%r11, %rax
+	mulq	%rcx			/ p = a[7] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		/ p += r[7]
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 56(%rdi)		/ r[7] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	addq	$64, %rsi
+	addq	$64, %rdi
+	subq	$8, %r8
+
+	jz	.L27
+	jmp	.L25
+
+.L26:
+	movq	0(%rsi), %rax
+	movq	0(%rdi), %r10
+	mulq	%rcx			/ p = a[0] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		/ p += r[0]
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 0(%rdi)		/ r[0] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+	decq	%r8
+	jz	.L27
+
+	movq	8(%rsi), %rax
+	movq	8(%rdi), %r10
+	mulq	%rcx			/ p = a[1] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		/ p += r[1]
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 8(%rdi)		/ r[1] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+	decq	%r8
+	jz	.L27
+
+	movq	16(%rsi), %rax
+	movq	16(%rdi), %r10
+	mulq	%rcx			/ p = a[2] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		/ p += r[2]
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 16(%rdi)		/ r[2] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+	decq	%r8
+	jz	.L27
+
+	movq	24(%rsi), %rax
+	movq	24(%rdi), %r10
+	mulq	%rcx			/ p = a[3] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		/ p += r[3]
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 24(%rdi)		/ r[3] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+	decq	%r8
+	jz	.L27
+
+	movq	32(%rsi), %rax
+	movq	32(%rdi), %r10
+	mulq	%rcx			/ p = a[4] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		/ p += r[4]
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 32(%rdi)		/ r[4] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+	decq	%r8
+	jz	.L27
+
+	movq	40(%rsi), %rax
+	movq	40(%rdi), %r10
+	mulq	%rcx			/ p = a[5] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		/ p += r[5]
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 40(%rdi)		/ r[5] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+	decq	%r8
+	jz	.L27
+
+	movq	48(%rsi), %rax
+	movq	48(%rdi), %r10
+	mulq	%rcx			/ p = a[6] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		/ p += r[6]
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 48(%rdi)		/ r[6] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+	decq	%r8
+	jz	.L27
+
+
+.L27:
+	movq	%r9, %rax
+	ret
+        
+.size s_mpv_mul_add_vec64, [.-s_mpv_mul_add_vec64]
diff --git a/security/nss/lib/freebl/mpi/mpi_hp.c b/security/nss/lib/freebl/mpi/mpi_hp.c
new file mode 100644
index 000000000..c27e9cfa7
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mpi_hp.c
@@ -0,0 +1,115 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+/* This file contains routines that perform vector multiplication.  */
+
+#include "mpi-priv.h"
+#include <unistd.h>
+
+#include <stddef.h>
+/* #include <sys/systeminfo.h> */
+#include <strings.h>
+
+extern void multacc512( 
+   int             length,        /* doublewords in multiplicand vector. */
+   const mp_digit *scalaraddr,    /* Address of scalar. */
+   const mp_digit *multiplicand,  /* The multiplicand vector. */
+   mp_digit *      result);       /* Where to accumulate the result. */
+
+extern void maxpy_little(
+   int             length,        /* doublewords in multiplicand vector. */
+   const mp_digit *scalaraddr,    /* Address of scalar. */
+   const mp_digit *multiplicand,  /* The multiplicand vector. */
+   mp_digit *      result);       /* Where to accumulate the result. */
+
+extern void add_diag_little(
+   int            length,       /* doublewords in input vector. */
+   const mp_digit *root,         /* The vector to square. */
+   mp_digit *      result);      /* Where to accumulate the result. */
+
+void 
+s_mpv_sqr_add_prop(const mp_digit *pa, mp_size a_len, mp_digit *ps)
+{
+    add_diag_little(a_len, pa, ps);
+}
+
+#define MAX_STACK_DIGITS 258
+#define MULTACC512_LEN   (512 / MP_DIGIT_BIT)
+#define HP_MPY_ADD_FN    (a_len == MULTACC512_LEN ? multacc512 : maxpy_little)
+
+/* c = a * b */
+void 
+s_mpv_mul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+{
+    mp_digit x[MAX_STACK_DIGITS];
+    mp_digit *px = x;
+    size_t   xSize = 0;
+
+    if (a == c) {
+	if (a_len > MAX_STACK_DIGITS) {
+	    xSize = sizeof(mp_digit) * (a_len + 2);
+	    px = malloc(xSize);
+	    if (!px)
+		return;
+	}
+	memcpy(px, a, a_len * sizeof(*a));
+	a = px;
+    }
+    s_mp_setz(c, a_len + 1);
+    HP_MPY_ADD_FN(a_len, &b, a, c);
+    if (px != x && px) {
+	memset(px, 0, xSize);
+	free(px);
+    }
+}
+
+/* c += a * b, where a is a_len words long. */
+void     
+s_mpv_mul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+{
+    c[a_len] = 0;	/* so carry propagation stops here. */
+    HP_MPY_ADD_FN(a_len, &b, a, c);
+}
+
+/* c += a * b, where a is y words long. */
+void     
+s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b, 
+			 mp_digit *c)
+{
+    HP_MPY_ADD_FN(a_len, &b, a, c);
+}
+
diff --git a/security/nss/lib/freebl/mpi/mpi_i86pc.s b/security/nss/lib/freebl/mpi/mpi_i86pc.s
new file mode 100644
index 000000000..ae679af48
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mpi_i86pc.s
@@ -0,0 +1,348 @@
+/
+/ ***** BEGIN LICENSE BLOCK *****
+/ Version: MPL 1.1/GPL 2.0/LGPL 2.1
+/
+/ The contents of this file are subject to the Mozilla Public License Version
+/ 1.1 (the "License"); you may not use this file except in compliance with
+/ the License. You may obtain a copy of the License at
+/ http://www.mozilla.org/MPL/
+/
+/ Software distributed under the License is distributed on an "AS IS" basis,
+/ WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+/ for the specific language governing rights and limitations under the
+/ License.
+/
+/ The Original Code is the Netscape security libraries.
+/
+/ The Initial Developer of the Original Code is
+/ Netscape Communications Corporation.
+/ Portions created by the Initial Developer are Copyright (C) 2001
+/ the Initial Developer. All Rights Reserved.
+/
+/ Contributor(s):
+/
+/ Alternatively, the contents of this file may be used under the terms of
+/ either the GNU General Public License Version 2 or later (the "GPL"), or
+/ the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+/ in which case the provisions of the GPL or the LGPL are applicable instead
+/ of those above. If you wish to allow use of your version of this file only
+/ under the terms of either the GPL or the LGPL, and not to allow others to
+/ use your version of this file under the terms of the MPL, indicate your
+/ decision by deleting the provisions above and replace them with the notice
+/ and other provisions required by the GPL or the LGPL. If you do not delete
+/ the provisions above, a recipient may use your version of this file under
+/ the terms of any one of the MPL, the GPL or the LGPL.
+/
+/ ***** END LICENSE BLOCK *****
+
+/  $Id$
+/
+
+.text
+
+ /  ebp - 36:	caller's esi
+ /  ebp - 32:	caller's edi
+ /  ebp - 28:	
+ /  ebp - 24:	
+ /  ebp - 20:	
+ /  ebp - 16:	
+ /  ebp - 12:	
+ /  ebp - 8:	
+ /  ebp - 4:	
+ /  ebp + 0:	caller's ebp
+ /  ebp + 4:	return address
+ /  ebp + 8:	a	argument
+ /  ebp + 12:	a_len	argument
+ /  ebp + 16:	b	argument
+ /  ebp + 20:	c	argument
+ /  registers:
+ / 	eax:
+ /	ebx:	carry
+ /	ecx:	a_len
+ /	edx:
+ /	esi:	a ptr
+ /	edi:	c ptr
+.globl	s_mpv_mul_d
+.type	s_mpv_mul_d,@function
+s_mpv_mul_d:
+    push   %ebp
+    mov    %esp,%ebp
+    sub    $28,%esp
+    push   %edi
+    push   %esi
+    push   %ebx
+    movl   $0,%ebx		/ carry = 0
+    mov    12(%ebp),%ecx	/ ecx = a_len
+    mov    20(%ebp),%edi
+    cmp    $0,%ecx
+    je     L2			/ jmp if a_len == 0
+    mov    8(%ebp),%esi		/ esi = a
+    cld
+L1:
+    lodsl			/ eax = [ds:esi]; esi += 4
+    mov    16(%ebp),%edx	/ edx = b
+    mull   %edx			/ edx:eax = Phi:Plo = a_i * b
+
+    add    %ebx,%eax		/ add carry (%ebx) to edx:eax
+    adc    $0,%edx
+    mov    %edx,%ebx		/ high half of product becomes next carry
+
+    stosl			/ [es:edi] = ax; edi += 4;
+    dec    %ecx			/ --a_len
+    jnz    L1			/ jmp if a_len != 0
+L2:
+    mov    %ebx,0(%edi)		/ *c = carry
+    pop    %ebx
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+
+ /  ebp - 36:	caller's esi
+ /  ebp - 32:	caller's edi
+ /  ebp - 28:	
+ /  ebp - 24:	
+ /  ebp - 20:	
+ /  ebp - 16:	
+ /  ebp - 12:	
+ /  ebp - 8:	
+ /  ebp - 4:	
+ /  ebp + 0:	caller's ebp
+ /  ebp + 4:	return address
+ /  ebp + 8:	a	argument
+ /  ebp + 12:	a_len	argument
+ /  ebp + 16:	b	argument
+ /  ebp + 20:	c	argument
+ /  registers:
+ / 	eax:
+ /	ebx:	carry
+ /	ecx:	a_len
+ /	edx:
+ /	esi:	a ptr
+ /	edi:	c ptr
+.globl	s_mpv_mul_d_add
+.type	s_mpv_mul_d_add,@function
+s_mpv_mul_d_add:
+    push   %ebp
+    mov    %esp,%ebp
+    sub    $28,%esp
+    push   %edi
+    push   %esi
+    push   %ebx
+    movl   $0,%ebx		/ carry = 0
+    mov    12(%ebp),%ecx	/ ecx = a_len
+    mov    20(%ebp),%edi
+    cmp    $0,%ecx
+    je     L4			/ jmp if a_len == 0
+    mov    8(%ebp),%esi		/ esi = a
+    cld
+L3:
+    lodsl			/ eax = [ds:esi]; esi += 4
+    mov    16(%ebp),%edx	/ edx = b
+    mull   %edx			/ edx:eax = Phi:Plo = a_i * b
+
+    add    %ebx,%eax		/ add carry (%ebx) to edx:eax
+    adc    $0,%edx
+    mov    0(%edi),%ebx		/ add in current word from *c
+    add    %ebx,%eax		
+    adc    $0,%edx
+    mov    %edx,%ebx		/ high half of product becomes next carry
+
+    stosl			/ [es:edi] = ax; edi += 4;
+    dec    %ecx			/ --a_len
+    jnz    L3			/ jmp if a_len != 0
+L4:
+    mov    %ebx,0(%edi)		/ *c = carry
+    pop    %ebx
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+
+ /  ebp - 36:	caller's esi
+ /  ebp - 32:	caller's edi
+ /  ebp - 28:	
+ /  ebp - 24:	
+ /  ebp - 20:	
+ /  ebp - 16:	
+ /  ebp - 12:	
+ /  ebp - 8:	
+ /  ebp - 4:	
+ /  ebp + 0:	caller's ebp
+ /  ebp + 4:	return address
+ /  ebp + 8:	a	argument
+ /  ebp + 12:	a_len	argument
+ /  ebp + 16:	b	argument
+ /  ebp + 20:	c	argument
+ /  registers:
+ / 	eax:
+ /	ebx:	carry
+ /	ecx:	a_len
+ /	edx:
+ /	esi:	a ptr
+ /	edi:	c ptr
+.globl	s_mpv_mul_d_add_prop
+.type	s_mpv_mul_d_add_prop,@function
+s_mpv_mul_d_add_prop:
+    push   %ebp
+    mov    %esp,%ebp
+    sub    $28,%esp
+    push   %edi
+    push   %esi
+    push   %ebx
+    movl   $0,%ebx		/ carry = 0
+    mov    12(%ebp),%ecx	/ ecx = a_len
+    mov    20(%ebp),%edi
+    cmp    $0,%ecx
+    je     L6			/ jmp if a_len == 0
+    cld
+    mov    8(%ebp),%esi		/ esi = a
+L5:
+    lodsl			/ eax = [ds:esi]; esi += 4
+    mov    16(%ebp),%edx	/ edx = b
+    mull   %edx			/ edx:eax = Phi:Plo = a_i * b
+
+    add    %ebx,%eax		/ add carry (%ebx) to edx:eax
+    adc    $0,%edx
+    mov    0(%edi),%ebx		/ add in current word from *c
+    add    %ebx,%eax		
+    adc    $0,%edx
+    mov    %edx,%ebx		/ high half of product becomes next carry
+
+    stosl			/ [es:edi] = ax; edi += 4;
+    dec    %ecx			/ --a_len
+    jnz    L5			/ jmp if a_len != 0
+L6:
+    cmp    $0,%ebx		/ is carry zero?
+    jz     L8
+    mov    0(%edi),%eax		/ add in current word from *c
+    add	   %ebx,%eax
+    stosl			/ [es:edi] = ax; edi += 4;
+    jnc    L8
+L7:
+    mov    0(%edi),%eax		/ add in current word from *c
+    adc	   $0,%eax
+    stosl			/ [es:edi] = ax; edi += 4;
+    jc     L7
+L8:
+    pop    %ebx
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+
+ /  ebp - 20:	caller's esi
+ /  ebp - 16:	caller's edi
+ /  ebp - 12:	
+ /  ebp - 8:	carry
+ /  ebp - 4:	a_len	local
+ /  ebp + 0:	caller's ebp
+ /  ebp + 4:	return address
+ /  ebp + 8:	pa	argument
+ /  ebp + 12:	a_len	argument
+ /  ebp + 16:	ps	argument
+ /  ebp + 20:	
+ /  registers:
+ / 	eax:
+ /	ebx:	carry
+ /	ecx:	a_len
+ /	edx:
+ /	esi:	a ptr
+ /	edi:	c ptr
+
+.globl	s_mpv_sqr_add_prop
+.type	s_mpv_sqr_add_prop,@function
+s_mpv_sqr_add_prop:
+     push   %ebp
+     mov    %esp,%ebp
+     sub    $12,%esp
+     push   %edi
+     push   %esi
+     push   %ebx
+     movl   $0,%ebx		/ carry = 0
+     mov    12(%ebp),%ecx	/ a_len
+     mov    16(%ebp),%edi	/ edi = ps
+     cmp    $0,%ecx
+     je     L11			/ jump if a_len == 0
+     cld
+     mov    8(%ebp),%esi	/ esi = pa
+L10:
+     lodsl			/ %eax = [ds:si]; si += 4;
+     mull   %eax
+
+     add    %ebx,%eax		/ add "carry"
+     adc    $0,%edx
+     mov    0(%edi),%ebx
+     add    %ebx,%eax		/ add low word from result
+     mov    4(%edi),%ebx
+     stosl			/ [es:di] = %eax; di += 4;
+     adc    %ebx,%edx		/ add high word from result
+     movl   $0,%ebx
+     mov    %edx,%eax
+     adc    $0,%ebx
+     stosl			/ [es:di] = %eax; di += 4;
+     dec    %ecx		/ --a_len
+     jnz    L10			/ jmp if a_len != 0
+L11:
+    cmp    $0,%ebx		/ is carry zero?
+    jz     L14
+    mov    0(%edi),%eax		/ add in current word from *c
+    add	   %ebx,%eax
+    stosl			/ [es:edi] = ax; edi += 4;
+    jnc    L14
+L12:
+    mov    0(%edi),%eax		/ add in current word from *c
+    adc	   $0,%eax
+    stosl			/ [es:edi] = ax; edi += 4;
+    jc     L12
+L14:
+    pop    %ebx
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+
+ /
+ / Divide 64-bit (Nhi,Nlo) by 32-bit divisor, which must be normalized
+ / so its high bit is 1.   This code is from NSPR.
+ /
+ / mp_err s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo, mp_digit divisor,
+ / 		          mp_digit *qp, mp_digit *rp)
+
+ /  esp +  0:   Caller's ebx
+ /  esp +  4:	return address
+ /  esp +  8:	Nhi	argument
+ /  esp + 12:	Nlo	argument
+ /  esp + 16:	divisor	argument
+ /  esp + 20:	qp	argument
+ /  esp + 24:   rp	argument
+ /  registers:
+ / 	eax:
+ /	ebx:	carry
+ /	ecx:	a_len
+ /	edx:
+ /	esi:	a ptr
+ /	edi:	c ptr
+ / 
+
+.globl	s_mpv_div_2dx1d
+.type	s_mpv_div_2dx1d,@function
+s_mpv_div_2dx1d:
+       push   %ebx
+       mov    8(%esp),%edx
+       mov    12(%esp),%eax
+       mov    16(%esp),%ebx
+       div    %ebx
+       mov    20(%esp),%ebx
+       mov    %eax,0(%ebx)
+       mov    24(%esp),%ebx
+       mov    %edx,0(%ebx)
+       xor    %eax,%eax		/ return zero
+       pop    %ebx
+       ret    
+       nop
+  
diff --git a/security/nss/lib/freebl/mpi/mpi_mips.s b/security/nss/lib/freebl/mpi/mpi_mips.s
new file mode 100644
index 000000000..059222224
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mpi_mips.s
@@ -0,0 +1,504 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+#include <regdef.h>
+        .set    noreorder
+        .set    noat
+
+        .section        .text, 1, 0x00000006, 4, 4
+.text:
+        .section        .text
+
+        .ent    s_mpv_mul_d_add
+        .globl  s_mpv_mul_d_add
+
+s_mpv_mul_d_add: 
+ #/* c += a * b */
+ #void s_mpv_mul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, 
+ #			      mp_digit *c)
+ #{
+ #  mp_digit   a0, a1;	regs a4, a5
+ #  mp_digit   c0, c1;  regs a6, a7
+ #  mp_digit   cy = 0;  reg t2
+ #  mp_word    w0, w1;  regs t0, t1
+ #
+ #  if (a_len) {
+	beq	a1,zero,.L.1
+	move	t2,zero		# cy = 0
+	dsll32	a2,a2,0		# "b" is sometimes negative (?!?!)
+	dsrl32	a2,a2,0		# This clears the upper 32 bits.
+ #    a0 = a[0];
+	lwu	a4,0(a0)
+ #    w0 = ((mp_word)b * a0);
+	dmultu	a2,a4
+ #    if (--a_len) {
+	addiu	a1,a1,-1
+	beq	a1,zero,.L.2
+ #      while (a_len >= 2) {
+	sltiu	t3,a1,2
+	bne	t3,zero,.L.3
+ #	  a1     = a[1];
+	lwu	a5,4(a0)
+.L.4:
+ #	  a_len -= 2;
+        addiu	a1,a1,-2
+ #	  c0     = c[0];
+	lwu	a6,0(a3)
+ #	  w0    += cy;
+	mflo	t0
+	daddu	t0,t0,t2
+ #	  w0    += c0;
+	daddu	t0,t0,a6
+ #	  w1     = (mp_word)b * a1; 
+	dmultu	a2,a5			#
+ #	  cy     = CARRYOUT(w0);
+	dsrl32	t2,t0,0
+ #	  c[0]   = ACCUM(w0);
+	sw	t0,0(a3)
+ #	  a0     = a[2];
+	lwu	a4,8(a0)
+ #	  a     += 2;
+	addiu	a0,a0,8
+ #	  c1     = c[1];
+	lwu	a7,4(a3)
+ #	  w1    += cy;
+	mflo	t1
+	daddu	t1,t1,t2
+ #	  w1    += c1;
+	daddu	t1,t1,a7
+ #	  w0     = (mp_word)b * a0;
+	dmultu	a2,a4			#
+ #	  cy     = CARRYOUT(w1);
+	dsrl32	t2,t1,0
+ #	  c[1]   = ACCUM(w1);
+	sw	t1,4(a3)
+ #	  c     += 2;
+	addiu	a3,a3,8
+	sltiu	t3,a1,2
+	beq	t3,zero,.L.4
+ #	  a1     = a[1];
+	lwu	a5,4(a0)
+ #      }
+.L.3:
+ #      c0       = c[0];
+	lwu	a6,0(a3)
+ #      w0      += cy;
+ #      if (a_len) {
+	mflo	t0
+	beq	a1,zero,.L.5
+	daddu	t0,t0,t2
+ #	  w1     = (mp_word)b * a1; 
+	dmultu	a2,a5
+ #	  w0    += c0;
+	daddu	t0,t0,a6		#
+ #	  cy     = CARRYOUT(w0);
+	dsrl32	t2,t0,0
+ #	  c[0]   = ACCUM(w0);
+	sw	t0,0(a3)
+ #	  c1     = c[1];
+	lwu	a7,4(a3)
+ #	  w1    += cy;
+	mflo	t1
+	daddu	t1,t1,t2
+ #	  w1    += c1;
+	daddu	t1,t1,a7
+ #	  c[1]   = ACCUM(w1);
+	sw	t1,4(a3)
+ #	  cy     = CARRYOUT(w1);
+	dsrl32	t2,t1,0
+ #	  c     += 1;
+	b	.L.6
+	addiu	a3,a3,4
+ #      } else {
+.L.5:
+ #	  w0    += c0;
+	daddu	t0,t0,a6
+ #	  c[0]   = ACCUM(w0);
+	sw	t0,0(a3)
+ #	  cy     = CARRYOUT(w0);
+	b	.L.6
+	dsrl32	t2,t0,0
+ #      }
+ #    } else {
+.L.2:
+ #      c0     = c[0];
+	lwu	a6,0(a3)
+ #      w0    += c0;
+	mflo	t0
+	daddu	t0,t0,a6
+ #      c[0]   = ACCUM(w0);
+	sw	t0,0(a3)
+ #      cy     = CARRYOUT(w0);
+	dsrl32	t2,t0,0
+ #    }
+.L.6:
+ #    c[1] = cy;
+	jr	ra
+	sw	t2,4(a3)
+ #  }
+.L.1:
+	jr	ra
+	nop
+ #}
+ #
+        .end    s_mpv_mul_d_add
+
+        .ent    s_mpv_mul_d_add_prop
+        .globl  s_mpv_mul_d_add_prop
+
+s_mpv_mul_d_add_prop: 
+ #/* c += a * b */
+ #void s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b, 
+ #			      mp_digit *c)
+ #{
+ #  mp_digit   a0, a1;	regs a4, a5
+ #  mp_digit   c0, c1;  regs a6, a7
+ #  mp_digit   cy = 0;  reg t2
+ #  mp_word    w0, w1;  regs t0, t1
+ #
+ #  if (a_len) {
+	beq	a1,zero,.M.1
+	move	t2,zero		# cy = 0
+	dsll32	a2,a2,0		# "b" is sometimes negative (?!?!)
+	dsrl32	a2,a2,0		# This clears the upper 32 bits.
+ #    a0 = a[0];
+	lwu	a4,0(a0)
+ #    w0 = ((mp_word)b * a0);
+	dmultu	a2,a4
+ #    if (--a_len) {
+	addiu	a1,a1,-1
+	beq	a1,zero,.M.2
+ #      while (a_len >= 2) {
+	sltiu	t3,a1,2
+	bne	t3,zero,.M.3
+ #	  a1     = a[1];
+	lwu	a5,4(a0)
+.M.4:
+ #	  a_len -= 2;
+        addiu	a1,a1,-2
+ #	  c0     = c[0];
+	lwu	a6,0(a3)
+ #	  w0    += cy;
+	mflo	t0
+	daddu	t0,t0,t2
+ #	  w0    += c0;
+	daddu	t0,t0,a6
+ #	  w1     = (mp_word)b * a1; 
+	dmultu	a2,a5			#
+ #	  cy     = CARRYOUT(w0);
+	dsrl32	t2,t0,0
+ #	  c[0]   = ACCUM(w0);
+	sw	t0,0(a3)
+ #	  a0     = a[2];
+	lwu	a4,8(a0)
+ #	  a     += 2;
+	addiu	a0,a0,8
+ #	  c1     = c[1];
+	lwu	a7,4(a3)
+ #	  w1    += cy;
+	mflo	t1
+	daddu	t1,t1,t2
+ #	  w1    += c1;
+	daddu	t1,t1,a7
+ #	  w0     = (mp_word)b * a0;
+	dmultu	a2,a4			#
+ #	  cy     = CARRYOUT(w1);
+	dsrl32	t2,t1,0
+ #	  c[1]   = ACCUM(w1);
+	sw	t1,4(a3)
+ #	  c     += 2;
+	addiu	a3,a3,8
+	sltiu	t3,a1,2
+	beq	t3,zero,.M.4
+ #	  a1     = a[1];
+	lwu	a5,4(a0)
+ #      }
+.M.3:
+ #      c0       = c[0];
+	lwu	a6,0(a3)
+ #      w0      += cy;
+ #      if (a_len) {
+	mflo	t0
+	beq	a1,zero,.M.5
+	daddu	t0,t0,t2
+ #	  w1     = (mp_word)b * a1; 
+	dmultu	a2,a5
+ #	  w0    += c0;
+	daddu	t0,t0,a6		#
+ #	  cy     = CARRYOUT(w0);
+	dsrl32	t2,t0,0
+ #	  c[0]   = ACCUM(w0);
+	sw	t0,0(a3)
+ #	  c1     = c[1];
+	lwu	a7,4(a3)
+ #	  w1    += cy;
+	mflo	t1
+	daddu	t1,t1,t2
+ #	  w1    += c1;
+	daddu	t1,t1,a7
+ #	  c[1]   = ACCUM(w1);
+	sw	t1,4(a3)
+ #	  cy     = CARRYOUT(w1);
+	dsrl32	t2,t1,0
+ #	  c     += 1;
+	b	.M.6
+	addiu	a3,a3,8
+ #      } else {
+.M.5:
+ #	  w0    += c0;
+	daddu	t0,t0,a6
+ #	  c[0]   = ACCUM(w0);
+	sw	t0,0(a3)
+ #	  cy     = CARRYOUT(w0);
+	dsrl32	t2,t0,0
+	b	.M.6
+	addiu	a3,a3,4
+ #      }
+ #    } else {
+.M.2:
+ #      c0     = c[0];
+	lwu	a6,0(a3)
+ #      w0    += c0;
+	mflo	t0
+	daddu	t0,t0,a6
+ #      c[0]   = ACCUM(w0);
+	sw	t0,0(a3)
+ #      cy     = CARRYOUT(w0);
+	dsrl32	t2,t0,0
+	addiu	a3,a3,4
+ #    }
+.M.6:
+
+ #    while (cy) {
+	beq	t2,zero,.M.1
+	nop
+.M.7:
+ #      mp_word w = (mp_word)*c + cy;
+	lwu	a6,0(a3)
+	daddu	t2,t2,a6
+ #      *c++ = ACCUM(w);
+	sw	t2,0(a3)
+ #      cy = CARRYOUT(w);
+	dsrl32	t2,t2,0
+	bne	t2,zero,.M.7
+	addiu	a3,a3,4
+
+ #  }
+.M.1:
+	jr	ra
+	nop
+ #}
+ #
+        .end    s_mpv_mul_d_add_prop
+
+        .ent    s_mpv_mul_d
+        .globl  s_mpv_mul_d
+
+s_mpv_mul_d: 
+ #/* c = a * b */
+ #void s_mpv_mul_d(const mp_digit *a, mp_size a_len, mp_digit b, 
+ #			      mp_digit *c)
+ #{
+ #  mp_digit   a0, a1;	regs a4, a5
+ #  mp_digit   cy = 0;  reg t2
+ #  mp_word    w0, w1;  regs t0, t1
+ #
+ #  if (a_len) {
+	beq	a1,zero,.N.1
+	move	t2,zero		# cy = 0
+	dsll32	a2,a2,0		# "b" is sometimes negative (?!?!)
+	dsrl32	a2,a2,0		# This clears the upper 32 bits.
+ #    a0 = a[0];
+	lwu	a4,0(a0)
+ #    w0 = ((mp_word)b * a0);
+	dmultu	a2,a4
+ #    if (--a_len) {
+	addiu	a1,a1,-1
+	beq	a1,zero,.N.2
+ #      while (a_len >= 2) {
+	sltiu	t3,a1,2
+	bne	t3,zero,.N.3
+ #	  a1     = a[1];
+	lwu	a5,4(a0)
+.N.4:
+ #	  a_len -= 2;
+        addiu	a1,a1,-2
+ #	  w0    += cy;
+	mflo	t0
+	daddu	t0,t0,t2
+ #	  cy     = CARRYOUT(w0);
+	dsrl32	t2,t0,0
+ #	  w1     = (mp_word)b * a1; 
+	dmultu	a2,a5	
+ #	  c[0]   = ACCUM(w0);
+	sw	t0,0(a3)
+ #	  a0     = a[2];
+	lwu	a4,8(a0)
+ #	  a     += 2;
+	addiu	a0,a0,8
+ #	  w1    += cy;
+	mflo	t1
+	daddu	t1,t1,t2
+ #	  cy     = CARRYOUT(w1);
+	dsrl32	t2,t1,0
+ #	  w0     = (mp_word)b * a0;
+	dmultu	a2,a4	
+ #	  c[1]   = ACCUM(w1);
+	sw	t1,4(a3)
+ #	  c     += 2;
+	addiu	a3,a3,8
+	sltiu	t3,a1,2
+	beq	t3,zero,.N.4
+ #	  a1     = a[1];
+	lwu	a5,4(a0)
+ #      }
+.N.3:
+ #      w0      += cy;
+ #      if (a_len) {
+	mflo	t0
+	beq	a1,zero,.N.5
+	daddu	t0,t0,t2
+ #	  w1     = (mp_word)b * a1; 
+	dmultu	a2,a5			#
+ #	  cy     = CARRYOUT(w0);
+	dsrl32	t2,t0,0
+ #	  c[0]   = ACCUM(w0);
+	sw	t0,0(a3)
+ #	  w1    += cy;
+	mflo	t1
+	daddu	t1,t1,t2
+ #	  c[1]   = ACCUM(w1);
+	sw	t1,4(a3)
+ #	  cy     = CARRYOUT(w1);
+	dsrl32	t2,t1,0
+ #	  c     += 1;
+	b	.N.6
+	addiu	a3,a3,4
+ #      } else {
+.N.5:
+ #	  c[0]   = ACCUM(w0);
+	sw	t0,0(a3)
+ #	  cy     = CARRYOUT(w0);
+	b	.N.6
+	dsrl32	t2,t0,0
+ #      }
+ #    } else {
+.N.2:
+	mflo	t0
+ #      c[0]   = ACCUM(w0);
+	sw	t0,0(a3)
+ #      cy     = CARRYOUT(w0);
+	dsrl32	t2,t0,0
+ #    }
+.N.6:
+ #    c[1] = cy;
+	jr	ra
+	sw	t2,4(a3)
+ #  }
+.N.1:
+	jr	ra
+	nop
+ #}
+ #
+        .end    s_mpv_mul_d
+
+
+        .ent    s_mpv_sqr_add_prop
+        .globl  s_mpv_sqr_add_prop
+ #void   s_mpv_sqr_add_prop(const mp_digit *a, mp_size a_len, mp_digit *sqrs);
+ #	registers
+ #	a0		*a
+ #	a1		a_len
+ #	a2		*sqr
+ #	a3		digit from *a, a_i
+ #	a4		square of digit from a
+ #	a5,a6		next 2 digits in sqr
+ #	a7,t0		carry 
+s_mpv_sqr_add_prop:
+	move	a7,zero
+	move	t0,zero
+	lwu	a3,0(a0)
+	addiu	a1,a1,-1	# --a_len
+	dmultu	a3,a3
+	beq	a1,zero,.P.3	# jump if we've already done the only sqr
+	addiu	a0,a0,4		# ++a
+.P.2:
+        lwu	a5,0(a2)
+        lwu	a6,4(a2)
+	addiu	a2,a2,8		# sqrs += 2;
+	dsll32	a6,a6,0
+	daddu	a5,a5,a6
+	lwu	a3,0(a0)
+	addiu	a0,a0,4		# ++a
+	mflo	a4
+	daddu	a6,a5,a4
+	sltu	a7,a6,a5	# a7 = a6 < a5	detect overflow
+	dmultu	a3,a3
+	daddu	a4,a6,t0
+	sltu	t0,a4,a6
+	add	t0,t0,a7
+	sw	a4,-8(a2)
+	addiu	a1,a1,-1	# --a_len
+	dsrl32	a4,a4,0
+	bne	a1,zero,.P.2	# loop if a_len > 0
+	sw	a4,-4(a2)
+.P.3:
+        lwu	a5,0(a2)
+        lwu	a6,4(a2)
+	addiu	a2,a2,8		# sqrs += 2;
+	dsll32	a6,a6,0
+	daddu	a5,a5,a6
+	mflo	a4
+	daddu	a6,a5,a4
+	sltu	a7,a6,a5	# a7 = a6 < a5	detect overflow
+	daddu	a4,a6,t0
+	sltu	t0,a4,a6
+	add	t0,t0,a7
+	sw	a4,-8(a2)
+	beq	t0,zero,.P.9	# jump if no carry
+	dsrl32	a4,a4,0
+.P.8:
+	sw	a4,-4(a2)
+	/* propagate final carry */
+	lwu	a5,0(a2)
+	daddu	a6,a5,t0
+	sltu	t0,a6,a5
+	bne	t0,zero,.P.8	# loop if carry persists
+	addiu	a2,a2,4		# sqrs++
+.P.9:
+	jr	ra
+	sw	a4,-4(a2)
+
+        .end    s_mpv_sqr_add_prop
diff --git a/security/nss/lib/freebl/mpi/mpi_sparc.c b/security/nss/lib/freebl/mpi/mpi_sparc.c
new file mode 100644
index 000000000..f7eb19c19
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mpi_sparc.c
@@ -0,0 +1,257 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+/* Multiplication performance enhancements for sparc v8+vis CPUs. */
+
+#include "mpi-priv.h"
+#include <stddef.h>
+#include <sys/systeminfo.h>
+#include <strings.h>
+
+/* In the functions below, */
+/* vector y must be 8-byte aligned, and n must be even */
+/* returns carry out of high order word of result */
+/* maximum n is 256 */
+
+/* vector x += vector y * scaler a; where y is of length n words. */
+extern mp_digit mul_add_inp(mp_digit *x, const mp_digit *y, int n, mp_digit a);
+
+/* vector z = vector x + vector y * scaler a; where y is of length n words. */
+extern mp_digit mul_add(mp_digit *z, const mp_digit *x, const mp_digit *y, 
+			int n, mp_digit a);
+
+/* v8 versions of these functions run on any Sparc v8 CPU. */
+
+/* This trick works on Sparc V8 CPUs with the Workshop compilers. */
+#define MP_MUL_DxD(a, b, Phi, Plo) \
+  { unsigned long long product = (unsigned long long)a * b; \
+    Plo = (mp_digit)product; \
+    Phi = (mp_digit)(product >> MP_DIGIT_BIT); }
+
+/* c = a * b */
+static void 
+v8_mpv_mul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+{
+#if !defined(MP_NO_MP_WORD)
+  mp_digit   d = 0;
+
+  /* Inner product:  Digits of a */
+  while (a_len--) {
+    mp_word w = ((mp_word)b * *a++) + d;
+    *c++ = ACCUM(w);
+    d = CARRYOUT(w);
+  }
+  *c = d;
+#else
+  mp_digit carry = 0;
+  while (a_len--) {
+    mp_digit a_i = *a++;
+    mp_digit a0b0, a1b1;
+
+    MP_MUL_DxD(a_i, b, a1b1, a0b0);
+
+    a0b0 += carry;
+    if (a0b0 < carry)
+      ++a1b1;
+    *c++ = a0b0;
+    carry = a1b1;
+  }
+  *c = carry;
+#endif
+}
+
+/* c += a * b */
+static void 
+v8_mpv_mul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+{
+#if !defined(MP_NO_MP_WORD)
+  mp_digit   d = 0;
+
+  /* Inner product:  Digits of a */
+  while (a_len--) {
+    mp_word w = ((mp_word)b * *a++) + *c + d;
+    *c++ = ACCUM(w);
+    d = CARRYOUT(w);
+  }
+  *c = d;
+#else
+  mp_digit carry = 0;
+  while (a_len--) {
+    mp_digit a_i = *a++;
+    mp_digit a0b0, a1b1;
+
+    MP_MUL_DxD(a_i, b, a1b1, a0b0);
+
+    a0b0 += carry;
+    if (a0b0 < carry)
+      ++a1b1;
+    a0b0 += a_i = *c;
+    if (a0b0 < a_i)
+      ++a1b1;
+    *c++ = a0b0;
+    carry = a1b1;
+  }
+  *c = carry;
+#endif
+}
+
+/* Presently, this is only used by the Montgomery arithmetic code. */
+/* c += a * b */
+static void 
+v8_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+{
+#if !defined(MP_NO_MP_WORD)
+  mp_digit   d = 0;
+
+  /* Inner product:  Digits of a */
+  while (a_len--) {
+    mp_word w = ((mp_word)b * *a++) + *c + d;
+    *c++ = ACCUM(w);
+    d = CARRYOUT(w);
+  }
+
+  while (d) {
+    mp_word w = (mp_word)*c + d;
+    *c++ = ACCUM(w);
+    d = CARRYOUT(w);
+  }
+#else
+  mp_digit carry = 0;
+  while (a_len--) {
+    mp_digit a_i = *a++;
+    mp_digit a0b0, a1b1;
+
+    MP_MUL_DxD(a_i, b, a1b1, a0b0);
+
+    a0b0 += carry;
+    if (a0b0 < carry)
+      ++a1b1;
+
+    a0b0 += a_i = *c;
+    if (a0b0 < a_i)
+      ++a1b1;
+
+    *c++ = a0b0;
+    carry = a1b1;
+  }
+  while (carry) {
+    mp_digit c_i = *c;
+    carry += c_i;
+    *c++ = carry;
+    carry = carry < c_i;
+  }
+#endif
+}
+
+/* These functions run only on v8plus+vis or v9+vis CPUs. */
+
+/* c = a * b */
+void 
+s_mpv_mul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+{
+    mp_digit d;
+    mp_digit x[258];
+    if (a_len <= 256) {
+	if (a == c || ((ptrdiff_t)a & 0x7) != 0 || (a_len & 1) != 0) {
+	    mp_digit * px;
+	    px = (((ptrdiff_t)x & 0x7) != 0) ? x + 1 : x;
+	    memcpy(px, a, a_len * sizeof(*a));
+	    a = px;
+	    if (a_len & 1) {
+		px[a_len] = 0;
+	    }
+	}
+	s_mp_setz(c, a_len + 1);
+	d = mul_add_inp(c, a, a_len, b);
+	c[a_len] = d;
+    } else {
+	v8_mpv_mul_d(a, a_len, b, c);
+    }
+}
+
+/* c += a * b, where a is a_len words long. */
+void     
+s_mpv_mul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+{
+    mp_digit d;
+    mp_digit x[258];
+    if (a_len <= 256) {
+	if (((ptrdiff_t)a & 0x7) != 0 || (a_len & 1) != 0) {
+	    mp_digit * px;
+	    px = (((ptrdiff_t)x & 0x7) != 0) ? x + 1 : x;
+	    memcpy(px, a, a_len * sizeof(*a));
+	    a = px;
+	    if (a_len & 1) {
+		px[a_len] = 0;
+	    }
+	}
+	d = mul_add_inp(c, a, a_len, b);
+	c[a_len] = d;
+    } else {
+	v8_mpv_mul_d_add(a, a_len, b, c);
+    }
+}
+
+/* c += a * b, where a is y words long. */
+void     
+s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+{
+    mp_digit d;
+    mp_digit x[258];
+    if (a_len <= 256) {
+	if (((ptrdiff_t)a & 0x7) != 0 || (a_len & 1) != 0) {
+	    mp_digit * px;
+	    px = (((ptrdiff_t)x & 0x7) != 0) ? x + 1 : x;
+	    memcpy(px, a, a_len * sizeof(*a));
+	    a = px;
+	    if (a_len & 1) {
+		px[a_len] = 0;
+	    }
+	}
+	d = mul_add_inp(c, a, a_len, b);
+	if (d) {
+	    c += a_len;
+	    do {
+		mp_digit sum = d + *c;
+		*c++ = sum;
+		d = sum < d;
+	    } while (d);
+	}
+    } else {
+	v8_mpv_mul_d_add_prop(a, a_len, b, c);
+    }
+}
diff --git a/security/nss/lib/freebl/mpi/mpi_x86.s b/security/nss/lib/freebl/mpi/mpi_x86.s
new file mode 100644
index 000000000..8bf0e08d1
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mpi_x86.s
@@ -0,0 +1,576 @@
+#
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the Netscape security libraries.
+#
+# The Initial Developer of the Original Code is
+# Netscape Communications Corporation.
+# Portions created by the Initial Developer are Copyright (C) 2000
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+#  $Id$
+#
+
+.data
+.align 4
+ #
+ # -1 means to call s_mpi_is_sse to determine if we support sse 
+ #    instructions.
+ #  0 means to use x86 instructions
+ #  1 means to use sse2 instructions
+.type	is_sse,@object
+.size	is_sse,4
+is_sse: .long	-1 
+
+#
+# sigh, handle the difference between -fPIC and not PIC
+# default to pic, since this file seems to be exclusively
+# linux right now (solaris uses mpi_i86pc.s and windows uses
+# mpi_x86_asm.c)
+#
+.ifndef NO_PIC
+.macro GET   var,reg
+    movl   \var@GOTOFF(%ebx),\reg
+.endm
+.macro PUT   reg,var
+    movl   \reg,\var@GOTOFF(%ebx)
+.endm
+.else
+.macro GET   var,reg
+    movl   \var,\reg
+.endm
+.macro PUT   reg,var
+    movl   \reg,\var
+.endm
+.endif
+
+.text
+
+
+ #  ebp - 36:	caller's esi
+ #  ebp - 32:	caller's edi
+ #  ebp - 28:	
+ #  ebp - 24:	
+ #  ebp - 20:	
+ #  ebp - 16:	
+ #  ebp - 12:	
+ #  ebp - 8:	
+ #  ebp - 4:	
+ #  ebp + 0:	caller's ebp
+ #  ebp + 4:	return address
+ #  ebp + 8:	a	argument
+ #  ebp + 12:	a_len	argument
+ #  ebp + 16:	b	argument
+ #  ebp + 20:	c	argument
+ #  registers:
+ # 	eax:
+ #	ebx:	carry
+ #	ecx:	a_len
+ #	edx:
+ #	esi:	a ptr
+ #	edi:	c ptr
+.globl	s_mpv_mul_d
+.type	s_mpv_mul_d,@function
+s_mpv_mul_d:
+    GET    is_sse,%eax
+    cmp    $0,%eax
+    je     s_mpv_mul_d_x86
+    jg     s_mpv_mul_d_sse2
+    call   s_mpi_is_sse2
+    PUT    %eax,is_sse
+    cmp    $0,%eax
+    jg     s_mpv_mul_d_sse2
+s_mpv_mul_d_x86:
+    push   %ebp
+    mov    %esp,%ebp
+    sub    $28,%esp
+    push   %edi
+    push   %esi
+    push   %ebx
+    movl   $0,%ebx		# carry = 0
+    mov    12(%ebp),%ecx	# ecx = a_len
+    mov    20(%ebp),%edi
+    cmp    $0,%ecx
+    je     2f			# jmp if a_len == 0
+    mov    8(%ebp),%esi		# esi = a
+    cld
+1:
+    lodsl			# eax = [ds:esi]; esi += 4
+    mov    16(%ebp),%edx	# edx = b
+    mull   %edx			# edx:eax = Phi:Plo = a_i * b
+
+    add    %ebx,%eax		# add carry (%ebx) to edx:eax
+    adc    $0,%edx
+    mov    %edx,%ebx		# high half of product becomes next carry
+
+    stosl			# [es:edi] = ax; edi += 4;
+    dec    %ecx			# --a_len
+    jnz    1b			# jmp if a_len != 0
+2:
+    mov    %ebx,0(%edi)		# *c = carry
+    pop    %ebx
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+s_mpv_mul_d_sse2:
+    push   %ebp
+    mov    %esp,%ebp
+    push   %edi
+    push   %esi
+    psubq  %mm2,%mm2		# carry = 0
+    mov    12(%ebp),%ecx	# ecx = a_len
+    movd   16(%ebp),%mm1	# mm1 = b
+    mov    20(%ebp),%edi
+    cmp    $0,%ecx
+    je     6f			# jmp if a_len == 0
+    mov    8(%ebp),%esi		# esi = a
+    cld
+5:
+    movd   0(%esi),%mm0         # mm0 = *a++
+    add    $4,%esi
+    pmuludq %mm1,%mm0           # mm0 = b * *a++
+    paddq  %mm0,%mm2            # add the carry
+    movd   %mm2,0(%edi)         # store the 32bit result
+    add    $4,%edi
+    psrlq  $32, %mm2		# save the carry
+    dec    %ecx			# --a_len
+    jnz    5b			# jmp if a_len != 0
+6:
+    movd   %mm2,0(%edi)		# *c = carry
+    emms
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+
+ #  ebp - 36:	caller's esi
+ #  ebp - 32:	caller's edi
+ #  ebp - 28:	
+ #  ebp - 24:	
+ #  ebp - 20:	
+ #  ebp - 16:	
+ #  ebp - 12:	
+ #  ebp - 8:	
+ #  ebp - 4:	
+ #  ebp + 0:	caller's ebp
+ #  ebp + 4:	return address
+ #  ebp + 8:	a	argument
+ #  ebp + 12:	a_len	argument
+ #  ebp + 16:	b	argument
+ #  ebp + 20:	c	argument
+ #  registers:
+ # 	eax:
+ #	ebx:	carry
+ #	ecx:	a_len
+ #	edx:
+ #	esi:	a ptr
+ #	edi:	c ptr
+.globl	s_mpv_mul_d_add
+.type	s_mpv_mul_d_add,@function
+s_mpv_mul_d_add:
+    GET    is_sse,%eax
+    cmp    $0,%eax
+    je     s_mpv_mul_d_add_x86
+    jg     s_mpv_mul_d_add_sse2
+    call   s_mpi_is_sse2
+    PUT    %eax,is_sse
+    cmp    $0,%eax
+    jg     s_mpv_mul_d_add_sse2
+s_mpv_mul_d_add_x86:
+    push   %ebp
+    mov    %esp,%ebp
+    sub    $28,%esp
+    push   %edi
+    push   %esi
+    push   %ebx
+    movl   $0,%ebx		# carry = 0
+    mov    12(%ebp),%ecx	# ecx = a_len
+    mov    20(%ebp),%edi
+    cmp    $0,%ecx
+    je     11f			# jmp if a_len == 0
+    mov    8(%ebp),%esi		# esi = a
+    cld
+10:
+    lodsl			# eax = [ds:esi]; esi += 4
+    mov    16(%ebp),%edx	# edx = b
+    mull   %edx			# edx:eax = Phi:Plo = a_i * b
+
+    add    %ebx,%eax		# add carry (%ebx) to edx:eax
+    adc    $0,%edx
+    mov    0(%edi),%ebx		# add in current word from *c
+    add    %ebx,%eax		
+    adc    $0,%edx
+    mov    %edx,%ebx		# high half of product becomes next carry
+
+    stosl			# [es:edi] = ax; edi += 4;
+    dec    %ecx			# --a_len
+    jnz    10b			# jmp if a_len != 0
+11:
+    mov    %ebx,0(%edi)		# *c = carry
+    pop    %ebx
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+s_mpv_mul_d_add_sse2:
+    push   %ebp
+    mov    %esp,%ebp
+    push   %edi
+    push   %esi
+    psubq  %mm2,%mm2		# carry = 0
+    mov    12(%ebp),%ecx	# ecx = a_len
+    movd   16(%ebp),%mm1	# mm1 = b
+    mov    20(%ebp),%edi
+    cmp    $0,%ecx
+    je     16f			# jmp if a_len == 0
+    mov    8(%ebp),%esi		# esi = a
+    cld
+15:
+    movd   0(%esi),%mm0         # mm0 = *a++
+    add    $4,%esi
+    pmuludq %mm1,%mm0           # mm0 = b * *a++
+    paddq  %mm0,%mm2            # add the carry
+    movd   0(%edi),%mm0
+    paddq  %mm0,%mm2            # add the carry
+    movd   %mm2,0(%edi)         # store the 32bit result
+    add    $4,%edi
+    psrlq  $32, %mm2		# save the carry
+    dec    %ecx			# --a_len
+    jnz    15b			# jmp if a_len != 0
+16:
+    movd   %mm2,0(%edi)		# *c = carry
+    emms
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+
+ #  ebp - 8:	caller's esi
+ #  ebp - 4:	caller's edi
+ #  ebp + 0:	caller's ebp
+ #  ebp + 4:	return address
+ #  ebp + 8:	a	argument
+ #  ebp + 12:	a_len	argument
+ #  ebp + 16:	b	argument
+ #  ebp + 20:	c	argument
+ #  registers:
+ # 	eax:
+ #	ebx:	carry
+ #	ecx:	a_len
+ #	edx:
+ #	esi:	a ptr
+ #	edi:	c ptr
+.globl	s_mpv_mul_d_add_prop
+.type	s_mpv_mul_d_add_prop,@function
+s_mpv_mul_d_add_prop:
+    GET    is_sse,%eax
+    cmp    $0,%eax
+    je     s_mpv_mul_d_add_prop_x86
+    jg     s_mpv_mul_d_add_prop_sse2
+    call   s_mpi_is_sse2
+    PUT    %eax,is_sse
+    cmp    $0,%eax
+    jg     s_mpv_mul_d_add_prop_sse2
+s_mpv_mul_d_add_prop_x86:
+    push   %ebp
+    mov    %esp,%ebp
+    sub    $28,%esp
+    push   %edi
+    push   %esi
+    push   %ebx
+    movl   $0,%ebx		# carry = 0
+    mov    12(%ebp),%ecx	# ecx = a_len
+    mov    20(%ebp),%edi
+    cmp    $0,%ecx
+    je     21f			# jmp if a_len == 0
+    cld
+    mov    8(%ebp),%esi		# esi = a
+20:
+    lodsl			# eax = [ds:esi]; esi += 4
+    mov    16(%ebp),%edx	# edx = b
+    mull   %edx			# edx:eax = Phi:Plo = a_i * b
+
+    add    %ebx,%eax		# add carry (%ebx) to edx:eax
+    adc    $0,%edx
+    mov    0(%edi),%ebx		# add in current word from *c
+    add    %ebx,%eax		
+    adc    $0,%edx
+    mov    %edx,%ebx		# high half of product becomes next carry
+
+    stosl			# [es:edi] = ax; edi += 4;
+    dec    %ecx			# --a_len
+    jnz    20b			# jmp if a_len != 0
+21:
+    cmp    $0,%ebx		# is carry zero?
+    jz     23f
+    mov    0(%edi),%eax		# add in current word from *c
+    add	   %ebx,%eax
+    stosl			# [es:edi] = ax; edi += 4;
+    jnc    23f
+22:
+    mov    0(%edi),%eax		# add in current word from *c
+    adc	   $0,%eax
+    stosl			# [es:edi] = ax; edi += 4;
+    jc     22b
+23:
+    pop    %ebx
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+s_mpv_mul_d_add_prop_sse2:
+    push   %ebp
+    mov    %esp,%ebp
+    push   %edi
+    push   %esi
+    push   %ebx
+    psubq  %mm2,%mm2		# carry = 0
+    mov    12(%ebp),%ecx	# ecx = a_len
+    movd   16(%ebp),%mm1	# mm1 = b
+    mov    20(%ebp),%edi
+    cmp    $0,%ecx
+    je     26f			# jmp if a_len == 0
+    mov    8(%ebp),%esi		# esi = a
+    cld
+25:
+    movd   0(%esi),%mm0         # mm0 = *a++
+    movd   0(%edi),%mm3		# fetch the sum
+    add    $4,%esi
+    pmuludq %mm1,%mm0           # mm0 = b * *a++
+    paddq  %mm0,%mm2            # add the carry
+    paddq  %mm3,%mm2            # add *c++
+    movd   %mm2,0(%edi)         # store the 32bit result
+    add    $4,%edi
+    psrlq  $32, %mm2		# save the carry
+    dec    %ecx			# --a_len
+    jnz    25b			# jmp if a_len != 0
+26:
+    movd   %mm2,%ebx
+    cmp    $0,%ebx		# is carry zero?
+    jz     28f
+    mov    0(%edi),%eax
+    add    %ebx, %eax
+    stosl
+    jnc    28f
+27:
+    mov    0(%edi),%eax		# add in current word from *c
+    adc	   $0,%eax
+    stosl			# [es:edi] = ax; edi += 4;
+    jc     27b
+28:
+    emms
+    pop    %ebx
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+
+
+ #  ebp - 20:	caller's esi
+ #  ebp - 16:	caller's edi
+ #  ebp - 12:	
+ #  ebp - 8:	carry
+ #  ebp - 4:	a_len	local
+ #  ebp + 0:	caller's ebp
+ #  ebp + 4:	return address
+ #  ebp + 8:	pa	argument
+ #  ebp + 12:	a_len	argument
+ #  ebp + 16:	ps	argument
+ #  ebp + 20:	
+ #  registers:
+ # 	eax:
+ #	ebx:	carry
+ #	ecx:	a_len
+ #	edx:
+ #	esi:	a ptr
+ #	edi:	c ptr
+
+.globl	s_mpv_sqr_add_prop
+.type	s_mpv_sqr_add_prop,@function
+s_mpv_sqr_add_prop:
+     GET   is_sse,%eax
+     cmp    $0,%eax
+     je     s_mpv_sqr_add_prop_x86
+     jg     s_mpv_sqr_add_prop_sse2
+     call   s_mpi_is_sse2
+     PUT    %eax,is_sse
+     cmp    $0,%eax
+     jg     s_mpv_sqr_add_prop_sse2
+s_mpv_sqr_add_prop_x86:
+     push   %ebp
+     mov    %esp,%ebp
+     sub    $12,%esp
+     push   %edi
+     push   %esi
+     push   %ebx
+     movl   $0,%ebx		# carry = 0
+     mov    12(%ebp),%ecx	# a_len
+     mov    16(%ebp),%edi	# edi = ps
+     cmp    $0,%ecx
+     je     31f			# jump if a_len == 0
+     cld
+     mov    8(%ebp),%esi	# esi = pa
+30:
+     lodsl			# %eax = [ds:si]; si += 4;
+     mull   %eax
+
+     add    %ebx,%eax		# add "carry"
+     adc    $0,%edx
+     mov    0(%edi),%ebx
+     add    %ebx,%eax		# add low word from result
+     mov    4(%edi),%ebx
+     stosl			# [es:di] = %eax; di += 4;
+     adc    %ebx,%edx		# add high word from result
+     movl   $0,%ebx
+     mov    %edx,%eax
+     adc    $0,%ebx
+     stosl			# [es:di] = %eax; di += 4;
+     dec    %ecx		# --a_len
+     jnz    30b			# jmp if a_len != 0
+31:
+    cmp    $0,%ebx		# is carry zero?
+    jz     34f
+    mov    0(%edi),%eax		# add in current word from *c
+    add	   %ebx,%eax
+    stosl			# [es:edi] = ax; edi += 4;
+    jnc    34f
+32:
+    mov    0(%edi),%eax		# add in current word from *c
+    adc	   $0,%eax
+    stosl			# [es:edi] = ax; edi += 4;
+    jc     32b
+34:
+    pop    %ebx
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+s_mpv_sqr_add_prop_sse2:
+    push   %ebp
+    mov    %esp,%ebp
+    push   %edi
+    push   %esi
+    push   %ebx
+    psubq  %mm2,%mm2		# carry = 0
+    mov    12(%ebp),%ecx	# ecx = a_len
+    mov    16(%ebp),%edi
+    cmp    $0,%ecx
+    je     36f			# jmp if a_len == 0
+    mov    8(%ebp),%esi		# esi = a
+    cld
+35:
+    movd   0(%esi),%mm0        # mm0 = *a
+    movd   0(%edi),%mm3	       # fetch the sum
+    add	   $4,%esi
+    pmuludq %mm0,%mm0          # mm0 = sqr(a)
+    paddq  %mm0,%mm2           # add the carry
+    paddq  %mm3,%mm2           # add the low word
+    movd   4(%edi),%mm3
+    movd   %mm2,0(%edi)        # store the 32bit result
+    psrlq  $32, %mm2	
+    paddq  %mm3,%mm2           # add the high word
+    movd   %mm2,4(%edi)        # store the 32bit result
+    psrlq  $32, %mm2	       # save the carry.
+    add    $8,%edi
+    dec    %ecx			# --a_len
+    jnz    35b			# jmp if a_len != 0
+36:
+    movd   %mm2,%ebx
+    cmp    $0,%ebx		# is carry zero?
+    jz     38f
+    mov    0(%edi),%eax
+    add    %ebx, %eax
+    stosl
+    jnc    38f
+37:
+    mov    0(%edi),%eax		# add in current word from *c
+    adc	   $0,%eax
+    stosl			# [es:edi] = ax; edi += 4;
+    jc     37b
+38:
+    emms
+    pop    %ebx
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+
+ #
+ # Divide 64-bit (Nhi,Nlo) by 32-bit divisor, which must be normalized
+ # so its high bit is 1.   This code is from NSPR.
+ #
+ # mp_err s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo, mp_digit divisor,
+ # 		          mp_digit *qp, mp_digit *rp)
+
+ #  esp +  0:   Caller's ebx
+ #  esp +  4:	return address
+ #  esp +  8:	Nhi	argument
+ #  esp + 12:	Nlo	argument
+ #  esp + 16:	divisor	argument
+ #  esp + 20:	qp	argument
+ #  esp + 24:   rp	argument
+ #  registers:
+ # 	eax:
+ #	ebx:	carry
+ #	ecx:	a_len
+ #	edx:
+ #	esi:	a ptr
+ #	edi:	c ptr
+ # 
+
+.globl	s_mpv_div_2dx1d
+.type	s_mpv_div_2dx1d,@function
+s_mpv_div_2dx1d:
+       push   %ebx
+       mov    8(%esp),%edx
+       mov    12(%esp),%eax
+       mov    16(%esp),%ebx
+       div    %ebx
+       mov    20(%esp),%ebx
+       mov    %eax,0(%ebx)
+       mov    24(%esp),%ebx
+       mov    %edx,0(%ebx)
+       xor    %eax,%eax		# return zero
+       pop    %ebx
+       ret    
+       nop
+  
+ # Magic indicating no need for an executable stack
+.section .note.GNU-stack, "", @progbits
+.previous
diff --git a/security/nss/lib/freebl/mpi/mpi_x86_asm.c b/security/nss/lib/freebl/mpi/mpi_x86_asm.c
new file mode 100644
index 000000000..b8a224f14
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mpi_x86_asm.c
@@ -0,0 +1,368 @@
+/*
+ *  mpi_x86.c - MSVC inline assembly implementation of s_mpv_ functions.
+ * 
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Benjamin Smedberg <benjamin@smedbergs.us>
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "mpi-priv.h"
+
+/*
+ *   ebp - 36:	caller's esi
+ *   ebp - 32:	caller's edi
+ *   ebp - 28:	
+ *   ebp - 24:	
+ *   ebp - 20:	
+ *   ebp - 16:	
+ *   ebp - 12:	
+ *   ebp - 8:	
+ *   ebp - 4:	
+ *   ebp + 0:	caller's ebp
+ *   ebp + 4:	return address
+ *   ebp + 8:	a	argument
+ *   ebp + 12:	a_len	argument
+ *   ebp + 16:	b	argument
+ *   ebp + 20:	c	argument
+ *   registers:
+ *  	eax:
+ * 	ebx:	carry
+ * 	ecx:	a_len
+ * 	edx:
+ * 	esi:	a ptr
+ * 	edi:	c ptr
+ */
+__declspec(naked) void
+s_mpv_mul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+{
+  __asm {
+    push   ebp
+    mov    ebp,esp
+    sub    esp,28
+    push   edi
+    push   esi
+    push   ebx
+    mov    ebx,0		; carry = 0
+    mov    ecx,[ebp+12]		; ecx = a_len
+    mov    edi,[ebp+20]
+    cmp    ecx,0
+    je     L_2			; jmp if a_len == 0
+    mov    esi,[ebp+8]		; esi = a
+    cld
+L_1:
+    lodsd			; eax = [ds:esi]; esi += 4
+    mov    edx,[ebp+16]		; edx = b
+    mul    edx			; edx:eax = Phi:Plo = a_i * b
+
+    add    eax,ebx		; add carry (ebx) to edx:eax
+    adc    edx,0
+    mov    ebx,edx		; high half of product becomes next carry
+
+    stosd			; [es:edi] = ax; edi += 4;
+    dec    ecx			; --a_len
+    jnz    L_1			; jmp if a_len != 0
+L_2:
+    mov    [edi],ebx		; *c = carry
+    pop    ebx
+    pop    esi
+    pop    edi
+    leave  
+    ret    
+    nop
+  }
+}
+
+/*
+ *   ebp - 36:	caller's esi
+ *   ebp - 32:	caller's edi
+ *   ebp - 28:	
+ *   ebp - 24:	
+ *   ebp - 20:	
+ *   ebp - 16:	
+ *   ebp - 12:	
+ *   ebp - 8:	
+ *   ebp - 4:	
+ *   ebp + 0:	caller's ebp
+ *   ebp + 4:	return address
+ *   ebp + 8:	a	argument
+ *   ebp + 12:	a_len	argument
+ *   ebp + 16:	b	argument
+ *   ebp + 20:	c	argument
+ *   registers:
+ *  	eax:
+ * 	ebx:	carry
+ * 	ecx:	a_len
+ * 	edx:
+ * 	esi:	a ptr
+ * 	edi:	c ptr
+ */
+__declspec(naked) void
+s_mpv_mul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+{
+  __asm {
+    push   ebp
+    mov    ebp,esp
+    sub    esp,28
+    push   edi
+    push   esi
+    push   ebx
+    mov    ebx,0		; carry = 0
+    mov    ecx,[ebp+12]		; ecx = a_len
+    mov    edi,[ebp+20]
+    cmp    ecx,0
+    je     L_4			; jmp if a_len == 0
+    mov    esi,[ebp+8]		; esi = a
+    cld
+L_3:
+    lodsd			; eax = [ds:esi]; esi += 4
+    mov    edx,[ebp+16]		; edx = b
+    mul    edx			; edx:eax = Phi:Plo = a_i * b
+
+    add    eax,ebx		; add carry (ebx) to edx:eax
+    adc    edx,0
+    mov    ebx,[edi]		; add in current word from *c
+    add    eax,ebx		
+    adc    edx,0
+    mov    ebx,edx		; high half of product becomes next carry
+
+    stosd			; [es:edi] = ax; edi += 4;
+    dec    ecx			; --a_len
+    jnz    L_3			; jmp if a_len != 0
+L_4:
+    mov    [edi],ebx		; *c = carry
+    pop    ebx
+    pop    esi
+    pop    edi
+    leave  
+    ret    
+    nop
+  }
+}
+
+/*
+ *   ebp - 36:	caller's esi
+ *   ebp - 32:	caller's edi
+ *   ebp - 28:	
+ *   ebp - 24:	
+ *   ebp - 20:	
+ *   ebp - 16:	
+ *   ebp - 12:	
+ *   ebp - 8:	
+ *   ebp - 4:	
+ *   ebp + 0:	caller's ebp
+ *   ebp + 4:	return address
+ *   ebp + 8:	a	argument
+ *   ebp + 12:	a_len	argument
+ *   ebp + 16:	b	argument
+ *   ebp + 20:	c	argument
+ *   registers:
+ *  	eax:
+ * 	ebx:	carry
+ * 	ecx:	a_len
+ * 	edx:
+ * 	esi:	a ptr
+ * 	edi:	c ptr
+ */
+__declspec(naked) void
+s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+{
+  __asm {
+    push   ebp
+    mov    ebp,esp
+    sub    esp,28
+    push   edi
+    push   esi
+    push   ebx
+    mov    ebx,0		; carry = 0
+    mov    ecx,[ebp+12]		; ecx = a_len
+    mov    edi,[ebp+20]
+    cmp    ecx,0
+    je     L_6			; jmp if a_len == 0
+    cld
+    mov    esi,[ebp+8]		; esi = a
+L_5:
+    lodsd			; eax = [ds:esi]; esi += 4
+    mov    edx,[ebp+16]		; edx = b
+    mul    edx			; edx:eax = Phi:Plo = a_i * b
+
+    add    eax,ebx		; add carry (ebx) to edx:eax
+    adc    edx,0
+    mov    ebx,[edi]		; add in current word from *c
+    add    eax,ebx		
+    adc    edx,0
+    mov    ebx,edx		; high half of product becomes next carry
+
+    stosd			; [es:edi] = ax; edi += 4;
+    dec    ecx			; --a_len
+    jnz    L_5			; jmp if a_len != 0
+L_6:
+    cmp    ebx,0		; is carry zero?
+    jz     L_8
+    mov    eax,[edi]		; add in current word from *c
+    add    eax,ebx
+    stosd			; [es:edi] = ax; edi += 4;
+    jnc    L_8
+L_7:
+    mov    eax,[edi]		; add in current word from *c
+    adc    eax,0
+    stosd			; [es:edi] = ax; edi += 4;
+    jc     L_7
+L_8:
+    pop    ebx
+    pop    esi
+    pop    edi
+    leave  
+    ret    
+    nop
+  }
+}
+
+/*
+ *   ebp - 20:	caller's esi
+ *   ebp - 16:	caller's edi
+ *   ebp - 12:	
+ *   ebp - 8:	carry
+ *   ebp - 4:	a_len	local
+ *   ebp + 0:	caller's ebp
+ *   ebp + 4:	return address
+ *   ebp + 8:	pa	argument
+ *   ebp + 12:	a_len	argument
+ *   ebp + 16:	ps	argument
+ *   ebp + 20:	
+ *   registers:
+ *  	eax:
+ * 	ebx:	carry
+ * 	ecx:	a_len
+ * 	edx:
+ * 	esi:	a ptr
+ * 	edi:	c ptr
+ */
+__declspec(naked) void
+s_mpv_sqr_add_prop(const mp_digit *a, mp_size a_len, mp_digit *sqrs)
+{
+  __asm {
+     push   ebp
+     mov    ebp,esp
+     sub    esp,12
+     push   edi
+     push   esi
+     push   ebx
+     mov    ebx,0		; carry = 0
+     mov    ecx,[ebp+12]	; a_len
+     mov    edi,[ebp+16]	; edi = ps
+     cmp    ecx,0
+     je     L_11		; jump if a_len == 0
+     cld
+     mov    esi,[ebp+8]		; esi = pa
+L_10:
+     lodsd			; eax = [ds:si]; si += 4;
+     mul    eax
+
+     add    eax,ebx		; add "carry"
+     adc    edx,0
+     mov    ebx,[edi]
+     add    eax,ebx		; add low word from result
+     mov    ebx,[edi+4]
+     stosd			; [es:di] = eax; di += 4;
+     adc    edx,ebx		; add high word from result
+     mov    ebx,0
+     mov    eax,edx
+     adc    ebx,0
+     stosd			; [es:di] = eax; di += 4;
+     dec    ecx			; --a_len
+     jnz    L_10		; jmp if a_len != 0
+L_11:
+    cmp    ebx,0		; is carry zero?
+    jz     L_14
+    mov    eax,[edi]		; add in current word from *c
+    add    eax,ebx
+    stosd			; [es:edi] = ax; edi += 4;
+    jnc    L_14
+L_12:
+    mov    eax,[edi]		; add in current word from *c
+    adc    eax,0
+    stosd			; [es:edi] = ax; edi += 4;
+    jc     L_12
+L_14:
+    pop    ebx
+    pop    esi
+    pop    edi
+    leave  
+    ret    
+    nop
+  }
+}
+
+/* 
+ *  Divide 64-bit (Nhi,Nlo) by 32-bit divisor, which must be normalized
+ *  so its high bit is 1.   This code is from NSPR.
+ *
+ *  Dump of assembler code for function s_mpv_div_2dx1d:
+ *  
+ *   esp +  0:   Caller's ebx
+ *   esp +  4:	return address
+ *   esp +  8:	Nhi	argument
+ *   esp + 12:	Nlo	argument
+ *   esp + 16:	divisor	argument
+ *   esp + 20:	qp	argument
+ *   esp + 24:   rp	argument
+ *   registers:
+ *  	eax:
+ * 	ebx:	carry
+ * 	ecx:	a_len
+ * 	edx:
+ * 	esi:	a ptr
+ * 	edi:	c ptr
+ */  
+__declspec(naked) mp_err
+s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo, mp_digit divisor,
+		mp_digit *qp, mp_digit *rp)
+{
+  __asm {
+       push   ebx
+       mov    edx,[esp+8]
+       mov    eax,[esp+12]
+       mov    ebx,[esp+16]
+       div    ebx
+       mov    ebx,[esp+20]
+       mov    [ebx],eax
+       mov    ebx,[esp+24]
+       mov    [ebx],edx
+       xor    eax,eax		; return zero
+       pop    ebx
+       ret    
+       nop
+  }
+}
diff --git a/security/nss/lib/freebl/mpi/mplogic.c b/security/nss/lib/freebl/mpi/mplogic.c
new file mode 100644
index 000000000..3d9973714
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mplogic.c
@@ -0,0 +1,465 @@
+/*
+ *  mplogic.c
+ *
+ *  Bitwise logical operations on MPI values
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include "mpi-priv.h"
+#include "mplogic.h"
+
+/* {{{ Lookup table for population count */
+
+static unsigned char bitc[] = {
+   0, 1, 1, 2, 1, 2, 2, 3, 1, 2, 2, 3, 2, 3, 3, 4, 
+   1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5, 
+   1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5, 
+   2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 
+   1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5, 
+   2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 
+   2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 
+   3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7, 
+   1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5, 
+   2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 
+   2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 
+   3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7, 
+   2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 
+   3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7, 
+   3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7, 
+   4, 5, 5, 6, 5, 6, 6, 7, 5, 6, 6, 7, 6, 7, 7, 8
+};
+
+/* }}} */
+
+/*------------------------------------------------------------------------*/
+/*
+  mpl_not(a, b)    - compute b = ~a
+  mpl_and(a, b, c) - compute c = a & b
+  mpl_or(a, b, c)  - compute c = a | b
+  mpl_xor(a, b, c) - compute c = a ^ b
+ */
+
+/* {{{ mpl_not(a, b) */
+
+mp_err mpl_not(mp_int *a, mp_int *b)
+{
+  mp_err   res;
+  unsigned int      ix;
+
+  ARGCHK(a != NULL && b != NULL, MP_BADARG);
+
+  if((res = mp_copy(a, b)) != MP_OKAY)
+    return res;
+
+  /* This relies on the fact that the digit type is unsigned */
+  for(ix = 0; ix < USED(b); ix++) 
+    DIGIT(b, ix) = ~DIGIT(b, ix);
+
+  s_mp_clamp(b);
+
+  return MP_OKAY;
+
+} /* end mpl_not() */
+
+/* }}} */
+
+/* {{{ mpl_and(a, b, c) */
+
+mp_err mpl_and(mp_int *a, mp_int *b, mp_int *c)
+{
+  mp_int  *which, *other;
+  mp_err   res;
+  unsigned int      ix;
+
+  ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+
+  if(USED(a) <= USED(b)) {
+    which = a;
+    other = b;
+  } else {
+    which = b;
+    other = a;
+  }
+
+  if((res = mp_copy(which, c)) != MP_OKAY)
+    return res;
+
+  for(ix = 0; ix < USED(which); ix++)
+    DIGIT(c, ix) &= DIGIT(other, ix);
+
+  s_mp_clamp(c);
+
+  return MP_OKAY;
+
+} /* end mpl_and() */
+
+/* }}} */
+
+/* {{{ mpl_or(a, b, c) */
+
+mp_err mpl_or(mp_int *a, mp_int *b, mp_int *c)
+{
+  mp_int  *which, *other;
+  mp_err   res;
+  unsigned int      ix;
+
+  ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+
+  if(USED(a) >= USED(b)) {
+    which = a;
+    other = b;
+  } else {
+    which = b;
+    other = a;
+  }
+
+  if((res = mp_copy(which, c)) != MP_OKAY)
+    return res;
+
+  for(ix = 0; ix < USED(which); ix++)
+    DIGIT(c, ix) |= DIGIT(other, ix);
+
+  return MP_OKAY;
+
+} /* end mpl_or() */
+
+/* }}} */
+
+/* {{{ mpl_xor(a, b, c) */
+
+mp_err mpl_xor(mp_int *a, mp_int *b, mp_int *c)
+{
+  mp_int  *which, *other;
+  mp_err   res;
+  unsigned int      ix;
+
+  ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+
+  if(USED(a) >= USED(b)) {
+    which = a;
+    other = b;
+  } else {
+    which = b;
+    other = a;
+  }
+
+  if((res = mp_copy(which, c)) != MP_OKAY)
+    return res;
+
+  for(ix = 0; ix < USED(which); ix++)
+    DIGIT(c, ix) ^= DIGIT(other, ix);
+
+  s_mp_clamp(c);
+
+  return MP_OKAY;
+
+} /* end mpl_xor() */
+
+/* }}} */
+
+/*------------------------------------------------------------------------*/
+/*
+  mpl_rsh(a, b, d)     - b = a >> d
+  mpl_lsh(a, b, d)     - b = a << d
+ */
+
+/* {{{ mpl_rsh(a, b, d) */
+
+mp_err mpl_rsh(const mp_int *a, mp_int *b, mp_digit d)
+{
+  mp_err   res;
+
+  ARGCHK(a != NULL && b != NULL, MP_BADARG);
+
+  if((res = mp_copy(a, b)) != MP_OKAY)
+    return res;
+
+  s_mp_div_2d(b, d);
+
+  return MP_OKAY;
+
+} /* end mpl_rsh() */
+
+/* }}} */
+
+/* {{{ mpl_lsh(a, b, d) */
+
+mp_err mpl_lsh(const mp_int *a, mp_int *b, mp_digit d)
+{
+  mp_err   res;
+
+  ARGCHK(a != NULL && b != NULL, MP_BADARG);
+
+  if((res = mp_copy(a, b)) != MP_OKAY)
+    return res;
+
+  return s_mp_mul_2d(b, d);
+
+} /* end mpl_lsh() */
+
+/* }}} */
+
+/*------------------------------------------------------------------------*/
+/*
+  mpl_num_set(a, num)
+
+  Count the number of set bits in the binary representation of a.
+  Returns MP_OKAY and sets 'num' to be the number of such bits, if
+  possible.  If num is NULL, the result is thrown away, but it is
+  not considered an error.
+
+  mpl_num_clear() does basically the same thing for clear bits.
+ */
+
+/* {{{ mpl_num_set(a, num) */
+
+mp_err mpl_num_set(mp_int *a, int *num)
+{
+  unsigned int   ix;
+  int            db, nset = 0;
+  mp_digit       cur;
+  unsigned char  reg;
+
+  ARGCHK(a != NULL, MP_BADARG);
+
+  for(ix = 0; ix < USED(a); ix++) {
+    cur = DIGIT(a, ix);
+    
+    for(db = 0; db < sizeof(mp_digit); db++) {
+      reg = (unsigned char)(cur >> (CHAR_BIT * db));
+
+      nset += bitc[reg];
+    }
+  }
+
+  if(num)
+    *num = nset;
+
+  return MP_OKAY;
+
+} /* end mpl_num_set() */
+
+/* }}} */
+
+/* {{{ mpl_num_clear(a, num) */
+
+mp_err mpl_num_clear(mp_int *a, int *num)
+{
+  unsigned int   ix;
+  int            db, nset = 0;
+  mp_digit       cur;
+  unsigned char  reg;
+
+  ARGCHK(a != NULL, MP_BADARG);
+
+  for(ix = 0; ix < USED(a); ix++) {
+    cur = DIGIT(a, ix);
+    
+    for(db = 0; db < sizeof(mp_digit); db++) {
+      reg = (unsigned char)(cur >> (CHAR_BIT * db));
+
+      nset += bitc[UCHAR_MAX - reg];
+    }
+  }
+
+  if(num)
+    *num = nset;
+
+  return MP_OKAY;
+
+
+} /* end mpl_num_clear() */
+
+/* }}} */
+
+/*------------------------------------------------------------------------*/
+/*
+  mpl_parity(a)
+
+  Determines the bitwise parity of the value given.  Returns MP_EVEN
+  if an even number of digits are set, MP_ODD if an odd number are
+  set.
+ */
+
+/* {{{ mpl_parity(a) */
+
+mp_err mpl_parity(mp_int *a)
+{
+  unsigned int ix;
+  int      par = 0;
+  mp_digit cur;
+
+  ARGCHK(a != NULL, MP_BADARG);
+
+  for(ix = 0; ix < USED(a); ix++) {
+    int   shft = (sizeof(mp_digit) * CHAR_BIT) / 2;
+
+    cur = DIGIT(a, ix);
+
+    /* Compute parity for current digit */
+    while(shft != 0) {
+      cur ^= (cur >> shft);
+      shft >>= 1;
+    }
+    cur &= 1;
+
+    /* XOR with running parity so far   */
+    par ^= cur;
+  }
+
+  if(par)
+    return MP_ODD;
+  else
+    return MP_EVEN;
+
+} /* end mpl_parity() */
+
+/* }}} */
+
+/*
+  mpl_set_bit
+
+  Returns MP_OKAY or some error code.
+  Grows a if needed to set a bit to 1.
+ */
+mp_err mpl_set_bit(mp_int *a, mp_size bitNum, mp_size value)
+{
+  mp_size      ix;
+  mp_err       rv;
+  mp_digit     mask;
+
+  ARGCHK(a != NULL, MP_BADARG);
+
+  ix = bitNum / MP_DIGIT_BIT;
+  if (ix + 1 > MP_USED(a)) {
+    rv = s_mp_pad(a, ix + 1);
+    if (rv != MP_OKAY)
+      return rv;
+  }
+
+  bitNum = bitNum % MP_DIGIT_BIT;
+  mask = (mp_digit)1 << bitNum;
+  if (value)
+    MP_DIGIT(a,ix) |= mask;
+  else
+    MP_DIGIT(a,ix) &= ~mask;
+  s_mp_clamp(a);
+  return MP_OKAY;
+}
+
+/*
+  mpl_get_bit
+
+  returns 0 or 1 or some (negative) error code.
+ */
+mp_err mpl_get_bit(const mp_int *a, mp_size bitNum)
+{
+  mp_size      bit, ix;
+  mp_err       rv;
+
+  ARGCHK(a != NULL, MP_BADARG);
+
+  ix = bitNum / MP_DIGIT_BIT;
+  ARGCHK(ix <= MP_USED(a) - 1, MP_RANGE);
+
+  bit   = bitNum % MP_DIGIT_BIT;
+  rv = (mp_err)(MP_DIGIT(a, ix) >> bit) & 1;
+  return rv;
+}
+
+/*
+  mpl_get_bits
+  - Extracts numBits bits from a, where the least significant extracted bit
+  is bit lsbNum.  Returns a negative value if error occurs.
+  - Because sign bit is used to indicate error, maximum number of bits to 
+  be returned is the lesser of (a) the number of bits in an mp_digit, or
+  (b) one less than the number of bits in an mp_err.
+  - lsbNum + numbits can be greater than the number of significant bits in
+  integer a, as long as bit lsbNum is in the high order digit of a.
+ */
+mp_err mpl_get_bits(const mp_int *a, mp_size lsbNum, mp_size numBits) 
+{
+  mp_size    rshift = (lsbNum % MP_DIGIT_BIT);
+  mp_size    lsWndx = (lsbNum / MP_DIGIT_BIT);
+  mp_digit * digit  = MP_DIGITS(a) + lsWndx;
+  mp_digit   mask   = ((1 << numBits) - 1);
+
+  ARGCHK(numBits < CHAR_BIT * sizeof mask, MP_BADARG);
+  ARGCHK(MP_HOWMANY(lsbNum, MP_DIGIT_BIT) <= MP_USED(a), MP_RANGE);
+
+  if ((numBits + lsbNum % MP_DIGIT_BIT <= MP_DIGIT_BIT) ||
+      (lsWndx + 1 >= MP_USED(a))) {
+    mask &= (digit[0] >> rshift);
+  } else {
+    mask &= ((digit[0] >> rshift) | (digit[1] << (MP_DIGIT_BIT - rshift)));
+  }
+  return (mp_err)mask;
+}
+
+/*
+  mpl_significant_bits
+  returns number of significnant bits in abs(a).
+  returns 1 if value is zero.
+ */
+mp_err mpl_significant_bits(const mp_int *a)
+{
+  mp_err bits 	= 0;
+  int    ix;
+
+  ARGCHK(a != NULL, MP_BADARG);
+
+  ix = MP_USED(a);
+  for (ix = MP_USED(a); ix > 0; ) {
+    mp_digit d;
+    d = MP_DIGIT(a, --ix);
+    if (d) {
+      while (d) {
+	++bits;
+	d >>= 1;
+      }
+      break;
+    }
+  }
+  bits += ix * MP_DIGIT_BIT;
+  if (!bits)
+    bits = 1;
+  return bits;
+}
+
+/*------------------------------------------------------------------------*/
+/* HERE THERE BE DRAGONS                                                  */
diff --git a/security/nss/lib/freebl/mpi/mplogic.h b/security/nss/lib/freebl/mpi/mplogic.h
new file mode 100644
index 000000000..e3bc924a2
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mplogic.h
@@ -0,0 +1,85 @@
+/*
+ *  mplogic.h
+ *
+ *  Bitwise logical operations on MPI values
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#ifndef _H_MPLOGIC_
+#define _H_MPLOGIC_
+
+#include "mpi.h"
+
+/*
+  The logical operations treat an mp_int as if it were a bit vector,
+  without regard to its sign (an mp_int is represented in a signed
+  magnitude format).  Values are treated as if they had an infinite
+  string of zeros left of the most-significant bit.
+ */
+
+/* Parity results                    */
+
+#define MP_EVEN       MP_YES
+#define MP_ODD        MP_NO
+
+/* Bitwise functions                 */
+
+mp_err mpl_not(mp_int *a, mp_int *b);            /* one's complement  */
+mp_err mpl_and(mp_int *a, mp_int *b, mp_int *c); /* bitwise AND       */
+mp_err mpl_or(mp_int *a, mp_int *b, mp_int *c);  /* bitwise OR        */
+mp_err mpl_xor(mp_int *a, mp_int *b, mp_int *c); /* bitwise XOR       */
+
+/* Shift functions                   */
+
+mp_err mpl_rsh(const mp_int *a, mp_int *b, mp_digit d);   /* right shift    */
+mp_err mpl_lsh(const mp_int *a, mp_int *b, mp_digit d);   /* left shift     */
+
+/* Bit count and parity              */
+
+mp_err mpl_num_set(mp_int *a, int *num);         /* count set bits    */
+mp_err mpl_num_clear(mp_int *a, int *num);       /* count clear bits  */
+mp_err mpl_parity(mp_int *a);                    /* determine parity  */
+
+/* Get & Set the value of a bit */
+
+mp_err mpl_set_bit(mp_int *a, mp_size bitNum, mp_size value);
+mp_err mpl_get_bit(const mp_int *a, mp_size bitNum);
+mp_err mpl_get_bits(const mp_int *a, mp_size lsbNum, mp_size numBits);
+mp_err mpl_significant_bits(const mp_int *a);
+
+#endif /* end _H_MPLOGIC_ */
diff --git a/security/nss/lib/freebl/mpi/mpmontg.c b/security/nss/lib/freebl/mpi/mpmontg.c
new file mode 100644
index 000000000..bea8009c2
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mpmontg.c
@@ -0,0 +1,1209 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Sheueling Chang Shantz <sheueling.chang@sun.com>,
+ *   Stephen Fung <stephen.fung@sun.com>, and
+ *   Douglas Stebila <douglas@stebila.ca> of Sun Laboratories.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+/* This file implements moduluar exponentiation using Montgomery's
+ * method for modular reduction.  This file implements the method
+ * described as "Improvement 1" in the paper "A Cryptogrpahic Library for
+ * the Motorola DSP56000" by Stephen R. Dusse' and Burton S. Kaliski Jr.
+ * published in "Advances in Cryptology: Proceedings of EUROCRYPT '90"
+ * "Lecture Notes in Computer Science" volume 473, 1991, pg 230-244,
+ * published by Springer Verlag.
+ */
+
+#define MP_USING_CACHE_SAFE_MOD_EXP 1 
+#include <string.h>
+#include "mpi-priv.h"
+#include "mplogic.h"
+#include "mpprime.h"
+#ifdef MP_USING_MONT_MULF
+#include "montmulf.h"
+#endif
+#include <stddef.h> /* ptrdiff_t */
+
+/* if MP_CHAR_STORE_SLOW is defined, we  */
+/* need to know endianness of this platform. */
+#ifdef MP_CHAR_STORE_SLOW
+#if !defined(MP_IS_BIG_ENDIAN) && !defined(MP_IS_LITTLE_ENDIAN)
+#error "You must define MP_IS_BIG_ENDIAN or MP_IS_LITTLE_ENDIAN\n" \
+       "  if you define MP_CHAR_STORE_SLOW."
+#endif
+#endif
+
+#define STATIC
+
+#define MAX_ODD_INTS    32   /* 2 ** (WINDOW_BITS - 1) */
+
+#if defined(_WIN32_WCE)
+#define ABORT  res = MP_UNDEF; goto CLEANUP
+#else
+#define ABORT abort()
+#endif
+
+/* computes T = REDC(T), 2^b == R */
+mp_err s_mp_redc(mp_int *T, mp_mont_modulus *mmm)
+{
+  mp_err res;
+  mp_size i;
+
+  i = MP_USED(T) + MP_USED(&mmm->N) + 2;
+  MP_CHECKOK( s_mp_pad(T, i) );
+  for (i = 0; i < MP_USED(&mmm->N); ++i ) {
+    mp_digit m_i = MP_DIGIT(T, i) * mmm->n0prime;
+    /* T += N * m_i * (MP_RADIX ** i); */
+    MP_CHECKOK( s_mp_mul_d_add_offset(&mmm->N, m_i, T, i) );
+  }
+  s_mp_clamp(T);
+
+  /* T /= R */
+  s_mp_div_2d(T, mmm->b); 
+
+  if ((res = s_mp_cmp(T, &mmm->N)) >= 0) {
+    /* T = T - N */
+    MP_CHECKOK( s_mp_sub(T, &mmm->N) );
+#ifdef DEBUG
+    if ((res = mp_cmp(T, &mmm->N)) >= 0) {
+      res = MP_UNDEF;
+      goto CLEANUP;
+    }
+#endif
+  }
+  res = MP_OKAY;
+CLEANUP:
+  return res;
+}
+
+#if !defined(MP_ASSEMBLY_MUL_MONT) && !defined(MP_MONT_USE_MP_MUL)
+mp_err s_mp_mul_mont(const mp_int *a, const mp_int *b, mp_int *c, 
+	           mp_mont_modulus *mmm)
+{
+  mp_digit *pb;
+  mp_digit m_i;
+  mp_err   res;
+  mp_size  ib;
+  mp_size  useda, usedb;
+
+  ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+
+  if (MP_USED(a) < MP_USED(b)) {
+    const mp_int *xch = b;	/* switch a and b, to do fewer outer loops */
+    b = a;
+    a = xch;
+  }
+
+  MP_USED(c) = 1; MP_DIGIT(c, 0) = 0;
+  ib = MP_USED(a) + MP_MAX(MP_USED(b), MP_USED(&mmm->N)) + 2;
+  if((res = s_mp_pad(c, ib)) != MP_OKAY)
+    goto CLEANUP;
+
+  useda = MP_USED(a);
+  pb = MP_DIGITS(b);
+  s_mpv_mul_d(MP_DIGITS(a), useda, *pb++, MP_DIGITS(c));
+  s_mp_setz(MP_DIGITS(c) + useda + 1, ib - (useda + 1));
+  m_i = MP_DIGIT(c, 0) * mmm->n0prime;
+  s_mp_mul_d_add_offset(&mmm->N, m_i, c, 0);
+
+  /* Outer loop:  Digits of b */
+  usedb = MP_USED(b);
+  for (ib = 1; ib < usedb; ib++) {
+    mp_digit b_i    = *pb++;
+
+    /* Inner product:  Digits of a */
+    if (b_i)
+      s_mpv_mul_d_add_prop(MP_DIGITS(a), useda, b_i, MP_DIGITS(c) + ib);
+    m_i = MP_DIGIT(c, ib) * mmm->n0prime;
+    s_mp_mul_d_add_offset(&mmm->N, m_i, c, ib);
+  }
+  if (usedb < MP_USED(&mmm->N)) {
+    for (usedb = MP_USED(&mmm->N); ib < usedb; ++ib ) {
+      m_i = MP_DIGIT(c, ib) * mmm->n0prime;
+      s_mp_mul_d_add_offset(&mmm->N, m_i, c, ib);
+    }
+  }
+  s_mp_clamp(c);
+  s_mp_div_2d(c, mmm->b); 
+  if (s_mp_cmp(c, &mmm->N) >= 0) {
+    MP_CHECKOK( s_mp_sub(c, &mmm->N) );
+  }
+  res = MP_OKAY;
+
+CLEANUP:
+  return res;
+}
+#endif
+
+STATIC
+mp_err s_mp_to_mont(const mp_int *x, mp_mont_modulus *mmm, mp_int *xMont)
+{
+  mp_err res;
+
+  /* xMont = x * R mod N   where  N is modulus */
+  MP_CHECKOK( mpl_lsh(x, xMont, mmm->b) );  		/* xMont = x << b */
+  MP_CHECKOK( mp_div(xMont, &mmm->N, 0, xMont) );	/*         mod N */
+CLEANUP:
+  return res;
+}
+
+#ifdef MP_USING_MONT_MULF
+
+/* the floating point multiply is already cache safe,
+ * don't turn on cache safe unless we specifically
+ * force it */
+#ifndef MP_FORCE_CACHE_SAFE
+#undef MP_USING_CACHE_SAFE_MOD_EXP
+#endif
+
+unsigned int mp_using_mont_mulf = 1;
+
+/* computes montgomery square of the integer in mResult */
+#define SQR \
+  conv_i32_to_d32_and_d16(dm1, d16Tmp, mResult, nLen); \
+  mont_mulf_noconv(mResult, dm1, d16Tmp, \
+		   dTmp, dn, MP_DIGITS(modulus), nLen, dn0)
+
+/* computes montgomery product of x and the integer in mResult */
+#define MUL(x) \
+  conv_i32_to_d32(dm1, mResult, nLen); \
+  mont_mulf_noconv(mResult, dm1, oddPowers[x], \
+		   dTmp, dn, MP_DIGITS(modulus), nLen, dn0)
+
+/* Do modular exponentiation using floating point multiply code. */
+mp_err mp_exptmod_f(const mp_int *   montBase, 
+                    const mp_int *   exponent, 
+		    const mp_int *   modulus, 
+		    mp_int *         result, 
+		    mp_mont_modulus *mmm, 
+		    int              nLen, 
+		    mp_size          bits_in_exponent, 
+		    mp_size          window_bits,
+		    mp_size          odd_ints)
+{
+  mp_digit *mResult;
+  double   *dBuf = 0, *dm1, *dn, *dSqr, *d16Tmp, *dTmp;
+  double    dn0;
+  mp_size   i;
+  mp_err    res;
+  int       expOff;
+  int       dSize = 0, oddPowSize, dTmpSize;
+  mp_int    accum1;
+  double   *oddPowers[MAX_ODD_INTS];
+
+  /* function for computing n0prime only works if n0 is odd */
+
+  MP_DIGITS(&accum1) = 0;
+
+  for (i = 0; i < MAX_ODD_INTS; ++i)
+    oddPowers[i] = 0;
+
+  MP_CHECKOK( mp_init_size(&accum1, 3 * nLen + 2) );
+
+  mp_set(&accum1, 1);
+  MP_CHECKOK( s_mp_to_mont(&accum1, mmm, &accum1) );
+  MP_CHECKOK( s_mp_pad(&accum1, nLen) );
+
+  oddPowSize = 2 * nLen + 1;
+  dTmpSize   = 2 * oddPowSize;
+  dSize = sizeof(double) * (nLen * 4 + 1 + 
+			    ((odd_ints + 1) * oddPowSize) + dTmpSize);
+  dBuf   = (double *)malloc(dSize);
+  dm1    = dBuf;		/* array of d32 */
+  dn     = dBuf   + nLen;	/* array of d32 */
+  dSqr   = dn     + nLen;    	/* array of d32 */
+  d16Tmp = dSqr   + nLen;	/* array of d16 */
+  dTmp   = d16Tmp + oddPowSize;
+
+  for (i = 0; i < odd_ints; ++i) {
+      oddPowers[i] = dTmp;
+      dTmp += oddPowSize;
+  }
+  mResult = (mp_digit *)(dTmp + dTmpSize);	/* size is nLen + 1 */
+
+  /* Make dn and dn0 */
+  conv_i32_to_d32(dn, MP_DIGITS(modulus), nLen);
+  dn0 = (double)(mmm->n0prime & 0xffff);
+
+  /* Make dSqr */
+  conv_i32_to_d32_and_d16(dm1, oddPowers[0], MP_DIGITS(montBase), nLen);
+  mont_mulf_noconv(mResult, dm1, oddPowers[0], 
+		   dTmp, dn, MP_DIGITS(modulus), nLen, dn0);
+  conv_i32_to_d32(dSqr, mResult, nLen);
+
+  for (i = 1; i < odd_ints; ++i) {
+    mont_mulf_noconv(mResult, dSqr, oddPowers[i - 1], 
+		     dTmp, dn, MP_DIGITS(modulus), nLen, dn0);
+    conv_i32_to_d16(oddPowers[i], mResult, nLen);
+  }
+
+  s_mp_copy(MP_DIGITS(&accum1), mResult, nLen); /* from, to, len */
+
+  for (expOff = bits_in_exponent - window_bits; expOff >= 0; expOff -= window_bits) {
+    mp_size smallExp;
+    MP_CHECKOK( mpl_get_bits(exponent, expOff, window_bits) );
+    smallExp = (mp_size)res;
+
+    if (window_bits == 1) {
+      if (!smallExp) {
+	SQR;
+      } else if (smallExp & 1) {
+	SQR; MUL(0); 
+      } else {
+	ABORT;
+      }
+    } else if (window_bits == 4) {
+      if (!smallExp) {
+	SQR; SQR; SQR; SQR;
+      } else if (smallExp & 1) {
+	SQR; SQR; SQR; SQR; MUL(smallExp/2); 
+      } else if (smallExp & 2) {
+	SQR; SQR; SQR; MUL(smallExp/4); SQR; 
+      } else if (smallExp & 4) {
+	SQR; SQR; MUL(smallExp/8); SQR; SQR; 
+      } else if (smallExp & 8) {
+	SQR; MUL(smallExp/16); SQR; SQR; SQR; 
+      } else {
+	ABORT;
+      }
+    } else if (window_bits == 5) {
+      if (!smallExp) {
+	SQR; SQR; SQR; SQR; SQR; 
+      } else if (smallExp & 1) {
+	SQR; SQR; SQR; SQR; SQR; MUL(smallExp/2);
+      } else if (smallExp & 2) {
+	SQR; SQR; SQR; SQR; MUL(smallExp/4); SQR;
+      } else if (smallExp & 4) {
+	SQR; SQR; SQR; MUL(smallExp/8); SQR; SQR;
+      } else if (smallExp & 8) {
+	SQR; SQR; MUL(smallExp/16); SQR; SQR; SQR;
+      } else if (smallExp & 0x10) {
+	SQR; MUL(smallExp/32); SQR; SQR; SQR; SQR;
+      } else {
+	ABORT;
+      }
+    } else if (window_bits == 6) {
+      if (!smallExp) {
+	SQR; SQR; SQR; SQR; SQR; SQR;
+      } else if (smallExp & 1) {
+	SQR; SQR; SQR; SQR; SQR; SQR; MUL(smallExp/2); 
+      } else if (smallExp & 2) {
+	SQR; SQR; SQR; SQR; SQR; MUL(smallExp/4); SQR; 
+      } else if (smallExp & 4) {
+	SQR; SQR; SQR; SQR; MUL(smallExp/8); SQR; SQR; 
+      } else if (smallExp & 8) {
+	SQR; SQR; SQR; MUL(smallExp/16); SQR; SQR; SQR; 
+      } else if (smallExp & 0x10) {
+	SQR; SQR; MUL(smallExp/32); SQR; SQR; SQR; SQR; 
+      } else if (smallExp & 0x20) {
+	SQR; MUL(smallExp/64); SQR; SQR; SQR; SQR; SQR; 
+      } else {
+	ABORT;
+      }
+    } else {
+      ABORT;
+    }
+  }
+
+  s_mp_copy(mResult, MP_DIGITS(&accum1), nLen); /* from, to, len */
+
+  res = s_mp_redc(&accum1, mmm);
+  mp_exch(&accum1, result);
+
+CLEANUP:
+  mp_clear(&accum1);
+  if (dBuf) {
+    if (dSize)
+      memset(dBuf, 0, dSize);
+    free(dBuf);
+  }
+
+  return res;
+}
+#undef SQR
+#undef MUL
+#endif
+
+#define SQR(a,b) \
+  MP_CHECKOK( mp_sqr(a, b) );\
+  MP_CHECKOK( s_mp_redc(b, mmm) )
+
+#if defined(MP_MONT_USE_MP_MUL)
+#define MUL(x,a,b) \
+  MP_CHECKOK( mp_mul(a, oddPowers + (x), b) ); \
+  MP_CHECKOK( s_mp_redc(b, mmm) ) 
+#else
+#define MUL(x,a,b) \
+  MP_CHECKOK( s_mp_mul_mont(a, oddPowers + (x), b, mmm) )
+#endif
+
+#define SWAPPA ptmp = pa1; pa1 = pa2; pa2 = ptmp
+
+/* Do modular exponentiation using integer multiply code. */
+mp_err mp_exptmod_i(const mp_int *   montBase, 
+                    const mp_int *   exponent, 
+		    const mp_int *   modulus, 
+		    mp_int *         result, 
+		    mp_mont_modulus *mmm, 
+		    int              nLen, 
+		    mp_size          bits_in_exponent, 
+		    mp_size          window_bits,
+		    mp_size          odd_ints)
+{
+  mp_int *pa1, *pa2, *ptmp;
+  mp_size i;
+  mp_err  res;
+  int     expOff;
+  mp_int  accum1, accum2, power2, oddPowers[MAX_ODD_INTS];
+
+  /* power2 = base ** 2; oddPowers[i] = base ** (2*i + 1); */
+  /* oddPowers[i] = base ** (2*i + 1); */
+
+  MP_DIGITS(&accum1) = 0;
+  MP_DIGITS(&accum2) = 0;
+  MP_DIGITS(&power2) = 0;
+  for (i = 0; i < MAX_ODD_INTS; ++i) {
+    MP_DIGITS(oddPowers + i) = 0;
+  }
+
+  MP_CHECKOK( mp_init_size(&accum1, 3 * nLen + 2) );
+  MP_CHECKOK( mp_init_size(&accum2, 3 * nLen + 2) );
+
+  MP_CHECKOK( mp_init_copy(&oddPowers[0], montBase) );
+
+  mp_init_size(&power2, nLen + 2 * MP_USED(montBase) + 2);
+  MP_CHECKOK( mp_sqr(montBase, &power2) );	/* power2 = montBase ** 2 */
+  MP_CHECKOK( s_mp_redc(&power2, mmm) );
+
+  for (i = 1; i < odd_ints; ++i) {
+    mp_init_size(oddPowers + i, nLen + 2 * MP_USED(&power2) + 2);
+    MP_CHECKOK( mp_mul(oddPowers + (i - 1), &power2, oddPowers + i) );
+    MP_CHECKOK( s_mp_redc(oddPowers + i, mmm) );
+  }
+
+  /* set accumulator to montgomery residue of 1 */
+  mp_set(&accum1, 1);
+  MP_CHECKOK( s_mp_to_mont(&accum1, mmm, &accum1) );
+  pa1 = &accum1;
+  pa2 = &accum2;
+
+  for (expOff = bits_in_exponent - window_bits; expOff >= 0; expOff -= window_bits) {
+    mp_size smallExp;
+    MP_CHECKOK( mpl_get_bits(exponent, expOff, window_bits) );
+    smallExp = (mp_size)res;
+
+    if (window_bits == 1) {
+      if (!smallExp) {
+	SQR(pa1,pa2); SWAPPA;
+      } else if (smallExp & 1) {
+	SQR(pa1,pa2); MUL(0,pa2,pa1);
+      } else {
+	ABORT;
+      }
+    } else if (window_bits == 4) {
+      if (!smallExp) {
+	SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
+      } else if (smallExp & 1) {
+	SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); 
+	MUL(smallExp/2, pa1,pa2); SWAPPA;
+      } else if (smallExp & 2) {
+	SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); 
+	MUL(smallExp/4,pa2,pa1); SQR(pa1,pa2); SWAPPA;
+      } else if (smallExp & 4) {
+	SQR(pa1,pa2); SQR(pa2,pa1); MUL(smallExp/8,pa1,pa2); 
+	SQR(pa2,pa1); SQR(pa1,pa2); SWAPPA;
+      } else if (smallExp & 8) {
+	SQR(pa1,pa2); MUL(smallExp/16,pa2,pa1); SQR(pa1,pa2); 
+	SQR(pa2,pa1); SQR(pa1,pa2); SWAPPA;
+      } else {
+	ABORT;
+      }
+    } else if (window_bits == 5) {
+      if (!smallExp) {
+	SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); 
+	SQR(pa1,pa2); SWAPPA;
+      } else if (smallExp & 1) {
+	SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); 
+	SQR(pa1,pa2); MUL(smallExp/2,pa2,pa1);
+      } else if (smallExp & 2) {
+	SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); 
+	MUL(smallExp/4,pa1,pa2); SQR(pa2,pa1);
+      } else if (smallExp & 4) {
+	SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); 
+	MUL(smallExp/8,pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
+      } else if (smallExp & 8) {
+	SQR(pa1,pa2); SQR(pa2,pa1); MUL(smallExp/16,pa1,pa2); 
+	SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
+      } else if (smallExp & 0x10) {
+	SQR(pa1,pa2); MUL(smallExp/32,pa2,pa1); SQR(pa1,pa2); 
+	SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
+      } else {
+	ABORT;
+      }
+    } else if (window_bits == 6) {
+      if (!smallExp) {
+	SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); 
+	SQR(pa1,pa2); SQR(pa2,pa1);
+      } else if (smallExp & 1) {
+	SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); 
+	SQR(pa1,pa2); SQR(pa2,pa1); MUL(smallExp/2,pa1,pa2); SWAPPA;
+      } else if (smallExp & 2) {
+	SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); 
+	SQR(pa1,pa2); MUL(smallExp/4,pa2,pa1); SQR(pa1,pa2); SWAPPA;
+      } else if (smallExp & 4) {
+	SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); 
+	MUL(smallExp/8,pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SWAPPA;
+      } else if (smallExp & 8) {
+	SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); 
+	MUL(smallExp/16,pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); 
+	SQR(pa1,pa2); SWAPPA;
+      } else if (smallExp & 0x10) {
+	SQR(pa1,pa2); SQR(pa2,pa1); MUL(smallExp/32,pa1,pa2); 
+	SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SWAPPA;
+      } else if (smallExp & 0x20) {
+	SQR(pa1,pa2); MUL(smallExp/64,pa2,pa1); SQR(pa1,pa2); 
+	SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SWAPPA;
+      } else {
+	ABORT;
+      }
+    } else {
+      ABORT;
+    }
+  }
+
+  res = s_mp_redc(pa1, mmm);
+  mp_exch(pa1, result);
+
+CLEANUP:
+  mp_clear(&accum1);
+  mp_clear(&accum2);
+  mp_clear(&power2);
+  for (i = 0; i < odd_ints; ++i) {
+    mp_clear(oddPowers + i);
+  }
+  return res;
+}
+#undef SQR
+#undef MUL
+
+#ifdef MP_USING_CACHE_SAFE_MOD_EXP
+unsigned int mp_using_cache_safe_exp = 1;
+#endif
+
+mp_err mp_set_safe_modexp(int value) 
+{
+#ifdef MP_USING_CACHE_SAFE_MOD_EXP
+ mp_using_cache_safe_exp = value;
+ return MP_OKAY;
+#else
+ if (value == 0) {
+   return MP_OKAY;
+ }
+ return MP_BADARG;
+#endif
+}
+
+#ifdef MP_USING_CACHE_SAFE_MOD_EXP
+#define WEAVE_WORD_SIZE 4
+
+#ifndef MP_CHAR_STORE_SLOW
+/*
+ * mpi_to_weave takes an array of bignums, a matrix in which each bignum 
+ * occupies all the columns of a row, and transposes it into a matrix in 
+ * which each bignum occupies a column of every row.  The first row of the
+ * input matrix becomes the first column of the output matrix.  The n'th
+ * row of input becomes the n'th column of output.  The input data is said
+ * to be "interleaved" or "woven" into the output matrix.
+ *
+ * The array of bignums is left in this woven form.  Each time a single
+ * bignum value is needed, it is recreated by fetching the n'th column, 
+ * forming a single row which is the new bignum.
+ *
+ * The purpose of this interleaving is make it impossible to determine which
+ * of the bignums is being used in any one operation by examining the pattern
+ * of cache misses.
+ *
+ * The weaving function does not transpose the entire input matrix in one call.
+ * It transposes 4 rows of mp_ints into their respective columns of output.
+ *
+ * There are two different implementations of the weaving and unweaving code
+ * in this file.  One uses byte loads and stores.  The second uses loads and
+ * stores of mp_weave_word size values.  The weaved forms of these two 
+ * implementations differ.  Consequently, each one has its own explanation.
+ *
+ * Here is the explanation for the byte-at-a-time implementation.
+ *
+ * This implementation treats each mp_int bignum as an array of bytes, 
+ * rather than as an array of mp_digits.  It stores those bytes as a 
+ * column of bytes in the output matrix.  It doesn't care if the machine
+ * uses big-endian or little-endian byte ordering within mp_digits.
+ * The first byte of the mp_digit array becomes the first byte in the output
+ * column, regardless of whether that byte is the MSB or LSB of the mp_digit.
+ *
+ * "bignums" is an array of mp_ints.
+ * It points to four rows, four mp_ints, a subset of a larger array of mp_ints.
+ *
+ * "weaved" is the weaved output matrix. 
+ * The first byte of bignums[0] is stored in weaved[0].
+ * 
+ * "nBignums" is the total number of bignums in the array of which "bignums" 
+ * is a part.  
+ *
+ * "nDigits" is the size in mp_digits of each mp_int in the "bignums" array. 
+ * mp_ints that use less than nDigits digits are logically padded with zeros 
+ * while being stored in the weaved array.
+ */
+mp_err mpi_to_weave(const mp_int  *bignums, 
+                    unsigned char *weaved, 
+		    mp_size nDigits,  /* in each mp_int of input */
+		    mp_size nBignums) /* in the entire source array */
+{
+  mp_size i;
+  unsigned char * endDest = weaved + (nDigits * nBignums * sizeof(mp_digit));
+
+  for (i=0; i < WEAVE_WORD_SIZE; i++) {
+    mp_size used = MP_USED(&bignums[i]);
+    unsigned char *pSrc   = (unsigned char *)MP_DIGITS(&bignums[i]);
+    unsigned char *endSrc = pSrc + (used * sizeof(mp_digit));
+    unsigned char *pDest  = weaved + i;
+
+    ARGCHK(MP_SIGN(&bignums[i]) == MP_ZPOS, MP_BADARG);
+    ARGCHK(used <= nDigits, MP_BADARG);
+
+    for (; pSrc < endSrc; pSrc++) {
+      *pDest = *pSrc;
+      pDest += nBignums;
+    }
+    while (pDest < endDest) {
+      *pDest = 0;
+      pDest += nBignums;
+    }
+  }
+
+  return MP_OKAY;
+}
+
+/* Reverse the operation above for one mp_int.
+ * Reconstruct one mp_int from its column in the weaved array.
+ * "pSrc" points to the offset into the weave array of the bignum we 
+ * are going to reconstruct.
+ */
+mp_err weave_to_mpi(mp_int *a,                /* output, result */
+                    const unsigned char *pSrc, /* input, byte matrix */
+		    mp_size nDigits,          /* per mp_int output */
+		    mp_size nBignums)         /* bignums in weaved matrix */
+{
+  unsigned char *pDest   = (unsigned char *)MP_DIGITS(a);
+  unsigned char *endDest = pDest + (nDigits * sizeof(mp_digit));
+
+  MP_SIGN(a) = MP_ZPOS;
+  MP_USED(a) = nDigits;
+
+  for (; pDest < endDest; pSrc += nBignums, pDest++) {
+    *pDest = *pSrc;
+  }
+  s_mp_clamp(a);
+  return MP_OKAY;
+}
+
+#else
+
+/* Need a primitive that we know is 32 bits long... */
+/* this is true on all modern processors we know of today*/
+typedef unsigned int mp_weave_word;
+
+/*
+ * on some platforms character stores into memory is very expensive since they
+ * generate a read/modify/write operation on the bus. On those platforms
+ * we need to do integer writes to the bus. Because of some unrolled code,
+ * in this current code the size of mp_weave_word must be four. The code that
+ * makes this assumption explicity is called out. (on some platforms a write
+ * of 4 bytes still requires a single read-modify-write operation.
+ *
+ * This function is takes the identical parameters as the function above, 
+ * however it lays out the final array differently. Where the previous function
+ * treats the mpi_int as an byte array, this function treats it as an array of
+ * mp_digits where each digit is stored in big endian order.
+ * 
+ * since we need to interleave on a byte by byte basis, we need to collect 
+ * several mpi structures together into a single uint32 before we write. We
+ * also need to make sure the uint32 is arranged so that the first value of 
+ * the first array winds up in b[0]. This means construction of that uint32
+ * is endian specific (even though the layout of the mp_digits in the array 
+ * is always big endian).
+ *
+ * The final data is stored as follows :
+ *
+ * Our same logical array p array, m is sizeof(mp_digit),
+ * N is still count and n is now b_size. If we define p[i].digit[j]0 as the 
+ * most significant byte of the word p[i].digit[j], p[i].digit[j]1 as 
+ * the next most significant byte of p[i].digit[j], ...  and p[i].digit[j]m-1
+ * is the least significant byte. 
+ * Our array would look like:
+ * p[0].digit[0]0     p[1].digit[0]0    ...  p[N-2].digit[0]0    p[N-1].digit[0]0
+ * p[0].digit[0]1     p[1].digit[0]1    ...  p[N-2].digit[0]1    p[N-1].digit[0]1
+ *                .                                         .
+ * p[0].digit[0]m-1   p[1].digit[0]m-1  ...  p[N-2].digit[0]m-1  p[N-1].digit[0]m-1
+ * p[0].digit[1]0     p[1].digit[1]0    ...  p[N-2].digit[1]0    p[N-1].digit[1]0
+ *                .                                         .
+ *                .                                         .
+ * p[0].digit[n-1]m-2 p[1].digit[n-1]m-2 ... p[N-2].digit[n-1]m-2 p[N-1].digit[n-1]m-2
+ * p[0].digit[n-1]m-1 p[1].digit[n-1]m-1 ... p[N-2].digit[n-1]m-1 p[N-1].digit[n-1]m-1 
+ *
+ */
+mp_err mpi_to_weave(const mp_int *a, unsigned char *b, 
+					mp_size b_size, mp_size count)
+{
+  mp_size i;
+  mp_digit *digitsa0;
+  mp_digit *digitsa1;
+  mp_digit *digitsa2;
+  mp_digit *digitsa3;
+  mp_size   useda0;
+  mp_size   useda1;
+  mp_size   useda2;
+  mp_size   useda3;
+  mp_weave_word *weaved = (mp_weave_word *)b;
+
+  count = count/sizeof(mp_weave_word);
+
+  /* this code pretty much depends on this ! */
+#if MP_ARGCHK == 2
+  assert(WEAVE_WORD_SIZE == 4); 
+  assert(sizeof(mp_weave_word) == 4);
+#endif
+
+  digitsa0 = MP_DIGITS(&a[0]);
+  digitsa1 = MP_DIGITS(&a[1]);
+  digitsa2 = MP_DIGITS(&a[2]);
+  digitsa3 = MP_DIGITS(&a[3]);
+  useda0 = MP_USED(&a[0]);
+  useda1 = MP_USED(&a[1]);
+  useda2 = MP_USED(&a[2]);
+  useda3 = MP_USED(&a[3]);
+
+  ARGCHK(MP_SIGN(&a[0]) == MP_ZPOS, MP_BADARG);
+  ARGCHK(MP_SIGN(&a[1]) == MP_ZPOS, MP_BADARG);
+  ARGCHK(MP_SIGN(&a[2]) == MP_ZPOS, MP_BADARG);
+  ARGCHK(MP_SIGN(&a[3]) == MP_ZPOS, MP_BADARG);
+  ARGCHK(useda0 <= b_size, MP_BADARG);
+  ARGCHK(useda1 <= b_size, MP_BADARG);
+  ARGCHK(useda2 <= b_size, MP_BADARG);
+  ARGCHK(useda3 <= b_size, MP_BADARG);
+
+#define SAFE_FETCH(digit, used, word) ((word) < (used) ? (digit[word]) : 0)
+
+  for (i=0; i < b_size; i++) {
+    mp_digit d0 = SAFE_FETCH(digitsa0,useda0,i);
+    mp_digit d1 = SAFE_FETCH(digitsa1,useda1,i);
+    mp_digit d2 = SAFE_FETCH(digitsa2,useda2,i);
+    mp_digit d3 = SAFE_FETCH(digitsa3,useda3,i);
+    register mp_weave_word acc;
+
+/*
+ * ONE_STEP takes the MSB of each of our current digits and places that
+ * byte in the appropriate position for writing to the weaved array.
+ *  On little endian:
+ *   b3 b2 b1 b0
+ *  On big endian:
+ *   b0 b1 b2 b3
+ *  When the data is written it would always wind up:
+ *   b[0] = b0
+ *   b[1] = b1
+ *   b[2] = b2
+ *   b[3] = b3
+ *
+ * Once we've written the MSB, we shift the whole digit up left one
+ * byte, putting the Next Most Significant Byte in the MSB position,
+ * so we we repeat the next one step that byte will be written.
+ * NOTE: This code assumes sizeof(mp_weave_word) and MP_WEAVE_WORD_SIZE
+ * is 4.
+ */
+#ifdef MP_IS_LITTLE_ENDIAN 
+#define MPI_WEAVE_ONE_STEP \
+    acc  = (d0 >> (MP_DIGIT_BIT-8))  & 0x000000ff; d0 <<= 8; /*b0*/ \
+    acc |= (d1 >> (MP_DIGIT_BIT-16)) & 0x0000ff00; d1 <<= 8; /*b1*/ \
+    acc |= (d2 >> (MP_DIGIT_BIT-24)) & 0x00ff0000; d2 <<= 8; /*b2*/ \
+    acc |= (d3 >> (MP_DIGIT_BIT-32)) & 0xff000000; d3 <<= 8; /*b3*/ \
+    *weaved = acc; weaved += count;
+#else 
+#define MPI_WEAVE_ONE_STEP \
+    acc  = (d0 >> (MP_DIGIT_BIT-32)) & 0xff000000; d0 <<= 8; /*b0*/ \
+    acc |= (d1 >> (MP_DIGIT_BIT-24)) & 0x00ff0000; d1 <<= 8; /*b1*/ \
+    acc |= (d2 >> (MP_DIGIT_BIT-16)) & 0x0000ff00; d2 <<= 8; /*b2*/ \
+    acc |= (d3 >> (MP_DIGIT_BIT-8))  & 0x000000ff; d3 <<= 8; /*b3*/ \
+    *weaved = acc; weaved += count;
+#endif 
+   switch (sizeof(mp_digit)) {
+   case 32:
+    MPI_WEAVE_ONE_STEP
+    MPI_WEAVE_ONE_STEP
+    MPI_WEAVE_ONE_STEP
+    MPI_WEAVE_ONE_STEP
+    MPI_WEAVE_ONE_STEP
+    MPI_WEAVE_ONE_STEP
+    MPI_WEAVE_ONE_STEP
+    MPI_WEAVE_ONE_STEP
+    MPI_WEAVE_ONE_STEP
+    MPI_WEAVE_ONE_STEP
+    MPI_WEAVE_ONE_STEP
+    MPI_WEAVE_ONE_STEP
+    MPI_WEAVE_ONE_STEP
+    MPI_WEAVE_ONE_STEP
+    MPI_WEAVE_ONE_STEP
+    MPI_WEAVE_ONE_STEP
+   case 16:
+    MPI_WEAVE_ONE_STEP
+    MPI_WEAVE_ONE_STEP
+    MPI_WEAVE_ONE_STEP
+    MPI_WEAVE_ONE_STEP
+    MPI_WEAVE_ONE_STEP
+    MPI_WEAVE_ONE_STEP
+    MPI_WEAVE_ONE_STEP
+    MPI_WEAVE_ONE_STEP
+   case 8:
+    MPI_WEAVE_ONE_STEP
+    MPI_WEAVE_ONE_STEP
+    MPI_WEAVE_ONE_STEP
+    MPI_WEAVE_ONE_STEP
+   case 4:
+    MPI_WEAVE_ONE_STEP
+    MPI_WEAVE_ONE_STEP
+   case 2:
+    MPI_WEAVE_ONE_STEP
+   case 1:
+    MPI_WEAVE_ONE_STEP
+    break;
+   }
+  }
+
+  return MP_OKAY;
+}
+
+/* reverse the operation above for one entry.
+ * b points to the offset into the weave array of the power we are
+ * calculating */
+mp_err weave_to_mpi(mp_int *a, const unsigned char *b, 
+					mp_size b_size, mp_size count)
+{
+  mp_digit *pb = MP_DIGITS(a);
+  mp_digit *end = &pb[b_size];
+
+  MP_SIGN(a) = MP_ZPOS;
+  MP_USED(a) = b_size;
+
+  for (; pb < end; pb++) {
+    register mp_digit digit;
+
+    digit = *b << 8; b += count;
+#define MPI_UNWEAVE_ONE_STEP  digit |= *b; b += count; digit = digit << 8;
+    switch (sizeof(mp_digit)) {
+    case 32:
+	MPI_UNWEAVE_ONE_STEP 
+	MPI_UNWEAVE_ONE_STEP 
+	MPI_UNWEAVE_ONE_STEP 
+	MPI_UNWEAVE_ONE_STEP 
+	MPI_UNWEAVE_ONE_STEP 
+	MPI_UNWEAVE_ONE_STEP 
+	MPI_UNWEAVE_ONE_STEP 
+	MPI_UNWEAVE_ONE_STEP 
+	MPI_UNWEAVE_ONE_STEP 
+	MPI_UNWEAVE_ONE_STEP 
+	MPI_UNWEAVE_ONE_STEP 
+	MPI_UNWEAVE_ONE_STEP 
+	MPI_UNWEAVE_ONE_STEP 
+	MPI_UNWEAVE_ONE_STEP 
+	MPI_UNWEAVE_ONE_STEP 
+	MPI_UNWEAVE_ONE_STEP 
+    case 16:
+	MPI_UNWEAVE_ONE_STEP 
+	MPI_UNWEAVE_ONE_STEP 
+	MPI_UNWEAVE_ONE_STEP 
+	MPI_UNWEAVE_ONE_STEP 
+	MPI_UNWEAVE_ONE_STEP 
+	MPI_UNWEAVE_ONE_STEP 
+	MPI_UNWEAVE_ONE_STEP 
+	MPI_UNWEAVE_ONE_STEP 
+    case 8:
+	MPI_UNWEAVE_ONE_STEP 
+	MPI_UNWEAVE_ONE_STEP 
+	MPI_UNWEAVE_ONE_STEP 
+	MPI_UNWEAVE_ONE_STEP 
+    case 4:
+	MPI_UNWEAVE_ONE_STEP 
+	MPI_UNWEAVE_ONE_STEP 
+    case 2:
+	break;
+    }
+    digit |= *b; b += count; 
+
+    *pb = digit;
+  }
+  s_mp_clamp(a);
+  return MP_OKAY;
+}
+#endif
+
+
+#define SQR(a,b) \
+  MP_CHECKOK( mp_sqr(a, b) );\
+  MP_CHECKOK( s_mp_redc(b, mmm) )
+
+#if defined(MP_MONT_USE_MP_MUL)
+#define MUL_NOWEAVE(x,a,b) \
+  MP_CHECKOK( mp_mul(a, x, b) ); \
+  MP_CHECKOK( s_mp_redc(b, mmm) ) 
+#else
+#define MUL_NOWEAVE(x,a,b) \
+  MP_CHECKOK( s_mp_mul_mont(a, x, b, mmm) )
+#endif
+
+#define MUL(x,a,b) \
+  MP_CHECKOK( weave_to_mpi(&tmp, powers + (x), nLen, num_powers) ); \
+  MUL_NOWEAVE(&tmp,a,b)
+
+#define SWAPPA ptmp = pa1; pa1 = pa2; pa2 = ptmp
+#define MP_ALIGN(x,y) ((((ptrdiff_t)(x))+((y)-1))&(((ptrdiff_t)0)-(y)))
+
+/* Do modular exponentiation using integer multiply code. */
+mp_err mp_exptmod_safe_i(const mp_int *   montBase, 
+                    const mp_int *   exponent, 
+		    const mp_int *   modulus, 
+		    mp_int *         result, 
+		    mp_mont_modulus *mmm, 
+		    int              nLen, 
+		    mp_size          bits_in_exponent, 
+		    mp_size          window_bits,
+		    mp_size          num_powers)
+{
+  mp_int *pa1, *pa2, *ptmp;
+  mp_size i;
+  mp_size first_window;
+  mp_err  res;
+  int     expOff;
+  mp_int  accum1, accum2, accum[WEAVE_WORD_SIZE];
+  mp_int  tmp;
+  unsigned char *powersArray;
+  unsigned char *powers;
+
+  MP_DIGITS(&accum1) = 0;
+  MP_DIGITS(&accum2) = 0;
+  MP_DIGITS(&accum[0]) = 0;
+  MP_DIGITS(&accum[1]) = 0;
+  MP_DIGITS(&accum[2]) = 0;
+  MP_DIGITS(&accum[3]) = 0;
+  MP_DIGITS(&tmp) = 0;
+
+  powersArray = (unsigned char *)malloc(num_powers*(nLen*sizeof(mp_digit)+1));
+  if (powersArray == NULL) {
+    res = MP_MEM;
+    goto CLEANUP;
+  }
+
+  /* powers[i] = base ** (i); */
+  powers = (unsigned char *)MP_ALIGN(powersArray,num_powers);
+
+  /* grab the first window value. This allows us to preload accumulator1
+   * and save a conversion, some squares and a multiple*/
+  MP_CHECKOK( mpl_get_bits(exponent, 
+				bits_in_exponent-window_bits, window_bits) );
+  first_window = (mp_size)res;
+
+  MP_CHECKOK( mp_init_size(&accum1, 3 * nLen + 2) );
+  MP_CHECKOK( mp_init_size(&accum2, 3 * nLen + 2) );
+  MP_CHECKOK( mp_init_size(&tmp, 3 * nLen + 2) );
+
+  /* build the first WEAVE_WORD powers inline */
+  /* if WEAVE_WORD_SIZE is not 4, this code will have to change */
+  if (num_powers > 2) {
+    MP_CHECKOK( mp_init_size(&accum[0], 3 * nLen + 2) );
+    MP_CHECKOK( mp_init_size(&accum[1], 3 * nLen + 2) );
+    MP_CHECKOK( mp_init_size(&accum[2], 3 * nLen + 2) );
+    MP_CHECKOK( mp_init_size(&accum[3], 3 * nLen + 2) );
+    mp_set(&accum[0], 1);
+    MP_CHECKOK( s_mp_to_mont(&accum[0], mmm, &accum[0]) );
+    MP_CHECKOK( mp_copy(montBase, &accum[1]) );
+    SQR(montBase, &accum[2]);
+    MUL_NOWEAVE(montBase, &accum[2], &accum[3]);
+    MP_CHECKOK( mpi_to_weave(accum, powers, nLen, num_powers) );
+    if (first_window < 4) {
+      MP_CHECKOK( mp_copy(&accum[first_window], &accum1) );
+      first_window = num_powers;
+    }
+  } else {
+      if (first_window == 0) {
+        mp_set(&accum1, 1);
+        MP_CHECKOK( s_mp_to_mont(&accum1, mmm, &accum1) );
+      } else {
+        /* assert first_window == 1? */
+        MP_CHECKOK( mp_copy(montBase, &accum1) );
+      }
+  }
+
+  /*
+   * calculate all the powers in the powers array.
+   * this adds 2**(k-1)-2 square operations over just calculating the
+   * odd powers where k is the window size in the two other mp_modexpt
+   * implementations in this file. We will get some of that
+   * back by not needing the first 'k' squares and one multiply for the 
+   * first window */ 
+  for (i = WEAVE_WORD_SIZE; i < num_powers; i++) {
+    int acc_index = i & (WEAVE_WORD_SIZE-1); /* i % WEAVE_WORD_SIZE */
+    if ( i & 1 ) {
+      MUL_NOWEAVE(montBase, &accum[acc_index-1] , &accum[acc_index]);
+      /* we've filled the array do our 'per array' processing */
+      if (acc_index == (WEAVE_WORD_SIZE-1)) {
+        MP_CHECKOK( mpi_to_weave(accum, powers + i - (WEAVE_WORD_SIZE-1),
+							 nLen, num_powers) );
+
+        if (first_window <= i) {
+          MP_CHECKOK( mp_copy(&accum[first_window & (WEAVE_WORD_SIZE-1)], 
+								&accum1) );
+          first_window = num_powers;
+        }
+      }
+    } else {
+      /* up to 8 we can find 2^i-1 in the accum array, but at 8 we our source
+       * and target are the same so we need to copy.. After that, the
+       * value is overwritten, so we need to fetch it from the stored
+       * weave array */
+      if (i > 2* WEAVE_WORD_SIZE) {
+        MP_CHECKOK(weave_to_mpi(&accum2, powers+i/2, nLen, num_powers));
+        SQR(&accum2, &accum[acc_index]);
+      } else {
+	int half_power_index = (i/2) & (WEAVE_WORD_SIZE-1);
+	if (half_power_index == acc_index) {
+	   /* copy is cheaper than weave_to_mpi */
+	   MP_CHECKOK(mp_copy(&accum[half_power_index], &accum2));
+	   SQR(&accum2,&accum[acc_index]);
+	} else {
+	   SQR(&accum[half_power_index],&accum[acc_index]);
+	}
+      }
+    }
+  }
+  /* if the accum1 isn't set, Then there is something wrong with our logic 
+   * above and is an internal programming error. 
+   */
+#if MP_ARGCHK == 2
+  assert(MP_USED(&accum1) != 0);
+#endif
+
+  /* set accumulator to montgomery residue of 1 */
+  pa1 = &accum1;
+  pa2 = &accum2;
+
+  for (expOff = bits_in_exponent - window_bits*2; expOff >= 0; expOff -= window_bits) {
+    mp_size smallExp;
+    MP_CHECKOK( mpl_get_bits(exponent, expOff, window_bits) );
+    smallExp = (mp_size)res;
+
+    /* handle unroll the loops */
+    switch (window_bits) {
+    case 1:
+	if (!smallExp) {
+	    SQR(pa1,pa2); SWAPPA;
+	} else if (smallExp & 1) {
+	    SQR(pa1,pa2); MUL_NOWEAVE(montBase,pa2,pa1);
+	} else {
+	    ABORT;
+	}
+	break;
+    case 6:
+	SQR(pa1,pa2); SQR(pa2,pa1); 
+	/* fall through */
+    case 4:
+	SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1);
+	MUL(smallExp, pa1,pa2); SWAPPA;
+	break;
+    case 5:
+	SQR(pa1,pa2); SQR(pa2,pa1); SQR(pa1,pa2); SQR(pa2,pa1); 
+	SQR(pa1,pa2); MUL(smallExp,pa2,pa1);
+	break;
+    default:
+	ABORT; /* could do a loop? */
+    }
+  }
+
+  res = s_mp_redc(pa1, mmm);
+  mp_exch(pa1, result);
+
+CLEANUP:
+  mp_clear(&accum1);
+  mp_clear(&accum2);
+  mp_clear(&accum[0]);
+  mp_clear(&accum[1]);
+  mp_clear(&accum[2]);
+  mp_clear(&accum[3]);
+  mp_clear(&tmp);
+  /* PORT_Memset(powers,0,num_powers*nLen*sizeof(mp_digit)); */
+  free(powersArray);
+  return res;
+}
+#undef SQR
+#undef MUL
+#endif
+
+mp_err mp_exptmod(const mp_int *inBase, const mp_int *exponent, 
+		  const mp_int *modulus, mp_int *result)
+{
+  const mp_int *base;
+  mp_size bits_in_exponent, i, window_bits, odd_ints;
+  mp_err  res;
+  int     nLen;
+  mp_int  montBase, goodBase;
+  mp_mont_modulus mmm;
+#ifdef MP_USING_CACHE_SAFE_MOD_EXP
+  static unsigned int max_window_bits;
+#endif
+
+  /* function for computing n0prime only works if n0 is odd */
+  if (!mp_isodd(modulus))
+    return s_mp_exptmod(inBase, exponent, modulus, result);
+
+  MP_DIGITS(&montBase) = 0;
+  MP_DIGITS(&goodBase) = 0;
+
+  if (mp_cmp(inBase, modulus) < 0) {
+    base = inBase;
+  } else {
+    MP_CHECKOK( mp_init(&goodBase) );
+    base = &goodBase;
+    MP_CHECKOK( mp_mod(inBase, modulus, &goodBase) );
+  }
+
+  nLen  = MP_USED(modulus);
+  MP_CHECKOK( mp_init_size(&montBase, 2 * nLen + 2) );
+
+  mmm.N = *modulus;			/* a copy of the mp_int struct */
+  i = mpl_significant_bits(modulus);
+  i += MP_DIGIT_BIT - 1;
+  mmm.b = i - i % MP_DIGIT_BIT;
+
+  /* compute n0', given n0, n0' = -(n0 ** -1) mod MP_RADIX
+  **		where n0 = least significant mp_digit of N, the modulus.
+  */
+  mmm.n0prime = 0 - s_mp_invmod_radix( MP_DIGIT(modulus, 0) );
+
+  MP_CHECKOK( s_mp_to_mont(base, &mmm, &montBase) );
+
+  bits_in_exponent = mpl_significant_bits(exponent);
+#ifdef MP_USING_CACHE_SAFE_MOD_EXP
+  if (mp_using_cache_safe_exp) {
+    if (bits_in_exponent > 780)
+	window_bits = 6;
+    else if (bits_in_exponent > 256)
+	window_bits = 5;
+    else if (bits_in_exponent > 20)
+	window_bits = 4;
+       /* RSA public key exponents are typically under 20 bits (common values 
+        * are: 3, 17, 65537) and a 4-bit window is inefficient
+        */
+    else 
+	window_bits = 1;
+  } else
+#endif
+  if (bits_in_exponent > 480)
+    window_bits = 6;
+  else if (bits_in_exponent > 160)
+    window_bits = 5;
+  else if (bits_in_exponent > 20)
+    window_bits = 4;
+  /* RSA public key exponents are typically under 20 bits (common values 
+   * are: 3, 17, 65537) and a 4-bit window is inefficient
+   */
+  else 
+    window_bits = 1;
+
+#ifdef MP_USING_CACHE_SAFE_MOD_EXP
+  /*
+   * clamp the window size based on
+   * the cache line size.
+   */
+  if (!max_window_bits) {
+    unsigned long cache_size = s_mpi_getProcessorLineSize();
+    /* processor has no cache, use 'fast' code always */
+    if (cache_size == 0) {
+      mp_using_cache_safe_exp = 0;
+    } 
+    if ((cache_size == 0) || (cache_size >= 64)) {
+      max_window_bits = 6;
+    } else if (cache_size >= 32) {
+      max_window_bits = 5;
+    } else if (cache_size >= 16) {
+      max_window_bits = 4;
+    } else max_window_bits = 1; /* should this be an assert? */
+  }
+
+  /* clamp the window size down before we caclulate bits_in_exponent */
+  if (mp_using_cache_safe_exp) {
+    if (window_bits > max_window_bits) {
+      window_bits = max_window_bits;
+    }
+  }
+#endif
+
+  odd_ints = 1 << (window_bits - 1);
+  i = bits_in_exponent % window_bits;
+  if (i != 0) {
+    bits_in_exponent += window_bits - i;
+  } 
+
+#ifdef MP_USING_MONT_MULF
+  if (mp_using_mont_mulf) {
+    MP_CHECKOK( s_mp_pad(&montBase, nLen) );
+    res = mp_exptmod_f(&montBase, exponent, modulus, result, &mmm, nLen, 
+		     bits_in_exponent, window_bits, odd_ints);
+  } else
+#endif
+#ifdef MP_USING_CACHE_SAFE_MOD_EXP
+  if (mp_using_cache_safe_exp) {
+    res = mp_exptmod_safe_i(&montBase, exponent, modulus, result, &mmm, nLen, 
+		     bits_in_exponent, window_bits, 1 << window_bits);
+  } else
+#endif
+  res = mp_exptmod_i(&montBase, exponent, modulus, result, &mmm, nLen, 
+		     bits_in_exponent, window_bits, odd_ints);
+
+CLEANUP:
+  mp_clear(&montBase);
+  mp_clear(&goodBase);
+  /* Don't mp_clear mmm.N because it is merely a copy of modulus.
+  ** Just zap it.
+  */
+  memset(&mmm, 0, sizeof mmm);
+  return res;
+}
diff --git a/security/nss/lib/freebl/mpi/mpprime.c b/security/nss/lib/freebl/mpi/mpprime.c
new file mode 100644
index 000000000..4d6428118
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mpprime.c
@@ -0,0 +1,613 @@
+/*
+ *  mpprime.c
+ *
+ *  Utilities for finding and working with prime and pseudo-prime
+ *  integers
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1997
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Netscape Communications Corporation
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "mpi-priv.h"
+#include "mpprime.h"
+#include "mplogic.h"
+#include <stdlib.h>
+#include <string.h>
+
+#define SMALL_TABLE 0 /* determines size of hard-wired prime table */
+
+#define RANDOM() rand()
+
+#include "primes.c"  /* pull in the prime digit table */
+
+/* 
+   Test if any of a given vector of digits divides a.  If not, MP_NO
+   is returned; otherwise, MP_YES is returned and 'which' is set to
+   the index of the integer in the vector which divided a.
+ */
+mp_err    s_mpp_divp(mp_int *a, const mp_digit *vec, int size, int *which);
+
+/* {{{ mpp_divis(a, b) */
+
+/*
+  mpp_divis(a, b)
+
+  Returns MP_YES if a is divisible by b, or MP_NO if it is not.
+ */
+
+mp_err  mpp_divis(mp_int *a, mp_int *b)
+{
+  mp_err  res;
+  mp_int  rem;
+
+  if((res = mp_init(&rem)) != MP_OKAY)
+    return res;
+
+  if((res = mp_mod(a, b, &rem)) != MP_OKAY)
+    goto CLEANUP;
+
+  if(mp_cmp_z(&rem) == 0)
+    res = MP_YES;
+  else
+    res = MP_NO;
+
+CLEANUP:
+  mp_clear(&rem);
+  return res;
+
+} /* end mpp_divis() */
+
+/* }}} */
+
+/* {{{ mpp_divis_d(a, d) */
+
+/*
+  mpp_divis_d(a, d)
+
+  Return MP_YES if a is divisible by d, or MP_NO if it is not.
+ */
+
+mp_err  mpp_divis_d(mp_int *a, mp_digit d)
+{
+  mp_err     res;
+  mp_digit   rem;
+
+  ARGCHK(a != NULL, MP_BADARG);
+
+  if(d == 0)
+    return MP_NO;
+
+  if((res = mp_mod_d(a, d, &rem)) != MP_OKAY)
+    return res;
+
+  if(rem == 0)
+    return MP_YES;
+  else
+    return MP_NO;
+
+} /* end mpp_divis_d() */
+
+/* }}} */
+
+/* {{{ mpp_random(a) */
+
+/*
+  mpp_random(a)
+
+  Assigns a random value to a.  This value is generated using the
+  standard C library's rand() function, so it should not be used for
+  cryptographic purposes, but it should be fine for primality testing,
+  since all we really care about there is good statistical properties.
+
+  As many digits as a currently has are filled with random digits.
+ */
+
+mp_err  mpp_random(mp_int *a)
+
+{
+  mp_digit  next = 0;
+  unsigned int       ix, jx;
+
+  ARGCHK(a != NULL, MP_BADARG);
+
+  for(ix = 0; ix < USED(a); ix++) {
+    for(jx = 0; jx < sizeof(mp_digit); jx++) {
+      next = (next << CHAR_BIT) | (RANDOM() & UCHAR_MAX);
+    }
+    DIGIT(a, ix) = next;
+  }
+
+  return MP_OKAY;
+
+} /* end mpp_random() */
+
+/* }}} */
+
+/* {{{ mpp_random_size(a, prec) */
+
+mp_err  mpp_random_size(mp_int *a, mp_size prec)
+{
+  mp_err   res;
+
+  ARGCHK(a != NULL && prec > 0, MP_BADARG);
+  
+  if((res = s_mp_pad(a, prec)) != MP_OKAY)
+    return res;
+
+  return mpp_random(a);
+
+} /* end mpp_random_size() */
+
+/* }}} */
+
+/* {{{ mpp_divis_vector(a, vec, size, which) */
+
+/*
+  mpp_divis_vector(a, vec, size, which)
+
+  Determines if a is divisible by any of the 'size' digits in vec.
+  Returns MP_YES and sets 'which' to the index of the offending digit,
+  if it is; returns MP_NO if it is not.
+ */
+
+mp_err  mpp_divis_vector(mp_int *a, const mp_digit *vec, int size, int *which)
+{
+  ARGCHK(a != NULL && vec != NULL && size > 0, MP_BADARG);
+  
+  return s_mpp_divp(a, vec, size, which);
+
+} /* end mpp_divis_vector() */
+
+/* }}} */
+
+/* {{{ mpp_divis_primes(a, np) */
+
+/*
+  mpp_divis_primes(a, np)
+
+  Test whether a is divisible by any of the first 'np' primes.  If it
+  is, returns MP_YES and sets *np to the value of the digit that did
+  it.  If not, returns MP_NO.
+ */
+mp_err  mpp_divis_primes(mp_int *a, mp_digit *np)
+{
+  int     size, which;
+  mp_err  res;
+
+  ARGCHK(a != NULL && np != NULL, MP_BADARG);
+
+  size = (int)*np;
+  if(size > prime_tab_size)
+    size = prime_tab_size;
+
+  res = mpp_divis_vector(a, prime_tab, size, &which);
+  if(res == MP_YES) 
+    *np = prime_tab[which];
+
+  return res;
+
+} /* end mpp_divis_primes() */
+
+/* }}} */
+
+/* {{{ mpp_fermat(a, w) */
+
+/*
+  Using w as a witness, try pseudo-primality testing based on Fermat's
+  little theorem.  If a is prime, and (w, a) = 1, then w^a == w (mod
+  a).  So, we compute z = w^a (mod a) and compare z to w; if they are
+  equal, the test passes and we return MP_YES.  Otherwise, we return
+  MP_NO.
+ */
+mp_err  mpp_fermat(mp_int *a, mp_digit w)
+{
+  mp_int  base, test;
+  mp_err  res;
+  
+  if((res = mp_init(&base)) != MP_OKAY)
+    return res;
+
+  mp_set(&base, w);
+
+  if((res = mp_init(&test)) != MP_OKAY)
+    goto TEST;
+
+  /* Compute test = base^a (mod a) */
+  if((res = mp_exptmod(&base, a, a, &test)) != MP_OKAY)
+    goto CLEANUP;
+
+  
+  if(mp_cmp(&base, &test) == 0)
+    res = MP_YES;
+  else
+    res = MP_NO;
+
+ CLEANUP:
+  mp_clear(&test);
+ TEST:
+  mp_clear(&base);
+
+  return res;
+
+} /* end mpp_fermat() */
+
+/* }}} */
+
+/*
+  Perform the fermat test on each of the primes in a list until
+  a) one of them shows a is not prime, or 
+  b) the list is exhausted.
+  Returns:  MP_YES if it passes tests.
+	    MP_NO  if fermat test reveals it is composite
+	    Some MP error code if some other error occurs.
+ */
+mp_err mpp_fermat_list(mp_int *a, const mp_digit *primes, mp_size nPrimes)
+{
+  mp_err rv = MP_YES;
+
+  while (nPrimes-- > 0 && rv == MP_YES) {
+    rv = mpp_fermat(a, *primes++);
+  }
+  return rv;
+}
+
+/* {{{ mpp_pprime(a, nt) */
+
+/*
+  mpp_pprime(a, nt)
+
+  Performs nt iteration of the Miller-Rabin probabilistic primality
+  test on a.  Returns MP_YES if the tests pass, MP_NO if one fails.
+  If MP_NO is returned, the number is definitely composite.  If MP_YES
+  is returned, it is probably prime (but that is not guaranteed).
+ */
+
+mp_err  mpp_pprime(mp_int *a, int nt)
+{
+  mp_err   res;
+  mp_int   x, amo, m, z;	/* "amo" = "a minus one" */
+  int      iter;
+  unsigned int jx;
+  mp_size  b;
+
+  ARGCHK(a != NULL, MP_BADARG);
+
+  MP_DIGITS(&x) = 0;
+  MP_DIGITS(&amo) = 0;
+  MP_DIGITS(&m) = 0;
+  MP_DIGITS(&z) = 0;
+
+  /* Initialize temporaries... */
+  MP_CHECKOK( mp_init(&amo));
+  /* Compute amo = a - 1 for what follows...    */
+  MP_CHECKOK( mp_sub_d(a, 1, &amo) );
+
+  b = mp_trailing_zeros(&amo);
+  if (!b) { /* a was even ? */
+    res = MP_NO;
+    goto CLEANUP;
+  }
+
+  MP_CHECKOK( mp_init_size(&x, MP_USED(a)) );
+  MP_CHECKOK( mp_init(&z) );
+  MP_CHECKOK( mp_init(&m) );
+  MP_CHECKOK( mp_div_2d(&amo, b, &m, 0) );
+
+  /* Do the test nt times... */
+  for(iter = 0; iter < nt; iter++) {
+
+    /* Choose a random value for x < a          */
+    s_mp_pad(&x, USED(a));
+    mpp_random(&x);
+    MP_CHECKOK( mp_mod(&x, a, &x) );
+
+    /* Compute z = (x ** m) mod a               */
+    MP_CHECKOK( mp_exptmod(&x, &m, a, &z) );
+    
+    if(mp_cmp_d(&z, 1) == 0 || mp_cmp(&z, &amo) == 0) {
+      res = MP_YES;
+      continue;
+    }
+    
+    res = MP_NO;  /* just in case the following for loop never executes. */
+    for (jx = 1; jx < b; jx++) {
+      /* z = z^2 (mod a) */
+      MP_CHECKOK( mp_sqrmod(&z, a, &z) );
+      res = MP_NO;	/* previous line set res to MP_YES */
+
+      if(mp_cmp_d(&z, 1) == 0) {
+	break;
+      }
+      if(mp_cmp(&z, &amo) == 0) {
+	res = MP_YES;
+	break;
+      } 
+    } /* end testing loop */
+
+    /* If the test passes, we will continue iterating, but a failed
+       test means the candidate is definitely NOT prime, so we will
+       immediately break out of this loop
+     */
+    if(res == MP_NO)
+      break;
+
+  } /* end iterations loop */
+  
+CLEANUP:
+  mp_clear(&m);
+  mp_clear(&z);
+  mp_clear(&x);
+  mp_clear(&amo);
+  return res;
+
+} /* end mpp_pprime() */
+
+/* }}} */
+
+/* Produce table of composites from list of primes and trial value.  
+** trial must be odd. List of primes must not include 2.
+** sieve should have dimension >= MAXPRIME/2, where MAXPRIME is largest 
+** prime in list of primes.  After this function is finished,
+** if sieve[i] is non-zero, then (trial + 2*i) is composite.
+** Each prime used in the sieve costs one division of trial, and eliminates
+** one or more values from the search space. (3 eliminates 1/3 of the values
+** alone!)  Each value left in the search space costs 1 or more modular 
+** exponentations.  So, these divisions are a bargain!
+*/
+mp_err mpp_sieve(mp_int *trial, const mp_digit *primes, mp_size nPrimes, 
+		 unsigned char *sieve, mp_size nSieve)
+{
+  mp_err       res;
+  mp_digit     rem;
+  mp_size      ix;
+  unsigned long offset;
+
+  memset(sieve, 0, nSieve);
+
+  for(ix = 0; ix < nPrimes; ix++) {
+    mp_digit prime = primes[ix];
+    mp_size  i;
+    if((res = mp_mod_d(trial, prime, &rem)) != MP_OKAY) 
+      return res;
+
+    if (rem == 0) {
+      offset = 0;
+    } else {
+      offset = prime - (rem / 2);
+    }
+    for (i = offset; i < nSieve ; i += prime) {
+      sieve[i] = 1;
+    }
+  }
+
+  return MP_OKAY;
+}
+
+#define SIEVE_SIZE 32*1024
+
+mp_err mpp_make_prime(mp_int *start, mp_size nBits, mp_size strong,
+		      unsigned long * nTries)
+{
+  mp_digit      np;
+  mp_err        res;
+  int           i	= 0;
+  mp_int        trial;
+  mp_int        q;
+  mp_size       num_tests;
+  unsigned char *sieve;
+  
+  ARGCHK(start != 0, MP_BADARG);
+  ARGCHK(nBits > 16, MP_RANGE);
+
+  sieve = malloc(SIEVE_SIZE);
+  ARGCHK(sieve != NULL, MP_MEM);
+
+  MP_DIGITS(&trial) = 0;
+  MP_DIGITS(&q) = 0;
+  MP_CHECKOK( mp_init(&trial) );
+  MP_CHECKOK( mp_init(&q)     );
+  /* values taken from table 4.4, HandBook of Applied Cryptography */
+  if (nBits >= 1300) {
+    num_tests = 2;
+  } else if (nBits >= 850) {
+    num_tests = 3;
+  } else if (nBits >= 650) {
+    num_tests = 4;
+  } else if (nBits >= 550) {
+    num_tests = 5;
+  } else if (nBits >= 450) {
+    num_tests = 6;
+  } else if (nBits >= 400) {
+    num_tests = 7;
+  } else if (nBits >= 350) {
+    num_tests = 8;
+  } else if (nBits >= 300) {
+    num_tests = 9;
+  } else if (nBits >= 250) {
+    num_tests = 12;
+  } else if (nBits >= 200) {
+    num_tests = 15;
+  } else if (nBits >= 150) {
+    num_tests = 18;
+  } else if (nBits >= 100) {
+    num_tests = 27;
+  } else
+    num_tests = 50;
+
+  if (strong) 
+    --nBits;
+  MP_CHECKOK( mpl_set_bit(start, nBits - 1, 1) );
+  MP_CHECKOK( mpl_set_bit(start,         0, 1) );
+  for (i = mpl_significant_bits(start) - 1; i >= nBits; --i) {
+    MP_CHECKOK( mpl_set_bit(start, i, 0) );
+  }
+  /* start sieveing with prime value of 3. */
+  MP_CHECKOK(mpp_sieve(start, prime_tab + 1, prime_tab_size - 1, 
+		       sieve, SIEVE_SIZE) );
+
+#ifdef DEBUG_SIEVE
+  res = 0;
+  for (i = 0; i < SIEVE_SIZE; ++i) {
+    if (!sieve[i])
+      ++res;
+  }
+  fprintf(stderr,"sieve found %d potential primes.\n", res);
+#define FPUTC(x,y) fputc(x,y)
+#else
+#define FPUTC(x,y) 
+#endif
+
+  res = MP_NO;
+  for(i = 0; i < SIEVE_SIZE; ++i) {
+    if (sieve[i])	/* this number is composite */
+      continue;
+    MP_CHECKOK( mp_add_d(start, 2 * i, &trial) );
+    FPUTC('.', stderr);
+    /* run a Fermat test */
+    res = mpp_fermat(&trial, 2);
+    if (res != MP_OKAY) {
+      if (res == MP_NO)
+	continue;	/* was composite */
+      goto CLEANUP;
+    }
+      
+    FPUTC('+', stderr);
+    /* If that passed, run some Miller-Rabin tests	*/
+    res = mpp_pprime(&trial, num_tests);
+    if (res != MP_OKAY) {
+      if (res == MP_NO)
+	continue;	/* was composite */
+      goto CLEANUP;
+    }
+    FPUTC('!', stderr);
+
+    if (!strong) 
+      break;	/* success !! */
+
+    /* At this point, we have strong evidence that our candidate
+       is itself prime.  If we want a strong prime, we need now
+       to test q = 2p + 1 for primality...
+     */
+    MP_CHECKOK( mp_mul_2(&trial, &q) );
+    MP_CHECKOK( mp_add_d(&q, 1, &q)  );
+
+    /* Test q for small prime divisors ... */
+    np = prime_tab_size;
+    res = mpp_divis_primes(&q, &np);
+    if (res == MP_YES) { /* is composite */
+      mp_clear(&q);
+      continue;
+    }
+    if (res != MP_NO) 
+      goto CLEANUP;
+
+    /* And test with Fermat, as with its parent ... */
+    res = mpp_fermat(&q, 2);
+    if (res != MP_YES) {
+      mp_clear(&q);
+      if (res == MP_NO)
+	continue;	/* was composite */
+      goto CLEANUP;
+    }
+
+    /* And test with Miller-Rabin, as with its parent ... */
+    res = mpp_pprime(&q, num_tests);
+    if (res != MP_YES) {
+      mp_clear(&q);
+      if (res == MP_NO)
+	continue;	/* was composite */
+      goto CLEANUP;
+    }
+
+    /* If it passed, we've got a winner */
+    mp_exch(&q, &trial);
+    mp_clear(&q);
+    break;
+
+  } /* end of loop through sieved values */
+  if (res == MP_YES) 
+    mp_exch(&trial, start);
+CLEANUP:
+  mp_clear(&trial);
+  mp_clear(&q);
+  if (nTries)
+    *nTries += i;
+  if (sieve != NULL) {
+  	memset(sieve, 0, SIEVE_SIZE);
+  	free (sieve);
+  }
+  return res;
+}
+
+/*========================================================================*/
+/*------------------------------------------------------------------------*/
+/* Static functions visible only to the library internally                */
+
+/* {{{ s_mpp_divp(a, vec, size, which) */
+
+/* 
+   Test for divisibility by members of a vector of digits.  Returns
+   MP_NO if a is not divisible by any of them; returns MP_YES and sets
+   'which' to the index of the offender, if it is.  Will stop on the
+   first digit against which a is divisible.
+ */
+
+mp_err    s_mpp_divp(mp_int *a, const mp_digit *vec, int size, int *which)
+{
+  mp_err    res;
+  mp_digit  rem;
+
+  int     ix;
+
+  for(ix = 0; ix < size; ix++) {
+    if((res = mp_mod_d(a, vec[ix], &rem)) != MP_OKAY) 
+      return res;
+
+    if(rem == 0) {
+      if(which)
+	*which = ix;
+      return MP_YES;
+    }
+  }
+
+  return MP_NO;
+
+} /* end s_mpp_divp() */
+
+/* }}} */
+
+/*------------------------------------------------------------------------*/
+/* HERE THERE BE DRAGONS                                                  */
diff --git a/security/nss/lib/freebl/mpi/mpprime.h b/security/nss/lib/freebl/mpi/mpprime.h
new file mode 100644
index 000000000..486d4a1ad
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mpprime.h
@@ -0,0 +1,70 @@
+/*
+ *  mpprime.h
+ *
+ *  Utilities for finding and working with prime and pseudo-prime
+ *  integers
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1997
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#ifndef _H_MP_PRIME_
+#define _H_MP_PRIME_
+
+#include "mpi.h"
+
+extern const int prime_tab_size;   /* number of primes available */
+extern const mp_digit prime_tab[];
+
+/* Tests for divisibility    */
+mp_err  mpp_divis(mp_int *a, mp_int *b);
+mp_err  mpp_divis_d(mp_int *a, mp_digit d);
+
+/* Random selection          */
+mp_err  mpp_random(mp_int *a);
+mp_err  mpp_random_size(mp_int *a, mp_size prec);
+
+/* Pseudo-primality testing  */
+mp_err  mpp_divis_vector(mp_int *a, const mp_digit *vec, int size, int *which);
+mp_err  mpp_divis_primes(mp_int *a, mp_digit *np);
+mp_err  mpp_fermat(mp_int *a, mp_digit w);
+mp_err mpp_fermat_list(mp_int *a, const mp_digit *primes, mp_size nPrimes);
+mp_err  mpp_pprime(mp_int *a, int nt);
+mp_err mpp_sieve(mp_int *trial, const mp_digit *primes, mp_size nPrimes, 
+		 unsigned char *sieve, mp_size nSieve);
+mp_err mpp_make_prime(mp_int *start, mp_size nBits, mp_size strong,
+		      unsigned long * nTries);
+
+#endif /* end _H_MP_PRIME_ */
diff --git a/security/nss/lib/freebl/mpi/mpv_sparc.c b/security/nss/lib/freebl/mpi/mpv_sparc.c
new file mode 100644
index 000000000..96ddde7fb
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mpv_sparc.c
@@ -0,0 +1,253 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is a SPARC/VIS optimized multiply and add function.
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems Inc.
+ * Portions created by the Initial Developer are Copyright (C) 1999-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include "vis_proto.h"
+
+/***************************************************************/
+
+typedef  int                t_s32;
+typedef  unsigned int       t_u32;
+#if defined(__sparcv9)
+typedef  long               t_s64;
+typedef  unsigned long      t_u64;
+#else
+typedef  long long          t_s64;
+typedef  unsigned long long t_u64;
+#endif
+typedef  double             t_d64;
+
+/***************************************************************/
+
+typedef union {
+  t_d64 d64;
+  struct {
+    t_s32 i0;
+    t_s32 i1;
+  } i32s;
+} d64_2_i32;
+
+/***************************************************************/
+
+#define BUFF_SIZE  256
+
+#define A_BITS  19
+#define A_MASK  ((1 << A_BITS) - 1)
+
+/***************************************************************/
+
+static t_u64 mask_cnst[] = {
+  0x8000000080000000ull
+};
+
+/***************************************************************/
+
+#define DEF_VARS(N)                     \
+  t_d64 *py = (t_d64*)y;                \
+  t_d64 mask = *((t_d64*)mask_cnst);    \
+  t_d64 ca = (1u << 31) - 1;            \
+  t_d64 da = (t_d64)a;                  \
+  t_s64 buff[N], s;                     \
+  d64_2_i32 dy
+
+/***************************************************************/
+
+#define MUL_U32_S64_2(i)                                \
+  dy.d64 = vis_fxnor(mask, py[i]);                      \
+  buff[2*(i)  ] = (ca - (t_d64)dy.i32s.i0) * da;        \
+  buff[2*(i)+1] = (ca - (t_d64)dy.i32s.i1) * da
+
+#define MUL_U32_S64_2_D(i)              \
+  dy.d64 = vis_fxnor(mask, py[i]);      \
+  d0 = ca - (t_d64)dy.i32s.i0;          \
+  d1 = ca - (t_d64)dy.i32s.i1;          \
+  buff[4*(i)  ] = (t_s64)(d0 * da);     \
+  buff[4*(i)+1] = (t_s64)(d0 * db);     \
+  buff[4*(i)+2] = (t_s64)(d1 * da);     \
+  buff[4*(i)+3] = (t_s64)(d1 * db)
+
+/***************************************************************/
+
+#define ADD_S64_U32(i)          \
+  s = buff[i] + x[i] + c;       \
+  z[i] = s;                     \
+  c = (s >> 32)
+
+#define ADD_S64_U32_D(i)                        \
+  s = buff[2*(i)] +(((t_s64)(buff[2*(i)+1]))<<A_BITS) + x[i] + uc;   \
+  z[i] = s;                                     \
+  uc = ((t_u64)s >> 32)
+
+/***************************************************************/
+
+#define MUL_U32_S64_8(i)        \
+  MUL_U32_S64_2(i);             \
+  MUL_U32_S64_2(i+1);           \
+  MUL_U32_S64_2(i+2);           \
+  MUL_U32_S64_2(i+3)
+
+#define MUL_U32_S64_D_8(i)      \
+  MUL_U32_S64_2_D(i);           \
+  MUL_U32_S64_2_D(i+1);         \
+  MUL_U32_S64_2_D(i+2);         \
+  MUL_U32_S64_2_D(i+3)
+
+/***************************************************************/
+
+#define ADD_S64_U32_8(i)        \
+  ADD_S64_U32(i);               \
+  ADD_S64_U32(i+1);             \
+  ADD_S64_U32(i+2);             \
+  ADD_S64_U32(i+3);             \
+  ADD_S64_U32(i+4);             \
+  ADD_S64_U32(i+5);             \
+  ADD_S64_U32(i+6);             \
+  ADD_S64_U32(i+7)
+
+#define ADD_S64_U32_D_8(i)      \
+  ADD_S64_U32_D(i);             \
+  ADD_S64_U32_D(i+1);           \
+  ADD_S64_U32_D(i+2);           \
+  ADD_S64_U32_D(i+3);           \
+  ADD_S64_U32_D(i+4);           \
+  ADD_S64_U32_D(i+5);           \
+  ADD_S64_U32_D(i+6);           \
+  ADD_S64_U32_D(i+7)
+
+/***************************************************************/
+
+t_u32 mul_add(t_u32 *z, t_u32 *x, t_u32 *y, int n, t_u32 a)
+{
+  if (a < (1 << A_BITS)) {
+
+    if (n == 8) {
+      DEF_VARS(8);
+      t_s32 c = 0;
+
+      MUL_U32_S64_8(0);
+      ADD_S64_U32_8(0);
+
+      return c;
+
+    } else if (n == 16) {
+      DEF_VARS(16);
+      t_s32 c = 0;
+
+      MUL_U32_S64_8(0);
+      MUL_U32_S64_8(4);
+      ADD_S64_U32_8(0);
+      ADD_S64_U32_8(8);
+
+      return c;
+
+    } else {
+      DEF_VARS(BUFF_SIZE);
+      t_s32 i, c = 0;
+
+#pragma pipeloop(0)
+      for (i = 0; i < (n+1)/2; i ++) {
+        MUL_U32_S64_2(i);
+      }
+
+#pragma pipeloop(0)
+      for (i = 0; i < n; i ++) {
+        ADD_S64_U32(i);
+      }
+
+      return c;
+
+    }
+  } else {
+
+    if (n == 8) {
+      DEF_VARS(2*8);
+      t_d64 d0, d1, db;
+      t_u32 uc = 0;
+
+      da = (t_d64)(a &  A_MASK);
+      db = (t_d64)(a >> A_BITS);
+
+      MUL_U32_S64_D_8(0);
+      ADD_S64_U32_D_8(0);
+
+      return uc;
+
+    } else if (n == 16) {
+      DEF_VARS(2*16);
+      t_d64 d0, d1, db;
+      t_u32 uc = 0;
+
+      da = (t_d64)(a &  A_MASK);
+      db = (t_d64)(a >> A_BITS);
+
+      MUL_U32_S64_D_8(0);
+      MUL_U32_S64_D_8(4);
+      ADD_S64_U32_D_8(0);
+      ADD_S64_U32_D_8(8);
+
+      return uc;
+
+    } else {
+      DEF_VARS(2*BUFF_SIZE);
+      t_d64 d0, d1, db;
+      t_u32 i, uc = 0;
+
+      da = (t_d64)(a &  A_MASK);
+      db = (t_d64)(a >> A_BITS);
+
+#pragma pipeloop(0)
+      for (i = 0; i < (n+1)/2; i ++) {
+        MUL_U32_S64_2_D(i);
+      }
+
+#pragma pipeloop(0)
+      for (i = 0; i < n; i ++) {
+        ADD_S64_U32_D(i);
+      }
+
+      return uc;
+    }
+  }
+}
+
+/***************************************************************/
+
+t_u32 mul_add_inp(t_u32 *x, t_u32 *y, int n, t_u32 a)
+{
+  return mul_add(x, x, y, n, a);
+}
+
+/***************************************************************/
diff --git a/security/nss/lib/freebl/mpi/mpv_sparcv8.s b/security/nss/lib/freebl/mpi/mpv_sparcv8.s
new file mode 100644
index 000000000..8cfa4d0c4
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mpv_sparcv8.s
@@ -0,0 +1,1639 @@
+! Inner multiply loop functions for hybrid 32/64-bit Sparc v8plus CPUs.
+! ***** BEGIN LICENSE BLOCK *****
+! Version: MPL 1.1/GPL 2.0/LGPL 2.1
+! 
+! The contents of this file are subject to the Mozilla Public License Version 
+! 1.1 (the "License"); you may not use this file except in compliance with 
+! the License. You may obtain a copy of the License at 
+! http://www.mozilla.org/MPL/
+! 
+! Software distributed under the License is distributed on an "AS IS" basis,
+! WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+! for the specific language governing rights and limitations under the
+! License.
+!
+! The Original Code is a SPARC v8plus+VIS optimized multiply and add function
+! 
+! The Initial Developer of the Original Code is Sun Microsystems Inc.
+! Portions created by Sun Microsystems Inc. are 
+! Copyright (C) 2000-2005 Sun Microsystems Inc.  All Rights Reserved.
+! 
+! Contributor(s):
+! 
+! Alternatively, the contents of this file may be used under the terms of
+! either the GNU General Public License Version 2 or later (the "GPL"), or
+! the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+! in which case the provisions of the GPL or the LGPL are applicable instead
+! of those above. If you wish to allow use of your version of this file only
+! under the terms of either the GPL or the LGPL, and not to allow others to
+! use your version of this file under the terms of the MPL, indicate your
+! decision by deleting the provisions above and replace them with the notice
+! and other provisions required by the GPL or the LGPL. If you do not delete
+! the provisions above, a recipient may use your version of this file under
+! the terms of any one of the MPL, the GPL or the LGPL.
+! 
+! ***** END LICENSE BLOCK *****
+! $Id$
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   3 ( 0  0) */		.file	"mpv_sparc.c"
+/* 000000	  14 ( 0  0) */		.align	8
+!
+! SUBROUTINE .L_const_seg_900000106
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION	(ISSUE TIME)	(COMPLETION TIME)
+
+        .L_const_seg_900000106:		/* frequency 1.0 confidence 0.0 */
+/* 000000	  19 ( 0  0) */		.word	1127219200,0
+/* 0x0008	  20 ( 0  0) */		.word	1105199103,-4194304
+/* 0x0010	  21 ( 0  0) */		.align	16
+/* 0x0010	  27 ( 0  0) */		.global	mul_add
+
+!
+! ENTRY mul_add
+!
+
+        .global mul_add
+        mul_add:		/* frequency 1.0 confidence 0.0 */
+/* 0x0010	  29 ( 0  1) */		sethi	%hi(0x1800),%g1
+/* 0x0014	  30 ( 0  1) */		sethi	%hi(mask_cnst),%g2
+/* 0x0018	  31 ( 1  2) */		xor	%g1,-984,%g1
+/* 0x001c	  32 ( 1  2) */		add	%g2,%lo(mask_cnst),%g2
+/* 0x0020	  33 ( 2  4) */		save	%sp,%g1,%sp
+
+!
+! ENTRY .L900000154
+!
+
+        .L900000154:		/* frequency 1.0 confidence 0.0 */
+/* 0x0024	  35 ( 0  2) */		call	(.+0x8)	! params = 	! Result = 
+/* 0x0028	     ( 1  2) */		sethi	%hi((_GLOBAL_OFFSET_TABLE_-(.L900000154-.))),%g5
+/* 0x002c	 177 ( 2  3) */		sethi	%hi(.L_const_seg_900000106),%g3
+/* 0x0030	 178 ( 2  3) */		add	%g5,%lo((_GLOBAL_OFFSET_TABLE_-(.L900000154-.))),%g5
+/* 0x0034	 179 ( 3  4) */		or	%g0,%i4,%o1
+/* 0x0038	 180 ( 3  4) */		st	%o1,[%fp+84]
+/* 0x003c	 181 ( 3  4) */		add	%g5,%o7,%o3
+/* 0x0040	 182 ( 4  5) */		add	%g3,%lo(.L_const_seg_900000106),%g3
+/* 0x0044	 183 ( 4  6) */		ld	[%o3+%g2],%g2
+/* 0x0048	 184 ( 4  5) */		or	%g0,%i3,%o2
+/* 0x004c	 185 ( 5  6) */		sethi	%hi(0x80000),%g4
+/* 0x0050	 186 ( 5  7) */		ld	[%o3+%g3],%o0
+/* 0x0054	 187 ( 5  6) */		or	%g0,%i2,%g5
+/* 0x0058	 188 ( 6  7) */		or	%g0,%o2,%o3
+/* 0x005c	 189 ( 6 10) */		ldd	[%g2],%f0
+/* 0x0060	 190 ( 6  7) */		subcc	%o1,%g4,%g0
+/* 0x0064	 191 ( 6  7) */		bcc,pn	%icc,.L77000048	! tprob=0.50
+/* 0x0068	     ( 7  8) */		subcc	%o2,8,%g0
+/* 0x006c	 193 ( 7  8) */		bne,pn	%icc,.L77000037	! tprob=0.50
+/* 0x0070	     ( 8 12) */		ldd	[%o0],%f8
+/* 0x0074	 195 ( 9 13) */		ldd	[%g5],%f4
+/* 0x0078	 196 (10 14) */		ldd	[%g5+8],%f6
+/* 0x007c	 197 (11 15) */		ldd	[%g5+16],%f10
+/* 0x0080	 198 (11 14) */		fmovs	%f8,%f12
+/* 0x0084	 199 (12 16) */		fxnor	%f0,%f4,%f4
+/* 0x0088	 200 (12 14) */		ld	[%fp+84],%f13
+/* 0x008c	 201 (13 17) */		ldd	[%o0+8],%f14
+/* 0x0090	 202 (13 17) */		fxnor	%f0,%f6,%f6
+/* 0x0094	 203 (14 18) */		ldd	[%g5+24],%f16
+/* 0x0098	 204 (14 18) */		fxnor	%f0,%f10,%f10
+/* 0x009c	 208 (15 17) */		ld	[%i1],%g2
+/* 0x00a0	 209 (15 20) */		fsubd	%f12,%f8,%f8
+/* 0x00a4	 210 (16 21) */		fitod	%f4,%f18
+/* 0x00a8	 211 (16 18) */		ld	[%i1+4],%g3
+/* 0x00ac	 212 (17 22) */		fitod	%f5,%f4
+/* 0x00b0	 213 (17 19) */		ld	[%i1+8],%g4
+/* 0x00b4	 214 (18 23) */		fitod	%f6,%f20
+/* 0x00b8	 215 (18 20) */		ld	[%i1+12],%g5
+/* 0x00bc	 216 (19 21) */		ld	[%i1+16],%o0
+/* 0x00c0	 217 (19 24) */		fitod	%f7,%f6
+/* 0x00c4	 218 (20 22) */		ld	[%i1+20],%o1
+/* 0x00c8	 219 (20 24) */		fxnor	%f0,%f16,%f16
+/* 0x00cc	 220 (21 26) */		fsubd	%f14,%f18,%f12
+/* 0x00d0	 221 (21 23) */		ld	[%i1+24],%o2
+/* 0x00d4	 222 (22 27) */		fsubd	%f14,%f4,%f4
+/* 0x00d8	 223 (22 24) */		ld	[%i1+28],%o3
+/* 0x00dc	 224 (23 28) */		fitod	%f10,%f18
+/* 0x00e0	 225 (24 29) */		fsubd	%f14,%f20,%f20
+/* 0x00e4	 226 (25 30) */		fitod	%f11,%f10
+/* 0x00e8	 227 (26 31) */		fsubd	%f14,%f6,%f6
+/* 0x00ec	 228 (26 31) */		fmuld	%f12,%f8,%f12
+/* 0x00f0	 229 (27 32) */		fitod	%f16,%f22
+/* 0x00f4	 230 (27 32) */		fmuld	%f4,%f8,%f4
+/* 0x00f8	 231 (28 33) */		fsubd	%f14,%f18,%f18
+/* 0x00fc	 232 (29 34) */		fitod	%f17,%f16
+/* 0x0100	 233 (29 34) */		fmuld	%f20,%f8,%f20
+/* 0x0104	 234 (30 35) */		fsubd	%f14,%f10,%f10
+/* 0x0108	 235 (31 36) */		fdtox	%f12,%f12
+/* 0x010c	 236 (31 32) */		std	%f12,[%sp+152]
+/* 0x0110	 237 (31 36) */		fmuld	%f6,%f8,%f6
+/* 0x0114	 238 (32 37) */		fdtox	%f4,%f4
+/* 0x0118	 239 (32 33) */		std	%f4,[%sp+144]
+/* 0x011c	 240 (33 38) */		fsubd	%f14,%f22,%f4
+/* 0x0120	 241 (33 38) */		fmuld	%f18,%f8,%f12
+/* 0x0124	 242 (34 39) */		fdtox	%f20,%f18
+/* 0x0128	 243 (34 35) */		std	%f18,[%sp+136]
+/* 0x012c	 244 (35 37) */		ldx	[%sp+152],%o4
+/* 0x0130	 245 (35 40) */		fsubd	%f14,%f16,%f14
+/* 0x0134	 246 (35 40) */		fmuld	%f10,%f8,%f10
+/* 0x0138	 247 (36 41) */		fdtox	%f6,%f6
+/* 0x013c	 248 (36 37) */		std	%f6,[%sp+128]
+/* 0x0140	 249 (37 39) */		ldx	[%sp+144],%o5
+/* 0x0144	 250 (37 38) */		add	%o4,%g2,%o4
+/* 0x0148	 251 (38 39) */		st	%o4,[%i0]
+/* 0x014c	 252 (38 39) */		srax	%o4,32,%g2
+/* 0x0150	 253 (38 43) */		fdtox	%f12,%f6
+/* 0x0154	 254 (38 43) */		fmuld	%f4,%f8,%f4
+/* 0x0158	 255 (39 40) */		std	%f6,[%sp+120]
+/* 0x015c	 256 (39 40) */		add	%o5,%g3,%g3
+/* 0x0160	 257 (40 42) */		ldx	[%sp+136],%o7
+/* 0x0164	 258 (40 41) */		add	%g3,%g2,%g2
+/* 0x0168	 259 (40 45) */		fmuld	%f14,%f8,%f6
+/* 0x016c	 260 (40 45) */		fdtox	%f10,%f8
+/* 0x0170	 261 (41 42) */		std	%f8,[%sp+112]
+/* 0x0174	 262 (41 42) */		srax	%g2,32,%o5
+/* 0x0178	 263 (42 44) */		ldx	[%sp+128],%g3
+/* 0x017c	 264 (42 43) */		add	%o7,%g4,%g4
+/* 0x0180	 265 (43 44) */		st	%g2,[%i0+4]
+/* 0x0184	 266 (43 44) */		add	%g4,%o5,%g4
+/* 0x0188	 267 (43 48) */		fdtox	%f4,%f4
+/* 0x018c	 268 (44 46) */		ldx	[%sp+120],%o5
+/* 0x0190	 269 (44 45) */		add	%g3,%g5,%g3
+/* 0x0194	 270 (44 45) */		srax	%g4,32,%g5
+/* 0x0198	 271 (45 46) */		std	%f4,[%sp+104]
+/* 0x019c	 272 (45 46) */		add	%g3,%g5,%g3
+/* 0x01a0	 273 (45 50) */		fdtox	%f6,%f4
+/* 0x01a4	 274 (46 47) */		std	%f4,[%sp+96]
+/* 0x01a8	 275 (46 47) */		add	%o5,%o0,%o0
+/* 0x01ac	 276 (46 47) */		srax	%g3,32,%o5
+/* 0x01b0	 277 (47 49) */		ldx	[%sp+112],%g5
+/* 0x01b4	 278 (47 48) */		add	%o0,%o5,%o0
+/* 0x01b8	 279 (48 49) */		st	%g4,[%i0+8]
+/* 0x01bc	 280 (49 51) */		ldx	[%sp+104],%o5
+/* 0x01c0	 281 (49 50) */		add	%g5,%o1,%o1
+/* 0x01c4	 282 (49 50) */		srax	%o0,32,%g5
+/* 0x01c8	 283 (50 51) */		st	%o0,[%i0+16]
+/* 0x01cc	 284 (50 51) */		add	%o1,%g5,%o1
+/* 0x01d0	 285 (51 53) */		ldx	[%sp+96],%g5
+/* 0x01d4	 286 (51 52) */		add	%o5,%o2,%o2
+/* 0x01d8	 287 (51 52) */		srax	%o1,32,%o5
+/* 0x01dc	 288 (52 53) */		st	%o1,[%i0+20]
+/* 0x01e0	 289 (52 53) */		add	%o2,%o5,%o2
+/* 0x01e4	 290 (53 54) */		st	%o2,[%i0+24]
+/* 0x01e8	 291 (53 54) */		srax	%o2,32,%g4
+/* 0x01ec	 292 (53 54) */		add	%g5,%o3,%g2
+/* 0x01f0	 293 (54 55) */		st	%g3,[%i0+12]
+/* 0x01f4	 294 (54 55) */		add	%g2,%g4,%g2
+/* 0x01f8	 295 (55 56) */		st	%g2,[%i0+28]
+/* 0x01fc	 299 (55 56) */		srax	%g2,32,%o7
+/* 0x0200	 300 (56 57) */		or	%g0,%o7,%i0
+/* 0x0204	     (57 64) */		ret	! Result =  %o1 %o0 %f0 %f1
+/* 0x0208	     (59 61) */		restore	%g0,%g0,%g0
+
+!
+! ENTRY .L77000037
+!
+
+        .L77000037:		/* frequency 1.0 confidence 0.0 */
+/* 0x020c	 307 ( 0  1) */		subcc	%o2,16,%g0
+/* 0x0210	 308 ( 0  1) */		bne,pn	%icc,.L77000076	! tprob=0.50
+/* 0x0214	     ( 1  5) */		ldd	[%o0],%f8
+/* 0x0218	 310 ( 2  6) */		ldd	[%g5],%f4
+/* 0x021c	 311 ( 3  7) */		ldd	[%g5+8],%f6
+/* 0x0220	 317 ( 4  8) */		ldd	[%o0+8],%f14
+/* 0x0224	 318 ( 4  7) */		fmovs	%f8,%f12
+/* 0x0228	 319 ( 5  7) */		ld	[%fp+84],%f13
+/* 0x022c	 320 ( 5  9) */		fxnor	%f0,%f4,%f4
+/* 0x0230	 321 ( 6 10) */		ldd	[%g5+16],%f10
+/* 0x0234	 322 ( 6 10) */		fxnor	%f0,%f6,%f6
+/* 0x0238	 323 ( 7 11) */		ldd	[%g5+24],%f16
+/* 0x023c	 324 ( 8 12) */		ldd	[%g5+32],%f20
+/* 0x0240	 325 ( 8 13) */		fsubd	%f12,%f8,%f8
+/* 0x0244	 331 ( 9 11) */		ld	[%i1+40],%o7
+/* 0x0248	 332 ( 9 14) */		fitod	%f4,%f18
+/* 0x024c	 333 (10 14) */		ldd	[%g5+40],%f22
+/* 0x0250	 334 (10 15) */		fitod	%f5,%f4
+/* 0x0254	 335 (11 12) */		stx	%o7,[%sp+96]
+/* 0x0258	 336 (11 16) */		fitod	%f6,%f24
+/* 0x025c	 337 (12 14) */		ld	[%i1+44],%o7
+/* 0x0260	 338 (12 16) */		fxnor	%f0,%f10,%f10
+/* 0x0264	 339 (13 17) */		ldd	[%g5+48],%f26
+/* 0x0268	 340 (13 18) */		fitod	%f7,%f6
+/* 0x026c	 341 (14 15) */		stx	%o7,[%sp+104]
+/* 0x0270	 342 (14 19) */		fsubd	%f14,%f18,%f18
+/* 0x0274	 343 (15 17) */		ld	[%i1+48],%o7
+/* 0x0278	 344 (15 20) */		fsubd	%f14,%f4,%f4
+/* 0x027c	 345 (16 18) */		ld	[%i1+36],%o5
+/* 0x0280	 346 (16 21) */		fitod	%f10,%f28
+/* 0x0284	 347 (17 18) */		stx	%o7,[%sp+112]
+/* 0x0288	 348 (17 21) */		fxnor	%f0,%f16,%f16
+/* 0x028c	 349 (18 20) */		ld	[%i1],%g2
+/* 0x0290	 350 (18 23) */		fsubd	%f14,%f24,%f24
+/* 0x0294	 351 (19 20) */		stx	%o5,[%sp+120]
+/* 0x0298	 352 (19 24) */		fitod	%f11,%f10
+/* 0x029c	 353 (19 24) */		fmuld	%f18,%f8,%f18
+/* 0x02a0	 354 (20 22) */		ld	[%i1+52],%o5
+/* 0x02a4	 355 (20 25) */		fsubd	%f14,%f6,%f6
+/* 0x02a8	 356 (20 25) */		fmuld	%f4,%f8,%f4
+/* 0x02ac	 357 (21 26) */		fitod	%f16,%f30
+/* 0x02b0	 358 (22 26) */		fxnor	%f0,%f20,%f20
+/* 0x02b4	 359 (22 24) */		ld	[%i1+4],%g3
+/* 0x02b8	 360 (23 27) */		ldd	[%g5+56],%f2
+/* 0x02bc	 361 (23 28) */		fsubd	%f14,%f28,%f28
+/* 0x02c0	 362 (23 28) */		fmuld	%f24,%f8,%f24
+/* 0x02c4	 363 (24 25) */		stx	%o5,[%sp+128]
+/* 0x02c8	 364 (24 29) */		fdtox	%f18,%f18
+/* 0x02cc	 365 (25 26) */		std	%f18,[%sp+272]
+/* 0x02d0	 366 (25 30) */		fitod	%f17,%f16
+/* 0x02d4	 367 (25 30) */		fmuld	%f6,%f8,%f6
+/* 0x02d8	 368 (26 31) */		fsubd	%f14,%f10,%f10
+/* 0x02dc	 369 (27 32) */		fitod	%f20,%f18
+/* 0x02e0	 370 (28 33) */		fdtox	%f4,%f4
+/* 0x02e4	 371 (28 29) */		std	%f4,[%sp+264]
+/* 0x02e8	 372 (28 33) */		fmuld	%f28,%f8,%f28
+/* 0x02ec	 373 (29 31) */		ld	[%i1+8],%g4
+/* 0x02f0	 374 (29 34) */		fsubd	%f14,%f30,%f4
+/* 0x02f4	 375 (30 34) */		fxnor	%f0,%f22,%f22
+/* 0x02f8	 376 (30 32) */		ld	[%i1+12],%g5
+/* 0x02fc	 377 (31 33) */		ld	[%i1+16],%o0
+/* 0x0300	 378 (31 36) */		fitod	%f21,%f20
+/* 0x0304	 379 (31 36) */		fmuld	%f10,%f8,%f10
+/* 0x0308	 380 (32 34) */		ld	[%i1+20],%o1
+/* 0x030c	 381 (32 37) */		fdtox	%f24,%f24
+/* 0x0310	 382 (33 34) */		std	%f24,[%sp+256]
+/* 0x0314	 383 (33 38) */		fsubd	%f14,%f16,%f16
+/* 0x0318	 384 (34 36) */		ldx	[%sp+272],%o7
+/* 0x031c	 385 (34 39) */		fdtox	%f6,%f6
+/* 0x0320	 386 (34 39) */		fmuld	%f4,%f8,%f4
+/* 0x0324	 387 (35 36) */		std	%f6,[%sp+248]
+/* 0x0328	 388 (35 40) */		fitod	%f22,%f24
+/* 0x032c	 389 (36 38) */		ld	[%i1+32],%o4
+/* 0x0330	 390 (36 41) */		fsubd	%f14,%f18,%f6
+/* 0x0334	 391 (36 37) */		add	%o7,%g2,%g2
+/* 0x0338	 392 (37 39) */		ldx	[%sp+264],%o7
+/* 0x033c	 393 (37 41) */		fxnor	%f0,%f26,%f26
+/* 0x0340	 394 (37 38) */		srax	%g2,32,%o5
+/* 0x0344	 395 (38 39) */		st	%g2,[%i0]
+/* 0x0348	 396 (38 43) */		fitod	%f23,%f18
+/* 0x034c	 397 (38 43) */		fmuld	%f16,%f8,%f16
+/* 0x0350	 398 (39 41) */		ldx	[%sp+248],%g2
+/* 0x0354	 399 (39 44) */		fdtox	%f28,%f22
+/* 0x0358	 400 (39 40) */		add	%o7,%g3,%g3
+/* 0x035c	 401 (40 42) */		ldx	[%sp+256],%o7
+/* 0x0360	 402 (40 45) */		fsubd	%f14,%f20,%f20
+/* 0x0364	 403 (40 41) */		add	%g3,%o5,%g3
+/* 0x0368	 404 (41 42) */		std	%f22,[%sp+240]
+/* 0x036c	 405 (41 46) */		fitod	%f26,%f22
+/* 0x0370	 406 (41 42) */		srax	%g3,32,%o5
+/* 0x0374	 407 (41 42) */		add	%g2,%g5,%g2
+/* 0x0378	 408 (42 43) */		st	%g3,[%i0+4]
+/* 0x037c	 409 (42 47) */		fdtox	%f10,%f10
+/* 0x0380	 410 (42 43) */		add	%o7,%g4,%g4
+/* 0x0384	 411 (42 47) */		fmuld	%f6,%f8,%f6
+/* 0x0388	 412 (43 44) */		std	%f10,[%sp+232]
+/* 0x038c	 413 (43 47) */		fxnor	%f0,%f2,%f12
+/* 0x0390	 414 (43 44) */		add	%g4,%o5,%g4
+/* 0x0394	 415 (44 45) */		st	%g4,[%i0+8]
+/* 0x0398	 416 (44 45) */		srax	%g4,32,%o5
+/* 0x039c	 417 (44 49) */		fsubd	%f14,%f24,%f10
+/* 0x03a0	 418 (45 47) */		ldx	[%sp+240],%o7
+/* 0x03a4	 419 (45 50) */		fdtox	%f4,%f4
+/* 0x03a8	 420 (45 46) */		add	%g2,%o5,%g2
+/* 0x03ac	 421 (45 50) */		fmuld	%f20,%f8,%f20
+/* 0x03b0	 422 (46 47) */		std	%f4,[%sp+224]
+/* 0x03b4	 423 (46 47) */		srax	%g2,32,%g5
+/* 0x03b8	 424 (46 51) */		fsubd	%f14,%f18,%f4
+/* 0x03bc	 425 (47 48) */		st	%g2,[%i0+12]
+/* 0x03c0	 426 (47 52) */		fitod	%f27,%f24
+/* 0x03c4	 427 (47 48) */		add	%o7,%o0,%g3
+/* 0x03c8	 428 (48 50) */		ldx	[%sp+232],%o5
+/* 0x03cc	 429 (48 53) */		fdtox	%f16,%f16
+/* 0x03d0	 430 (48 49) */		add	%g3,%g5,%g2
+/* 0x03d4	 431 (49 50) */		std	%f16,[%sp+216]
+/* 0x03d8	 432 (49 50) */		srax	%g2,32,%g4
+/* 0x03dc	 433 (49 54) */		fitod	%f12,%f18
+/* 0x03e0	 434 (49 54) */		fmuld	%f10,%f8,%f10
+/* 0x03e4	 435 (50 51) */		st	%g2,[%i0+16]
+/* 0x03e8	 436 (50 55) */		fsubd	%f14,%f22,%f16
+/* 0x03ec	 437 (50 51) */		add	%o5,%o1,%g2
+/* 0x03f0	 438 (51 53) */		ld	[%i1+24],%o2
+/* 0x03f4	 439 (51 56) */		fitod	%f13,%f12
+/* 0x03f8	 440 (51 52) */		add	%g2,%g4,%g2
+/* 0x03fc	 441 (51 56) */		fmuld	%f4,%f8,%f22
+/* 0x0400	 442 (52 54) */		ldx	[%sp+224],%g3
+/* 0x0404	 443 (52 53) */		srax	%g2,32,%g4
+/* 0x0408	 444 (52 57) */		fdtox	%f6,%f6
+/* 0x040c	 445 (53 54) */		std	%f6,[%sp+208]
+/* 0x0410	 446 (53 58) */		fdtox	%f20,%f6
+/* 0x0414	 447 (54 55) */		stx	%o4,[%sp+136]
+/* 0x0418	 448 (54 59) */		fsubd	%f14,%f24,%f4
+/* 0x041c	 449 (55 56) */		std	%f6,[%sp+200]
+/* 0x0420	 450 (55 60) */		fsubd	%f14,%f18,%f6
+/* 0x0424	 451 (55 60) */		fmuld	%f16,%f8,%f16
+/* 0x0428	 452 (56 57) */		st	%g2,[%i0+20]
+/* 0x042c	 453 (56 57) */		add	%g3,%o2,%g2
+/* 0x0430	 454 (56 61) */		fdtox	%f10,%f10
+/* 0x0434	 455 (57 59) */		ld	[%i1+28],%o3
+/* 0x0438	 456 (57 58) */		add	%g2,%g4,%g2
+/* 0x043c	 457 (58 60) */		ldx	[%sp+216],%g5
+/* 0x0440	 458 (58 59) */		srax	%g2,32,%g4
+/* 0x0444	 459 (59 60) */		std	%f10,[%sp+192]
+/* 0x0448	 460 (59 64) */		fsubd	%f14,%f12,%f10
+/* 0x044c	 461 (59 64) */		fmuld	%f4,%f8,%f4
+/* 0x0450	 462 (60 61) */		st	%g2,[%i0+24]
+/* 0x0454	 463 (60 61) */		add	%g5,%o3,%g2
+/* 0x0458	 464 (60 65) */		fdtox	%f22,%f12
+/* 0x045c	 465 (60 65) */		fmuld	%f6,%f8,%f6
+/* 0x0460	 466 (61 63) */		ldx	[%sp+136],%o0
+/* 0x0464	 467 (61 62) */		add	%g2,%g4,%g2
+/* 0x0468	 468 (62 64) */		ldx	[%sp+208],%g3
+/* 0x046c	 469 (62 63) */		srax	%g2,32,%g4
+/* 0x0470	 470 (63 65) */		ldx	[%sp+120],%o1
+/* 0x0474	 471 (64 66) */		ldx	[%sp+200],%g5
+/* 0x0478	 472 (64 65) */		add	%g3,%o0,%g3
+/* 0x047c	 473 (64 69) */		fdtox	%f4,%f4
+/* 0x0480	 474 (64 69) */		fmuld	%f10,%f8,%f8
+/* 0x0484	 475 (65 66) */		std	%f12,[%sp+184]
+/* 0x0488	 476 (65 66) */		add	%g3,%g4,%g3
+/* 0x048c	 477 (65 70) */		fdtox	%f16,%f12
+/* 0x0490	 478 (66 67) */		std	%f12,[%sp+176]
+/* 0x0494	 479 (66 67) */		srax	%g3,32,%o0
+/* 0x0498	 480 (66 67) */		add	%g5,%o1,%g5
+/* 0x049c	 481 (67 69) */		ldx	[%sp+192],%o2
+/* 0x04a0	 482 (67 68) */		add	%g5,%o0,%g5
+/* 0x04a4	 483 (68 70) */		ldx	[%sp+96],%g4
+/* 0x04a8	 484 (68 69) */		srax	%g5,32,%o1
+/* 0x04ac	 485 (69 71) */		ld	[%i1+56],%o4
+/* 0x04b0	 486 (70 72) */		ldx	[%sp+104],%o0
+/* 0x04b4	 487 (70 71) */		add	%o2,%g4,%g4
+/* 0x04b8	 488 (71 72) */		std	%f4,[%sp+168]
+/* 0x04bc	 489 (71 72) */		add	%g4,%o1,%g4
+/* 0x04c0	 490 (71 76) */		fdtox	%f6,%f4
+/* 0x04c4	 491 (72 74) */		ldx	[%sp+184],%o3
+/* 0x04c8	 492 (72 73) */		srax	%g4,32,%o2
+/* 0x04cc	 493 (73 75) */		ldx	[%sp+112],%o1
+/* 0x04d0	 494 (74 75) */		std	%f4,[%sp+160]
+/* 0x04d4	 495 (74 75) */		add	%o3,%o0,%o0
+/* 0x04d8	 496 (74 79) */		fdtox	%f8,%f4
+/* 0x04dc	 497 (75 77) */		ldx	[%sp+176],%o5
+/* 0x04e0	 498 (75 76) */		add	%o0,%o2,%o0
+/* 0x04e4	 499 (76 77) */		stx	%o4,[%sp+144]
+/* 0x04e8	 500 (77 78) */		st	%g2,[%i0+28]
+/* 0x04ec	 501 (77 78) */		add	%o5,%o1,%g2
+/* 0x04f0	 502 (77 78) */		srax	%o0,32,%o1
+/* 0x04f4	 503 (78 79) */		std	%f4,[%sp+152]
+/* 0x04f8	 504 (78 79) */		add	%g2,%o1,%o1
+/* 0x04fc	 505 (79 81) */		ldx	[%sp+168],%o7
+/* 0x0500	 506 (79 80) */		srax	%o1,32,%o3
+/* 0x0504	 507 (80 82) */		ldx	[%sp+128],%o2
+/* 0x0508	 508 (81 83) */		ld	[%i1+60],%o4
+/* 0x050c	 509 (82 83) */		add	%o7,%o2,%o2
+/* 0x0510	 510 (83 84) */		add	%o2,%o3,%o2
+/* 0x0514	 511 (83 85) */		ldx	[%sp+144],%o5
+/* 0x0518	 512 (84 86) */		ldx	[%sp+160],%g2
+/* 0x051c	 513 (85 87) */		ldx	[%sp+152],%o3
+/* 0x0520	 514 (86 87) */		st	%g3,[%i0+32]
+/* 0x0524	 515 (86 87) */		add	%g2,%o5,%g2
+/* 0x0528	 516 (86 87) */		srax	%o2,32,%o5
+/* 0x052c	 517 (87 88) */		st	%g5,[%i0+36]
+/* 0x0530	 518 (87 88) */		add	%g2,%o5,%g2
+/* 0x0534	 519 (87 88) */		add	%o3,%o4,%g3
+/* 0x0538	 520 (88 89) */		st	%o0,[%i0+44]
+/* 0x053c	 521 (88 89) */		srax	%g2,32,%g5
+/* 0x0540	 522 (89 90) */		st	%o1,[%i0+48]
+/* 0x0544	 523 (89 90) */		add	%g3,%g5,%g3
+/* 0x0548	 524 (90 91) */		st	%o2,[%i0+52]
+/* 0x054c	 528 (90 91) */		srax	%g3,32,%o7
+/* 0x0550	 529 (91 92) */		st	%g4,[%i0+40]
+/* 0x0554	 530 (92 93) */		st	%g2,[%i0+56]
+/* 0x0558	 531 (93 94) */		st	%g3,[%i0+60]
+/* 0x055c	 532 (93 94) */		or	%g0,%o7,%i0
+/* 0x0560	     (94 101) */		ret	! Result =  %o1 %o0 %f0 %f1
+/* 0x0564	     (96 98) */		restore	%g0,%g0,%g0
+
+!
+! ENTRY .L77000076
+!
+
+        .L77000076:		/* frequency 1.0 confidence 0.0 */
+/* 0x0568	 540 ( 0  4) */		ldd	[%o0],%f6
+/* 0x056c	 546 ( 0  1) */		add	%o2,1,%g2
+/* 0x0570	 547 ( 0  3) */		fmovd	%f0,%f14
+/* 0x0574	 548 ( 0  1) */		or	%g0,0,%o7
+/* 0x0578	 549 ( 1  3) */		ld	[%fp+84],%f9
+/* 0x057c	 550 ( 1  2) */		srl	%g2,31,%g3
+/* 0x0580	 551 ( 1  2) */		add	%fp,-2264,%o5
+/* 0x0584	 552 ( 2  3) */		add	%g2,%g3,%g2
+/* 0x0588	 553 ( 2  6) */		ldd	[%o0+8],%f18
+/* 0x058c	 554 ( 2  3) */		add	%fp,-2256,%o4
+/* 0x0590	 555 ( 3  6) */		fmovs	%f6,%f8
+/* 0x0594	 556 ( 3  4) */		sra	%g2,1,%o1
+/* 0x0598	 557 ( 3  4) */		or	%g0,0,%g2
+/* 0x059c	 558 ( 4  5) */		subcc	%o1,0,%g0
+/* 0x05a0	 559 ( 4  5) */		sub	%o1,1,%o2
+/* 0x05a4	 563 ( 5  6) */		add	%g5,32,%o0
+/* 0x05a8	 564 ( 6 11) */		fsubd	%f8,%f6,%f16
+/* 0x05ac	 565 ( 6  7) */		ble,pt	%icc,.L900000161	! tprob=0.50
+/* 0x05b0	     ( 6  7) */		subcc	%o3,0,%g0
+/* 0x05b4	 567 ( 7  8) */		subcc	%o1,7,%g0
+/* 0x05b8	 568 ( 7  8) */		bl,pn	%icc,.L77000077	! tprob=0.50
+/* 0x05bc	     ( 7  8) */		sub	%o1,2,%o1
+/* 0x05c0	 570 ( 8 12) */		ldd	[%g5],%f2
+/* 0x05c4	 571 ( 9 13) */		ldd	[%g5+8],%f4
+/* 0x05c8	 572 ( 9 10) */		or	%g0,5,%g2
+/* 0x05cc	 573 (10 14) */		ldd	[%g5+16],%f0
+/* 0x05d0	 574 (11 15) */		fxnor	%f14,%f2,%f2
+/* 0x05d4	 575 (11 15) */		ldd	[%g5+24],%f12
+/* 0x05d8	 576 (12 16) */		fxnor	%f14,%f4,%f6
+/* 0x05dc	 577 (12 16) */		ldd	[%g5+32],%f10
+/* 0x05e0	 578 (13 17) */		fxnor	%f14,%f0,%f8
+/* 0x05e4	 579 (15 20) */		fitod	%f3,%f0
+/* 0x05e8	 580 (16 21) */		fitod	%f2,%f4
+/* 0x05ec	 581 (17 22) */		fitod	%f7,%f2
+/* 0x05f0	 582 (18 23) */		fitod	%f6,%f6
+/* 0x05f4	 583 (20 25) */		fsubd	%f18,%f0,%f0
+/* 0x05f8	 584 (21 26) */		fsubd	%f18,%f4,%f4
+
+!
+! ENTRY .L900000149
+!
+
+        .L900000149:		/* frequency 1.0 confidence 0.0 */
+/* 0x05fc	 586 ( 0  4) */		fxnor	%f14,%f12,%f22
+/* 0x0600	 587 ( 0  5) */		fmuld	%f4,%f16,%f4
+/* 0x0604	 588 ( 0  1) */		add	%g2,2,%g2
+/* 0x0608	 589 ( 0  1) */		add	%o4,32,%o4
+/* 0x060c	 590 ( 1  6) */		fitod	%f9,%f24
+/* 0x0610	 591 ( 1  6) */		fmuld	%f0,%f16,%f20
+/* 0x0614	 592 ( 1  2) */		add	%o0,8,%o0
+/* 0x0618	 593 ( 1  2) */		subcc	%g2,%o1,%g0
+/* 0x061c	 594 ( 2  6) */		ldd	[%o0],%f12
+/* 0x0620	 595 ( 2  7) */		fsubd	%f18,%f2,%f0
+/* 0x0624	 596 ( 2  3) */		add	%o5,32,%o5
+/* 0x0628	 597 ( 3  8) */		fsubd	%f18,%f6,%f2
+/* 0x062c	 598 ( 5 10) */		fdtox	%f4,%f4
+/* 0x0630	 599 ( 6 11) */		fdtox	%f20,%f6
+/* 0x0634	 600 ( 6  7) */		std	%f4,[%o5-32]
+/* 0x0638	 601 ( 7 12) */		fitod	%f8,%f4
+/* 0x063c	 602 ( 7  8) */		std	%f6,[%o4-32]
+/* 0x0640	 603 ( 8 12) */		fxnor	%f14,%f10,%f8
+/* 0x0644	 604 ( 8 13) */		fmuld	%f2,%f16,%f6
+/* 0x0648	 605 ( 9 14) */		fitod	%f23,%f2
+/* 0x064c	 606 ( 9 14) */		fmuld	%f0,%f16,%f20
+/* 0x0650	 607 ( 9 10) */		add	%o0,8,%o0
+/* 0x0654	 608 (10 14) */		ldd	[%o0],%f10
+/* 0x0658	 609 (10 15) */		fsubd	%f18,%f24,%f0
+/* 0x065c	 610 (12 17) */		fsubd	%f18,%f4,%f4
+/* 0x0660	 611 (13 18) */		fdtox	%f6,%f6
+/* 0x0664	 612 (14 19) */		fdtox	%f20,%f20
+/* 0x0668	 613 (14 15) */		std	%f6,[%o5-16]
+/* 0x066c	 614 (15 20) */		fitod	%f22,%f6
+/* 0x0670	 615 (15 16) */		ble,pt	%icc,.L900000149	! tprob=0.50
+/* 0x0674	     (15 16) */		std	%f20,[%o4-16]
+
+!
+! ENTRY .L900000152
+!
+
+        .L900000152:		/* frequency 1.0 confidence 0.0 */
+/* 0x0678	 618 ( 0  4) */		fxnor	%f14,%f12,%f12
+/* 0x067c	 619 ( 0  5) */		fmuld	%f0,%f16,%f22
+/* 0x0680	 620 ( 0  1) */		add	%o5,80,%o5
+/* 0x0684	 621 ( 0  1) */		add	%o4,80,%o4
+/* 0x0688	 622 ( 1  5) */		fxnor	%f14,%f10,%f0
+/* 0x068c	 623 ( 1  6) */		fmuld	%f4,%f16,%f24
+/* 0x0690	 624 ( 1  2) */		subcc	%g2,%o2,%g0
+/* 0x0694	 625 ( 1  2) */		add	%o0,8,%g5
+/* 0x0698	 626 ( 2  7) */		fitod	%f8,%f20
+/* 0x069c	 627 ( 3  8) */		fitod	%f9,%f8
+/* 0x06a0	 628 ( 4  9) */		fsubd	%f18,%f6,%f6
+/* 0x06a4	 629 ( 5 10) */		fitod	%f12,%f26
+/* 0x06a8	 630 ( 6 11) */		fitod	%f13,%f4
+/* 0x06ac	 631 ( 7 12) */		fsubd	%f18,%f2,%f12
+/* 0x06b0	 632 ( 8 13) */		fitod	%f0,%f2
+/* 0x06b4	 633 ( 9 14) */		fitod	%f1,%f0
+/* 0x06b8	 634 (10 15) */		fsubd	%f18,%f20,%f10
+/* 0x06bc	 635 (10 15) */		fmuld	%f6,%f16,%f20
+/* 0x06c0	 636 (11 16) */		fsubd	%f18,%f8,%f8
+/* 0x06c4	 637 (12 17) */		fsubd	%f18,%f26,%f6
+/* 0x06c8	 638 (12 17) */		fmuld	%f12,%f16,%f12
+/* 0x06cc	 639 (13 18) */		fsubd	%f18,%f4,%f4
+/* 0x06d0	 640 (14 19) */		fsubd	%f18,%f2,%f2
+/* 0x06d4	 641 (15 20) */		fsubd	%f18,%f0,%f0
+/* 0x06d8	 642 (15 20) */		fmuld	%f10,%f16,%f10
+/* 0x06dc	 643 (16 21) */		fdtox	%f24,%f24
+/* 0x06e0	 644 (16 17) */		std	%f24,[%o5-80]
+/* 0x06e4	 645 (16 21) */		fmuld	%f8,%f16,%f8
+/* 0x06e8	 646 (17 22) */		fdtox	%f22,%f22
+/* 0x06ec	 647 (17 18) */		std	%f22,[%o4-80]
+/* 0x06f0	 648 (17 22) */		fmuld	%f6,%f16,%f6
+/* 0x06f4	 649 (18 23) */		fdtox	%f20,%f20
+/* 0x06f8	 650 (18 19) */		std	%f20,[%o5-64]
+/* 0x06fc	 651 (18 23) */		fmuld	%f4,%f16,%f4
+/* 0x0700	 652 (19 24) */		fdtox	%f12,%f12
+/* 0x0704	 653 (19 20) */		std	%f12,[%o4-64]
+/* 0x0708	 654 (19 24) */		fmuld	%f2,%f16,%f2
+/* 0x070c	 655 (20 25) */		fdtox	%f10,%f10
+/* 0x0710	 656 (20 21) */		std	%f10,[%o5-48]
+/* 0x0714	 657 (20 25) */		fmuld	%f0,%f16,%f0
+/* 0x0718	 658 (21 26) */		fdtox	%f8,%f8
+/* 0x071c	 659 (21 22) */		std	%f8,[%o4-48]
+/* 0x0720	 660 (22 27) */		fdtox	%f6,%f6
+/* 0x0724	 661 (22 23) */		std	%f6,[%o5-32]
+/* 0x0728	 662 (23 28) */		fdtox	%f4,%f4
+/* 0x072c	 663 (23 24) */		std	%f4,[%o4-32]
+/* 0x0730	 664 (24 29) */		fdtox	%f2,%f2
+/* 0x0734	 665 (24 25) */		std	%f2,[%o5-16]
+/* 0x0738	 666 (25 30) */		fdtox	%f0,%f0
+/* 0x073c	 667 (25 26) */		bg,pn	%icc,.L77000043	! tprob=0.50
+/* 0x0740	     (25 26) */		std	%f0,[%o4-16]
+
+!
+! ENTRY .L77000077
+!
+
+        .L77000077:		/* frequency 1.0 confidence 0.0 */
+/* 0x0744	 670 ( 0  4) */		ldd	[%g5],%f0
+
+!
+! ENTRY .L900000160
+!
+
+        .L900000160:		/* frequency 1.0 confidence 0.0 */
+/* 0x0748	 672 ( 0  4) */		fxnor	%f14,%f0,%f0
+/* 0x074c	 673 ( 0  1) */		add	%g2,1,%g2
+/* 0x0750	 674 ( 0  1) */		add	%g5,8,%g5
+/* 0x0754	 675 ( 1  2) */		subcc	%g2,%o2,%g0
+/* 0x0758	 676 ( 4  9) */		fitod	%f0,%f2
+/* 0x075c	 677 ( 5 10) */		fitod	%f1,%f0
+/* 0x0760	 678 ( 9 14) */		fsubd	%f18,%f2,%f2
+/* 0x0764	 679 (10 15) */		fsubd	%f18,%f0,%f0
+/* 0x0768	 680 (14 19) */		fmuld	%f2,%f16,%f2
+/* 0x076c	 681 (15 20) */		fmuld	%f0,%f16,%f0
+/* 0x0770	 682 (19 24) */		fdtox	%f2,%f2
+/* 0x0774	 683 (19 20) */		std	%f2,[%o5]
+/* 0x0778	 684 (19 20) */		add	%o5,16,%o5
+/* 0x077c	 685 (20 25) */		fdtox	%f0,%f0
+/* 0x0780	 686 (20 21) */		std	%f0,[%o4]
+/* 0x0784	 687 (20 21) */		add	%o4,16,%o4
+/* 0x0788	 688 (20 21) */		ble,a,pt	%icc,.L900000160	! tprob=0.50
+/* 0x078c	     (23 27) */		ldd	[%g5],%f0
+
+!
+! ENTRY .L77000043
+!
+
+        .L77000043:		/* frequency 1.0 confidence 0.0 */
+/* 0x0790	 696 ( 0  1) */		subcc	%o3,0,%g0
+
+!
+! ENTRY .L900000161
+!
+
+        .L900000161:		/* frequency 1.0 confidence 0.0 */
+/* 0x0794	 698 ( 0  1) */		ble,a,pt	%icc,.L900000159	! tprob=0.50
+/* 0x0798	     ( 0  1) */		or	%g0,%o7,%i0
+/* 0x079c	 703 ( 0  2) */		ldx	[%fp-2256],%o2
+/* 0x07a0	 704 ( 0  1) */		or	%g0,%i1,%g3
+/* 0x07a4	 705 ( 1  2) */		sub	%o3,1,%o5
+/* 0x07a8	 706 ( 1  2) */		or	%g0,0,%g4
+/* 0x07ac	 707 ( 2  3) */		add	%fp,-2264,%g5
+/* 0x07b0	 708 ( 2  3) */		or	%g0,%i0,%g2
+/* 0x07b4	 709 ( 3  4) */		subcc	%o3,6,%g0
+/* 0x07b8	 710 ( 3  4) */		sub	%o5,2,%o4
+/* 0x07bc	 711 ( 3  4) */		bl,pn	%icc,.L77000078	! tprob=0.50
+/* 0x07c0	     ( 3  5) */		ldx	[%fp-2264],%o0
+/* 0x07c4	 713 ( 4  6) */		ld	[%g3],%o1
+/* 0x07c8	 714 ( 4  5) */		add	%g2,4,%g2
+/* 0x07cc	 715 ( 4  5) */		or	%g0,3,%g4
+/* 0x07d0	 716 ( 5  7) */		ld	[%g3+4],%o3
+/* 0x07d4	 717 ( 5  6) */		add	%g3,8,%g3
+/* 0x07d8	 718 ( 5  6) */		add	%fp,-2240,%g5
+/* 0x07dc	 719 ( 6  7) */		add	%o0,%o1,%o0
+/* 0x07e0	 720 ( 6  8) */		ldx	[%fp-2248],%o1
+/* 0x07e4	 721 ( 7  8) */		st	%o0,[%g2-4]
+/* 0x07e8	 722 ( 7  8) */		srax	%o0,32,%o0
+
+!
+! ENTRY .L900000145
+!
+
+        .L900000145:		/* frequency 1.0 confidence 0.0 */
+/* 0x07ec	 724 ( 0  2) */		ld	[%g3],%o7
+/* 0x07f0	 725 ( 0  1) */		add	%o2,%o3,%o2
+/* 0x07f4	 726 ( 0  1) */		sra	%o0,0,%o3
+/* 0x07f8	 727 ( 1  3) */		ldx	[%g5],%o0
+/* 0x07fc	 728 ( 1  2) */		add	%o2,%o3,%o2
+/* 0x0800	 729 ( 1  2) */		add	%g4,3,%g4
+/* 0x0804	 730 ( 2  3) */		st	%o2,[%g2]
+/* 0x0808	 731 ( 2  3) */		srax	%o2,32,%o3
+/* 0x080c	 732 ( 2  3) */		subcc	%g4,%o4,%g0
+/* 0x0810	 733 ( 3  5) */		ld	[%g3+4],%o2
+/* 0x0814	 734 ( 4  5) */		stx	%o2,[%sp+96]
+/* 0x0818	 735 ( 4  5) */		add	%o1,%o7,%o1
+/* 0x081c	 736 ( 5  7) */		ldx	[%g5+8],%o2
+/* 0x0820	 737 ( 5  6) */		add	%o1,%o3,%o1
+/* 0x0824	 738 ( 5  6) */		add	%g2,12,%g2
+/* 0x0828	 739 ( 6  7) */		st	%o1,[%g2-8]
+/* 0x082c	 740 ( 6  7) */		srax	%o1,32,%o7
+/* 0x0830	 741 ( 6  7) */		add	%g3,12,%g3
+/* 0x0834	 742 ( 7  9) */		ld	[%g3-4],%o3
+/* 0x0838	 743 ( 8 10) */		ldx	[%sp+96],%o1
+/* 0x083c	 744 (10 11) */		add	%o0,%o1,%o0
+/* 0x0840	 745 (10 12) */		ldx	[%g5+16],%o1
+/* 0x0844	 746 (11 12) */		add	%o0,%o7,%o0
+/* 0x0848	 747 (11 12) */		add	%g5,24,%g5
+/* 0x084c	 748 (11 12) */		st	%o0,[%g2-4]
+/* 0x0850	 749 (11 12) */		ble,pt	%icc,.L900000145	! tprob=0.50
+/* 0x0854	     (12 13) */		srax	%o0,32,%o0
+
+!
+! ENTRY .L900000148
+!
+
+        .L900000148:		/* frequency 1.0 confidence 0.0 */
+/* 0x0858	 752 ( 0  1) */		add	%o2,%o3,%o2
+/* 0x085c	 753 ( 0  1) */		sra	%o0,0,%o3
+/* 0x0860	 754 ( 0  2) */		ld	[%g3],%o0
+/* 0x0864	 755 ( 1  2) */		add	%o2,%o3,%o3
+/* 0x0868	 756 ( 1  2) */		add	%g2,8,%g2
+/* 0x086c	 757 ( 2  3) */		srax	%o3,32,%o2
+/* 0x0870	 758 ( 2  3) */		st	%o3,[%g2-8]
+/* 0x0874	 759 ( 2  3) */		add	%o1,%o0,%o0
+/* 0x0878	 760 ( 3  4) */		add	%o0,%o2,%o0
+/* 0x087c	 761 ( 3  4) */		st	%o0,[%g2-4]
+/* 0x0880	 762 ( 3  4) */		subcc	%g4,%o5,%g0
+/* 0x0884	 763 ( 3  4) */		bg,pn	%icc,.L77000061	! tprob=0.50
+/* 0x0888	     ( 4  5) */		srax	%o0,32,%o7
+/* 0x088c	 765 ( 4  5) */		add	%g3,4,%g3
+
+!
+! ENTRY .L77000078
+!
+
+        .L77000078:		/* frequency 1.0 confidence 0.0 */
+/* 0x0890	 767 ( 0  2) */		ld	[%g3],%o2
+
+!
+! ENTRY .L900000158
+!
+
+        .L900000158:		/* frequency 1.0 confidence 0.0 */
+/* 0x0894	 769 ( 0  2) */		ldx	[%g5],%o0
+/* 0x0898	 770 ( 0  1) */		sra	%o7,0,%o1
+/* 0x089c	 771 ( 0  1) */		add	%g4,1,%g4
+/* 0x08a0	 772 ( 1  2) */		add	%g3,4,%g3
+/* 0x08a4	 773 ( 1  2) */		add	%g5,8,%g5
+/* 0x08a8	 774 ( 2  3) */		add	%o0,%o2,%o0
+/* 0x08ac	 775 ( 2  3) */		subcc	%g4,%o5,%g0
+/* 0x08b0	 776 ( 3  4) */		add	%o0,%o1,%o0
+/* 0x08b4	 777 ( 3  4) */		st	%o0,[%g2]
+/* 0x08b8	 778 ( 3  4) */		add	%g2,4,%g2
+/* 0x08bc	 779 ( 4  5) */		srax	%o0,32,%o7
+/* 0x08c0	 780 ( 4  5) */		ble,a,pt	%icc,.L900000158	! tprob=0.50
+/* 0x08c4	     ( 4  6) */		ld	[%g3],%o2
+
+!
+! ENTRY .L77000047
+!
+
+        .L77000047:		/* frequency 1.0 confidence 0.0 */
+/* 0x08c8	 783 ( 0  1) */		or	%g0,%o7,%i0
+/* 0x08cc	     ( 1  8) */		ret	! Result =  %o1 %o0 %f0 %f1
+/* 0x08d0	     ( 3  5) */		restore	%g0,%g0,%g0
+
+!
+! ENTRY .L77000048
+!
+
+        .L77000048:		/* frequency 1.0 confidence 0.0 */
+/* 0x08d4	 794 ( 0  1) */		bne,pn	%icc,.L77000050	! tprob=0.50
+/* 0x08d8	     ( 0  1) */		sethi	%hi(0xfff80000),%g2
+/* 0x08dc	 796 ( 0  4) */		ldd	[%g5],%f4
+/* 0x08e0	 804 ( 0  1) */		srl	%o1,19,%g3
+/* 0x08e4	 805 ( 1  2) */		st	%g3,[%sp+240]
+/* 0x08e8	 806 ( 1  2) */		andn	%o1,%g2,%g2
+/* 0x08ec	 807 ( 2  6) */		ldd	[%o0],%f8
+/* 0x08f0	 808 ( 3  4) */		st	%g2,[%sp+244]
+/* 0x08f4	 809 ( 3  7) */		fxnor	%f0,%f4,%f4
+/* 0x08f8	 810 ( 4  8) */		ldd	[%g5+8],%f6
+/* 0x08fc	 814 ( 5  9) */		ldd	[%o0+8],%f18
+/* 0x0900	 815 ( 5  8) */		fmovs	%f8,%f12
+/* 0x0904	 816 ( 6 10) */		ldd	[%g5+16],%f10
+/* 0x0908	 817 ( 6  9) */		fmovs	%f8,%f16
+/* 0x090c	 818 ( 7 11) */		ldd	[%g5+24],%f20
+/* 0x0910	 819 ( 7 12) */		fitod	%f4,%f14
+/* 0x0914	 823 ( 8 10) */		ld	[%i1],%g2
+/* 0x0918	 824 ( 8 13) */		fitod	%f5,%f4
+/* 0x091c	 825 ( 9 11) */		ld	[%sp+240],%f13
+/* 0x0920	 826 ( 9 13) */		fxnor	%f0,%f6,%f6
+/* 0x0924	 827 (10 12) */		ld	[%sp+244],%f17
+/* 0x0928	 828 (10 14) */		fxnor	%f0,%f10,%f10
+/* 0x092c	 829 (11 13) */		ld	[%i1+28],%o3
+/* 0x0930	 830 (11 15) */		fxnor	%f0,%f20,%f20
+/* 0x0934	 831 (12 14) */		ld	[%i1+4],%g3
+/* 0x0938	 832 (12 17) */		fsubd	%f12,%f8,%f12
+/* 0x093c	 833 (13 14) */		stx	%o3,[%sp+96]
+/* 0x0940	 834 (13 18) */		fsubd	%f18,%f14,%f14
+/* 0x0944	 835 (14 16) */		ld	[%i1+8],%g4
+/* 0x0948	 836 (14 19) */		fsubd	%f16,%f8,%f8
+/* 0x094c	 837 (15 17) */		ld	[%i1+12],%g5
+/* 0x0950	 838 (15 20) */		fsubd	%f18,%f4,%f4
+/* 0x0954	 839 (16 18) */		ld	[%i1+16],%o0
+/* 0x0958	 840 (16 21) */		fitod	%f6,%f22
+/* 0x095c	 841 (17 19) */		ld	[%i1+20],%o1
+/* 0x0960	 842 (17 22) */		fitod	%f7,%f6
+/* 0x0964	 843 (18 20) */		ld	[%i1+24],%o2
+/* 0x0968	 844 (18 23) */		fitod	%f10,%f16
+/* 0x096c	 845 (18 23) */		fmuld	%f14,%f12,%f24
+/* 0x0970	 846 (19 24) */		fitod	%f20,%f28
+/* 0x0974	 847 (19 24) */		fmuld	%f14,%f8,%f14
+/* 0x0978	 848 (20 25) */		fitod	%f11,%f10
+/* 0x097c	 849 (20 25) */		fmuld	%f4,%f12,%f26
+/* 0x0980	 850 (21 26) */		fsubd	%f18,%f22,%f22
+/* 0x0984	 851 (21 26) */		fmuld	%f4,%f8,%f4
+/* 0x0988	 852 (22 27) */		fsubd	%f18,%f6,%f6
+/* 0x098c	 853 (23 28) */		fdtox	%f24,%f24
+/* 0x0990	 854 (23 24) */		std	%f24,[%sp+224]
+/* 0x0994	 855 (24 29) */		fdtox	%f14,%f14
+/* 0x0998	 856 (24 25) */		std	%f14,[%sp+232]
+/* 0x099c	 857 (25 30) */		fdtox	%f26,%f14
+/* 0x09a0	 858 (25 26) */		std	%f14,[%sp+208]
+/* 0x09a4	 859 (26 28) */		ldx	[%sp+224],%o4
+/* 0x09a8	 860 (26 31) */		fitod	%f21,%f20
+/* 0x09ac	 861 (26 31) */		fmuld	%f22,%f12,%f30
+/* 0x09b0	 862 (27 29) */		ldx	[%sp+232],%o5
+/* 0x09b4	 863 (27 32) */		fsubd	%f18,%f16,%f16
+/* 0x09b8	 864 (27 32) */		fmuld	%f22,%f8,%f22
+/* 0x09bc	 865 (28 29) */		sllx	%o4,19,%o4
+/* 0x09c0	 866 (28 33) */		fdtox	%f4,%f4
+/* 0x09c4	 867 (28 29) */		std	%f4,[%sp+216]
+/* 0x09c8	 868 (28 33) */		fmuld	%f6,%f12,%f24
+/* 0x09cc	 869 (29 34) */		fsubd	%f18,%f28,%f26
+/* 0x09d0	 870 (29 30) */		add	%o5,%o4,%o4
+/* 0x09d4	 871 (29 34) */		fmuld	%f6,%f8,%f6
+/* 0x09d8	 872 (30 35) */		fsubd	%f18,%f10,%f10
+/* 0x09dc	 873 (30 31) */		add	%o4,%g2,%g2
+/* 0x09e0	 874 (30 31) */		st	%g2,[%i0]
+/* 0x09e4	 875 (31 33) */		ldx	[%sp+208],%o7
+/* 0x09e8	 876 (31 32) */		srlx	%g2,32,%o5
+/* 0x09ec	 877 (31 36) */		fsubd	%f18,%f20,%f18
+/* 0x09f0	 878 (32 37) */		fdtox	%f30,%f28
+/* 0x09f4	 879 (32 33) */		std	%f28,[%sp+192]
+/* 0x09f8	 880 (32 37) */		fmuld	%f16,%f12,%f14
+/* 0x09fc	 881 (33 34) */		sllx	%o7,19,%o4
+/* 0x0a00	 882 (33 35) */		ldx	[%sp+216],%o7
+/* 0x0a04	 883 (33 38) */		fdtox	%f22,%f20
+/* 0x0a08	 884 (33 38) */		fmuld	%f16,%f8,%f16
+/* 0x0a0c	 885 (34 35) */		std	%f20,[%sp+200]
+/* 0x0a10	 886 (34 39) */		fdtox	%f24,%f20
+/* 0x0a14	 887 (34 39) */		fmuld	%f26,%f12,%f22
+/* 0x0a18	 888 (35 36) */		std	%f20,[%sp+176]
+/* 0x0a1c	 889 (35 36) */		add	%o7,%o4,%o4
+/* 0x0a20	 890 (35 40) */		fdtox	%f6,%f6
+/* 0x0a24	 891 (35 40) */		fmuld	%f10,%f12,%f4
+/* 0x0a28	 892 (36 38) */		ldx	[%sp+192],%o3
+/* 0x0a2c	 893 (36 37) */		add	%o4,%g3,%g3
+/* 0x0a30	 894 (36 41) */		fmuld	%f10,%f8,%f10
+/* 0x0a34	 895 (37 38) */		std	%f6,[%sp+184]
+/* 0x0a38	 896 (37 38) */		add	%g3,%o5,%g3
+/* 0x0a3c	 897 (37 42) */		fdtox	%f14,%f6
+/* 0x0a40	 898 (37 42) */		fmuld	%f26,%f8,%f20
+/* 0x0a44	 899 (38 40) */		ldx	[%sp+200],%o4
+/* 0x0a48	 900 (38 39) */		sllx	%o3,19,%o3
+/* 0x0a4c	 901 (38 39) */		srlx	%g3,32,%o5
+/* 0x0a50	 902 (38 43) */		fdtox	%f16,%f14
+/* 0x0a54	 903 (39 40) */		std	%f6,[%sp+160]
+/* 0x0a58	 904 (39 44) */		fmuld	%f18,%f12,%f12
+/* 0x0a5c	 905 (40 42) */		ldx	[%sp+176],%o7
+/* 0x0a60	 906 (40 41) */		add	%o4,%o3,%o3
+/* 0x0a64	 907 (40 45) */		fdtox	%f4,%f16
+/* 0x0a68	 908 (40 45) */		fmuld	%f18,%f8,%f18
+/* 0x0a6c	 909 (41 42) */		std	%f14,[%sp+168]
+/* 0x0a70	 910 (41 42) */		add	%o3,%g4,%g4
+/* 0x0a74	 911 (41 46) */		fdtox	%f10,%f4
+/* 0x0a78	 912 (42 44) */		ldx	[%sp+184],%o3
+/* 0x0a7c	 913 (42 43) */		sllx	%o7,19,%o4
+/* 0x0a80	 914 (42 43) */		add	%g4,%o5,%g4
+/* 0x0a84	 915 (42 47) */		fdtox	%f22,%f14
+/* 0x0a88	 916 (43 44) */		std	%f16,[%sp+144]
+/* 0x0a8c	 917 (43 44) */		srlx	%g4,32,%o5
+/* 0x0a90	 918 (43 48) */		fdtox	%f20,%f6
+/* 0x0a94	 919 (44 46) */		ldx	[%sp+160],%o7
+/* 0x0a98	 920 (44 45) */		add	%o3,%o4,%o3
+/* 0x0a9c	 921 (44 49) */		fdtox	%f12,%f16
+/* 0x0aa0	 922 (45 46) */		std	%f4,[%sp+152]
+/* 0x0aa4	 923 (45 46) */		add	%o3,%g5,%g5
+/* 0x0aa8	 924 (45 50) */		fdtox	%f18,%f8
+/* 0x0aac	 925 (46 48) */		ldx	[%sp+168],%o3
+/* 0x0ab0	 926 (46 47) */		sllx	%o7,19,%o4
+/* 0x0ab4	 927 (46 47) */		add	%g5,%o5,%g5
+/* 0x0ab8	 928 (47 48) */		std	%f14,[%sp+128]
+/* 0x0abc	 929 (47 48) */		srlx	%g5,32,%o5
+/* 0x0ac0	 930 (48 49) */		std	%f6,[%sp+136]
+/* 0x0ac4	 931 (48 49) */		add	%o3,%o4,%o3
+/* 0x0ac8	 932 (49 50) */		std	%f16,[%sp+112]
+/* 0x0acc	 933 (49 50) */		add	%o3,%o0,%o0
+/* 0x0ad0	 934 (50 52) */		ldx	[%sp+144],%o7
+/* 0x0ad4	 935 (50 51) */		add	%o0,%o5,%o0
+/* 0x0ad8	 936 (51 53) */		ldx	[%sp+152],%o3
+/* 0x0adc	 937 (52 53) */		std	%f8,[%sp+120]
+/* 0x0ae0	 938 (52 53) */		sllx	%o7,19,%o4
+/* 0x0ae4	 939 (52 53) */		srlx	%o0,32,%o7
+/* 0x0ae8	 940 (53 54) */		stx	%o0,[%sp+104]
+/* 0x0aec	 941 (53 54) */		add	%o3,%o4,%o3
+/* 0x0af0	 942 (54 56) */		ldx	[%sp+128],%o5
+/* 0x0af4	 943 (54 55) */		add	%o3,%o1,%o1
+/* 0x0af8	 944 (55 57) */		ldx	[%sp+136],%o0
+/* 0x0afc	 945 (55 56) */		add	%o1,%o7,%o1
+/* 0x0b00	 946 (56 57) */		st	%g3,[%i0+4]
+/* 0x0b04	 947 (56 57) */		sllx	%o5,19,%o3
+/* 0x0b08	 948 (57 59) */		ldx	[%sp+112],%o4
+/* 0x0b0c	 949 (57 58) */		add	%o0,%o3,%o3
+/* 0x0b10	 950 (58 60) */		ldx	[%sp+120],%o0
+/* 0x0b14	 951 (58 59) */		add	%o3,%o2,%o2
+/* 0x0b18	 952 (58 59) */		srlx	%o1,32,%o3
+/* 0x0b1c	 953 (59 60) */		st	%o1,[%i0+20]
+/* 0x0b20	 954 (59 60) */		sllx	%o4,19,%g2
+/* 0x0b24	 955 (59 60) */		add	%o2,%o3,%o2
+/* 0x0b28	 956 (60 62) */		ldx	[%sp+96],%o4
+/* 0x0b2c	 957 (60 61) */		srlx	%o2,32,%g3
+/* 0x0b30	 958 (60 61) */		add	%o0,%g2,%g2
+/* 0x0b34	 959 (61 63) */		ldx	[%sp+104],%o0
+/* 0x0b38	 960 (62 63) */		st	%o2,[%i0+24]
+/* 0x0b3c	 961 (62 63) */		add	%g2,%o4,%g2
+/* 0x0b40	 962 (63 64) */		st	%o0,[%i0+16]
+/* 0x0b44	 963 (63 64) */		add	%g2,%g3,%g2
+/* 0x0b48	 964 (64 65) */		st	%g4,[%i0+8]
+/* 0x0b4c	 968 (64 65) */		srlx	%g2,32,%o7
+/* 0x0b50	 969 (65 66) */		st	%g5,[%i0+12]
+/* 0x0b54	 970 (66 67) */		st	%g2,[%i0+28]
+/* 0x0b58	 971 (66 67) */		or	%g0,%o7,%i0
+/* 0x0b5c	     (67 74) */		ret	! Result =  %o1 %o0 %f0 %f1
+/* 0x0b60	     (69 71) */		restore	%g0,%g0,%g0
+
+!
+! ENTRY .L77000050
+!
+
+        .L77000050:		/* frequency 1.0 confidence 0.0 */
+/* 0x0b64	 978 ( 0  1) */		subcc	%o2,16,%g0
+/* 0x0b68	 979 ( 0  1) */		bne,pn	%icc,.L77000073	! tprob=0.50
+/* 0x0b6c	     ( 0  1) */		sethi	%hi(0xfff80000),%g2
+/* 0x0b70	 981 ( 1  5) */		ldd	[%g5],%f4
+/* 0x0b74	 982 ( 2  6) */		ldd	[%g5+8],%f6
+/* 0x0b78	 989 ( 2  3) */		andn	%o1,%g2,%g2
+/* 0x0b7c	 993 ( 2  3) */		srl	%o1,19,%g3
+/* 0x0b80	 994 ( 3  7) */		ldd	[%g5+16],%f8
+/* 0x0b84	 995 ( 4  8) */		fxnor	%f0,%f4,%f4
+/* 0x0b88	 996 ( 4  5) */		st	%g2,[%sp+356]
+/* 0x0b8c	 997 ( 5  9) */		ldd	[%o0],%f20
+/* 0x0b90	 998 ( 5  9) */		fxnor	%f0,%f6,%f6
+/* 0x0b94	 999 ( 6  7) */		st	%g3,[%sp+352]
+/* 0x0b98	1000 ( 6 10) */		fxnor	%f0,%f8,%f8
+/* 0x0b9c	1005 ( 7 11) */		ldd	[%o0+8],%f30
+/* 0x0ba0	1006 ( 8 13) */		fitod	%f4,%f22
+/* 0x0ba4	1007 ( 8 12) */		ldd	[%g5+24],%f10
+/* 0x0ba8	1008 ( 9 12) */		fmovs	%f20,%f24
+/* 0x0bac	1009 ( 9 13) */		ldd	[%g5+32],%f12
+/* 0x0bb0	1010 (10 15) */		fitod	%f5,%f4
+/* 0x0bb4	1011 (10 14) */		ldd	[%g5+40],%f14
+/* 0x0bb8	1012 (11 14) */		fmovs	%f20,%f26
+/* 0x0bbc	1013 (11 15) */		ldd	[%g5+48],%f16
+/* 0x0bc0	1014 (12 14) */		ld	[%sp+356],%f25
+/* 0x0bc4	1015 (12 17) */		fitod	%f6,%f28
+/* 0x0bc8	1016 (13 15) */		ld	[%sp+352],%f27
+/* 0x0bcc	1017 (13 18) */		fitod	%f8,%f32
+/* 0x0bd0	1018 (14 19) */		fsubd	%f30,%f22,%f22
+/* 0x0bd4	1019 (14 18) */		ldd	[%g5+56],%f18
+/* 0x0bd8	1020 (15 20) */		fsubd	%f24,%f20,%f24
+/* 0x0bdc	1021 (16 21) */		fsubd	%f26,%f20,%f20
+/* 0x0be0	1022 (17 22) */		fsubd	%f30,%f4,%f4
+/* 0x0be4	1023 (18 23) */		fsubd	%f30,%f28,%f26
+/* 0x0be8	1024 (19 24) */		fitod	%f7,%f6
+/* 0x0bec	1025 (20 25) */		fsubd	%f30,%f32,%f28
+/* 0x0bf0	1026 (20 25) */		fmuld	%f22,%f24,%f32
+/* 0x0bf4	1027 (21 26) */		fmuld	%f22,%f20,%f22
+/* 0x0bf8	1028 (21 25) */		fxnor	%f0,%f10,%f10
+/* 0x0bfc	1029 (22 27) */		fmuld	%f4,%f24,%f44
+/* 0x0c00	1030 (22 27) */		fitod	%f9,%f8
+/* 0x0c04	1031 (23 28) */		fmuld	%f4,%f20,%f4
+/* 0x0c08	1032 (23 27) */		fxnor	%f0,%f12,%f12
+/* 0x0c0c	1033 (24 29) */		fsubd	%f30,%f6,%f6
+/* 0x0c10	1034 (24 29) */		fmuld	%f26,%f24,%f46
+/* 0x0c14	1035 (25 30) */		fitod	%f10,%f34
+/* 0x0c18	1036 (26 31) */		fdtox	%f22,%f22
+/* 0x0c1c	1037 (26 27) */		std	%f22,[%sp+336]
+/* 0x0c20	1038 (27 32) */		fmuld	%f26,%f20,%f22
+/* 0x0c24	1039 (27 32) */		fdtox	%f44,%f26
+/* 0x0c28	1040 (27 28) */		std	%f26,[%sp+328]
+/* 0x0c2c	1041 (28 33) */		fdtox	%f4,%f4
+/* 0x0c30	1042 (28 29) */		std	%f4,[%sp+320]
+/* 0x0c34	1043 (29 34) */		fmuld	%f6,%f24,%f26
+/* 0x0c38	1044 (29 34) */		fsubd	%f30,%f8,%f8
+/* 0x0c3c	1045 (30 35) */		fdtox	%f46,%f4
+/* 0x0c40	1046 (30 31) */		std	%f4,[%sp+312]
+/* 0x0c44	1047 (31 36) */		fmuld	%f28,%f24,%f4
+/* 0x0c48	1048 (31 36) */		fdtox	%f32,%f32
+/* 0x0c4c	1049 (31 32) */		std	%f32,[%sp+344]
+/* 0x0c50	1050 (32 37) */		fitod	%f11,%f10
+/* 0x0c54	1051 (32 37) */		fmuld	%f6,%f20,%f32
+/* 0x0c58	1052 (33 38) */		fsubd	%f30,%f34,%f34
+/* 0x0c5c	1053 (34 39) */		fdtox	%f22,%f6
+/* 0x0c60	1054 (34 35) */		std	%f6,[%sp+304]
+/* 0x0c64	1058 (35 40) */		fitod	%f12,%f36
+/* 0x0c68	1059 (35 40) */		fmuld	%f28,%f20,%f6
+/* 0x0c6c	1060 (36 41) */		fdtox	%f26,%f22
+/* 0x0c70	1061 (36 37) */		std	%f22,[%sp+296]
+/* 0x0c74	1062 (37 42) */		fmuld	%f8,%f24,%f22
+/* 0x0c78	1063 (37 42) */		fdtox	%f4,%f4
+/* 0x0c7c	1064 (37 38) */		std	%f4,[%sp+280]
+/* 0x0c80	1065 (38 43) */		fmuld	%f8,%f20,%f8
+/* 0x0c84	1066 (38 43) */		fsubd	%f30,%f10,%f10
+/* 0x0c88	1067 (39 44) */		fmuld	%f34,%f24,%f4
+/* 0x0c8c	1068 (39 44) */		fitod	%f13,%f12
+/* 0x0c90	1069 (40 45) */		fsubd	%f30,%f36,%f36
+/* 0x0c94	1070 (41 46) */		fdtox	%f6,%f6
+/* 0x0c98	1071 (41 42) */		std	%f6,[%sp+272]
+/* 0x0c9c	1072 (42 46) */		fxnor	%f0,%f14,%f14
+/* 0x0ca0	1073 (42 47) */		fmuld	%f34,%f20,%f6
+/* 0x0ca4	1074 (43 48) */		fdtox	%f22,%f22
+/* 0x0ca8	1075 (43 44) */		std	%f22,[%sp+264]
+/* 0x0cac	1076 (44 49) */		fdtox	%f8,%f8
+/* 0x0cb0	1077 (44 45) */		std	%f8,[%sp+256]
+/* 0x0cb4	1078 (44 49) */		fmuld	%f10,%f24,%f22
+/* 0x0cb8	1079 (45 50) */		fdtox	%f4,%f4
+/* 0x0cbc	1080 (45 46) */		std	%f4,[%sp+248]
+/* 0x0cc0	1081 (45 50) */		fmuld	%f10,%f20,%f8
+/* 0x0cc4	1082 (46 51) */		fsubd	%f30,%f12,%f4
+/* 0x0cc8	1083 (46 51) */		fmuld	%f36,%f24,%f10
+/* 0x0ccc	1084 (47 52) */		fitod	%f14,%f38
+/* 0x0cd0	1085 (48 53) */		fdtox	%f6,%f6
+/* 0x0cd4	1086 (48 49) */		std	%f6,[%sp+240]
+/* 0x0cd8	1087 (49 54) */		fdtox	%f22,%f12
+/* 0x0cdc	1088 (49 50) */		std	%f12,[%sp+232]
+/* 0x0ce0	1089 (49 54) */		fmuld	%f36,%f20,%f6
+/* 0x0ce4	1090 (50 55) */		fdtox	%f8,%f8
+/* 0x0ce8	1091 (50 51) */		std	%f8,[%sp+224]
+/* 0x0cec	1092 (51 56) */		fdtox	%f10,%f22
+/* 0x0cf0	1093 (51 52) */		std	%f22,[%sp+216]
+/* 0x0cf4	1094 (51 56) */		fmuld	%f4,%f24,%f8
+/* 0x0cf8	1095 (52 57) */		fitod	%f15,%f14
+/* 0x0cfc	1096 (52 57) */		fmuld	%f4,%f20,%f4
+/* 0x0d00	1097 (53 58) */		fsubd	%f30,%f38,%f22
+/* 0x0d04	1098 (54 58) */		fxnor	%f0,%f16,%f16
+/* 0x0d08	1099 (55 60) */		fdtox	%f6,%f6
+/* 0x0d0c	1100 (55 56) */		std	%f6,[%sp+208]
+/* 0x0d10	1101 (56 61) */		fdtox	%f8,%f6
+/* 0x0d14	1102 (56 57) */		std	%f6,[%sp+200]
+/* 0x0d18	1103 (57 62) */		fsubd	%f30,%f14,%f10
+/* 0x0d1c	1104 (58 63) */		fitod	%f16,%f40
+/* 0x0d20	1105 (58 63) */		fmuld	%f22,%f24,%f6
+/* 0x0d24	1106 (59 64) */		fdtox	%f4,%f4
+/* 0x0d28	1107 (59 60) */		std	%f4,[%sp+192]
+/* 0x0d2c	1108 (60 65) */		fitod	%f17,%f16
+/* 0x0d30	1109 (60 65) */		fmuld	%f22,%f20,%f4
+/* 0x0d34	1110 (61 65) */		fxnor	%f0,%f18,%f18
+/* 0x0d38	1111 (62 67) */		fdtox	%f32,%f32
+/* 0x0d3c	1112 (62 63) */		std	%f32,[%sp+288]
+/* 0x0d40	1113 (62 67) */		fmuld	%f10,%f24,%f8
+/* 0x0d44	1114 (63 68) */		fdtox	%f6,%f6
+/* 0x0d48	1115 (63 64) */		std	%f6,[%sp+184]
+/* 0x0d4c	1116 (63 68) */		fmuld	%f10,%f20,%f22
+/* 0x0d50	1117 (64 69) */		fsubd	%f30,%f40,%f6
+/* 0x0d54	1118 (65 70) */		fdtox	%f4,%f4
+/* 0x0d58	1119 (65 66) */		std	%f4,[%sp+176]
+/* 0x0d5c	1120 (66 71) */		fsubd	%f30,%f16,%f10
+/* 0x0d60	1121 (67 72) */		fdtox	%f8,%f4
+/* 0x0d64	1122 (67 68) */		std	%f4,[%sp+168]
+/* 0x0d68	1123 (68 73) */		fdtox	%f22,%f4
+/* 0x0d6c	1124 (68 69) */		std	%f4,[%sp+160]
+/* 0x0d70	1125 (69 74) */		fitod	%f18,%f42
+/* 0x0d74	1126 (69 74) */		fmuld	%f6,%f24,%f4
+/* 0x0d78	1127 (70 75) */		fmuld	%f6,%f20,%f22
+/* 0x0d7c	1128 (71 76) */		fmuld	%f10,%f24,%f6
+/* 0x0d80	1129 (72 77) */		fmuld	%f10,%f20,%f8
+/* 0x0d84	1130 (74 79) */		fdtox	%f4,%f4
+/* 0x0d88	1131 (74 75) */		std	%f4,[%sp+152]
+/* 0x0d8c	1132 (75 80) */		fsubd	%f30,%f42,%f4
+/* 0x0d90	1133 (76 81) */		fdtox	%f6,%f6
+/* 0x0d94	1134 (76 77) */		std	%f6,[%sp+136]
+/* 0x0d98	1135 (77 82) */		fdtox	%f22,%f22
+/* 0x0d9c	1136 (77 78) */		std	%f22,[%sp+144]
+/* 0x0da0	1137 (78 83) */		fdtox	%f8,%f22
+/* 0x0da4	1138 (78 79) */		std	%f22,[%sp+128]
+/* 0x0da8	1139 (79 84) */		fitod	%f19,%f22
+/* 0x0dac	1140 (80 85) */		fmuld	%f4,%f24,%f6
+/* 0x0db0	1141 (81 86) */		fmuld	%f4,%f20,%f4
+/* 0x0db4	1142 (84 89) */		fsubd	%f30,%f22,%f22
+/* 0x0db8	1143 (85 90) */		fdtox	%f6,%f6
+/* 0x0dbc	1144 (85 86) */		std	%f6,[%sp+120]
+/* 0x0dc0	1145 (86 91) */		fdtox	%f4,%f4
+/* 0x0dc4	1146 (86 87) */		std	%f4,[%sp+112]
+/* 0x0dc8	1150 (87 89) */		ldx	[%sp+336],%g2
+/* 0x0dcc	1151 (88 90) */		ldx	[%sp+344],%g3
+/* 0x0dd0	1152 (89 91) */		ld	[%i1],%g4
+/* 0x0dd4	1153 (89 90) */		sllx	%g2,19,%g2
+/* 0x0dd8	1154 (89 94) */		fmuld	%f22,%f20,%f4
+/* 0x0ddc	1155 (90 92) */		ldx	[%sp+328],%g5
+/* 0x0de0	1156 (90 91) */		add	%g3,%g2,%g2
+/* 0x0de4	1157 (90 95) */		fmuld	%f22,%f24,%f6
+/* 0x0de8	1158 (91 93) */		ldx	[%sp+320],%g3
+/* 0x0dec	1159 (91 92) */		add	%g2,%g4,%g4
+/* 0x0df0	1160 (92 94) */		ldx	[%sp+304],%o0
+/* 0x0df4	1161 (93 94) */		st	%g4,[%i0]
+/* 0x0df8	1162 (93 94) */		sllx	%g3,19,%g2
+/* 0x0dfc	1163 (93 94) */		srlx	%g4,32,%g4
+/* 0x0e00	1164 (94 96) */		ld	[%i1+4],%g3
+/* 0x0e04	1165 (94 95) */		add	%g5,%g2,%g2
+/* 0x0e08	1166 (94 99) */		fdtox	%f4,%f4
+/* 0x0e0c	1167 (95 97) */		ldx	[%sp+312],%g5
+/* 0x0e10	1168 (95 100) */		fdtox	%f6,%f6
+/* 0x0e14	1169 (96 98) */		ldx	[%sp+288],%o1
+/* 0x0e18	1170 (96 97) */		add	%g2,%g3,%g2
+/* 0x0e1c	1171 (96 97) */		sllx	%o0,19,%g3
+/* 0x0e20	1172 (97 99) */		ldx	[%sp+272],%o2
+/* 0x0e24	1173 (97 98) */		add	%g2,%g4,%g2
+/* 0x0e28	1174 (97 98) */		add	%g5,%g3,%g3
+/* 0x0e2c	1175 (98 100) */		ld	[%i1+8],%g4
+/* 0x0e30	1176 (98 99) */		srlx	%g2,32,%o0
+/* 0x0e34	1177 (99 101) */		ldx	[%sp+296],%g5
+/* 0x0e38	1178 (100 101) */		st	%g2,[%i0+4]
+/* 0x0e3c	1179 (100 101) */		sllx	%o2,19,%g2
+/* 0x0e40	1180 (100 101) */		add	%g3,%g4,%g3
+/* 0x0e44	1181 (101 103) */		ldx	[%sp+256],%o2
+/* 0x0e48	1182 (101 102) */		sllx	%o1,19,%g4
+/* 0x0e4c	1183 (101 102) */		add	%g3,%o0,%g3
+/* 0x0e50	1184 (102 104) */		ld	[%i1+12],%o0
+/* 0x0e54	1185 (102 103) */		srlx	%g3,32,%o1
+/* 0x0e58	1186 (102 103) */		add	%g5,%g4,%g4
+/* 0x0e5c	1187 (103 105) */		ldx	[%sp+280],%g5
+/* 0x0e60	1188 (104 105) */		st	%g3,[%i0+8]
+/* 0x0e64	1189 (104 105) */		sllx	%o2,19,%g3
+/* 0x0e68	1190 (104 105) */		add	%g4,%o0,%g4
+/* 0x0e6c	1191 (105 107) */		ld	[%i1+16],%o0
+/* 0x0e70	1192 (105 106) */		add	%g5,%g2,%g2
+/* 0x0e74	1193 (105 106) */		add	%g4,%o1,%g4
+/* 0x0e78	1194 (106 108) */		ldx	[%sp+264],%g5
+/* 0x0e7c	1195 (106 107) */		srlx	%g4,32,%o1
+/* 0x0e80	1196 (107 109) */		ldx	[%sp+240],%o2
+/* 0x0e84	1197 (107 108) */		add	%g2,%o0,%g2
+/* 0x0e88	1198 (108 110) */		ld	[%i1+20],%o0
+/* 0x0e8c	1199 (108 109) */		add	%g5,%g3,%g3
+/* 0x0e90	1200 (108 109) */		add	%g2,%o1,%g2
+/* 0x0e94	1201 (109 111) */		ldx	[%sp+248],%g5
+/* 0x0e98	1202 (109 110) */		srlx	%g2,32,%o1
+/* 0x0e9c	1203 (110 111) */		st	%g4,[%i0+12]
+/* 0x0ea0	1204 (110 111) */		sllx	%o2,19,%g4
+/* 0x0ea4	1205 (110 111) */		add	%g3,%o0,%g3
+/* 0x0ea8	1206 (111 113) */		ld	[%i1+24],%o0
+/* 0x0eac	1207 (111 112) */		add	%g5,%g4,%g4
+/* 0x0eb0	1208 (111 112) */		add	%g3,%o1,%g3
+/* 0x0eb4	1209 (112 114) */		ldx	[%sp+224],%o2
+/* 0x0eb8	1210 (112 113) */		srlx	%g3,32,%o1
+/* 0x0ebc	1211 (113 115) */		ldx	[%sp+232],%g5
+/* 0x0ec0	1212 (113 114) */		add	%g4,%o0,%g4
+/* 0x0ec4	1213 (114 115) */		st	%g2,[%i0+16]
+/* 0x0ec8	1214 (114 115) */		sllx	%o2,19,%g2
+/* 0x0ecc	1215 (114 115) */		add	%g4,%o1,%g4
+/* 0x0ed0	1216 (115 117) */		ld	[%i1+28],%o0
+/* 0x0ed4	1217 (115 116) */		srlx	%g4,32,%o1
+/* 0x0ed8	1218 (115 116) */		add	%g5,%g2,%g2
+/* 0x0edc	1222 (116 118) */		ldx	[%sp+208],%o2
+/* 0x0ee0	1223 (117 119) */		ldx	[%sp+216],%g5
+/* 0x0ee4	1224 (117 118) */		add	%g2,%o0,%g2
+/* 0x0ee8	1225 (118 119) */		st	%g3,[%i0+20]
+/* 0x0eec	1226 (118 119) */		sllx	%o2,19,%g3
+/* 0x0ef0	1227 (118 119) */		add	%g2,%o1,%g2
+/* 0x0ef4	1228 (119 121) */		ld	[%i1+32],%o0
+/* 0x0ef8	1229 (119 120) */		srlx	%g2,32,%o1
+/* 0x0efc	1230 (119 120) */		add	%g5,%g3,%g3
+/* 0x0f00	1231 (120 122) */		ldx	[%sp+192],%o2
+/* 0x0f04	1232 (121 123) */		ldx	[%sp+200],%g5
+/* 0x0f08	1233 (121 122) */		add	%g3,%o0,%g3
+/* 0x0f0c	1234 (122 123) */		st	%g4,[%i0+24]
+/* 0x0f10	1235 (122 123) */		sllx	%o2,19,%g4
+/* 0x0f14	1236 (122 123) */		add	%g3,%o1,%g3
+/* 0x0f18	1237 (123 125) */		ld	[%i1+36],%o0
+/* 0x0f1c	1238 (123 124) */		srlx	%g3,32,%o1
+/* 0x0f20	1239 (123 124) */		add	%g5,%g4,%g4
+/* 0x0f24	1240 (124 126) */		ldx	[%sp+176],%o2
+/* 0x0f28	1241 (125 127) */		ldx	[%sp+184],%g5
+/* 0x0f2c	1242 (125 126) */		add	%g4,%o0,%g4
+/* 0x0f30	1243 (126 127) */		st	%g2,[%i0+28]
+/* 0x0f34	1244 (126 127) */		sllx	%o2,19,%g2
+/* 0x0f38	1245 (126 127) */		add	%g4,%o1,%g4
+/* 0x0f3c	1246 (127 129) */		ld	[%i1+40],%o0
+/* 0x0f40	1247 (127 128) */		srlx	%g4,32,%o1
+/* 0x0f44	1248 (127 128) */		add	%g5,%g2,%g2
+/* 0x0f48	1249 (128 130) */		ldx	[%sp+160],%o2
+/* 0x0f4c	1250 (129 131) */		ldx	[%sp+168],%g5
+/* 0x0f50	1251 (129 130) */		add	%g2,%o0,%g2
+/* 0x0f54	1252 (130 131) */		st	%g3,[%i0+32]
+/* 0x0f58	1253 (130 131) */		sllx	%o2,19,%g3
+/* 0x0f5c	1254 (130 131) */		add	%g2,%o1,%g2
+/* 0x0f60	1255 (131 133) */		ld	[%i1+44],%o0
+/* 0x0f64	1256 (131 132) */		srlx	%g2,32,%o1
+/* 0x0f68	1257 (131 132) */		add	%g5,%g3,%g3
+/* 0x0f6c	1258 (132 134) */		ldx	[%sp+144],%o2
+/* 0x0f70	1259 (133 135) */		ldx	[%sp+152],%g5
+/* 0x0f74	1260 (133 134) */		add	%g3,%o0,%g3
+/* 0x0f78	1261 (134 135) */		st	%g4,[%i0+36]
+/* 0x0f7c	1262 (134 135) */		sllx	%o2,19,%g4
+/* 0x0f80	1263 (134 135) */		add	%g3,%o1,%g3
+/* 0x0f84	1264 (135 137) */		ld	[%i1+48],%o0
+/* 0x0f88	1265 (135 136) */		srlx	%g3,32,%o1
+/* 0x0f8c	1266 (135 136) */		add	%g5,%g4,%g4
+/* 0x0f90	1267 (136 138) */		ldx	[%sp+128],%o2
+/* 0x0f94	1268 (137 139) */		ldx	[%sp+136],%g5
+/* 0x0f98	1269 (137 138) */		add	%g4,%o0,%g4
+/* 0x0f9c	1270 (138 139) */		std	%f4,[%sp+96]
+/* 0x0fa0	1271 (138 139) */		add	%g4,%o1,%g4
+/* 0x0fa4	1272 (139 140) */		st	%g2,[%i0+40]
+/* 0x0fa8	1273 (139 140) */		sllx	%o2,19,%g2
+/* 0x0fac	1274 (139 140) */		srlx	%g4,32,%o1
+/* 0x0fb0	1275 (140 142) */		ld	[%i1+52],%o0
+/* 0x0fb4	1276 (140 141) */		add	%g5,%g2,%g2
+/* 0x0fb8	1277 (141 142) */		std	%f6,[%sp+104]
+/* 0x0fbc	1278 (142 144) */		ldx	[%sp+120],%g5
+/* 0x0fc0	1279 (142 143) */		add	%g2,%o0,%g2
+/* 0x0fc4	1280 (143 144) */		st	%g3,[%i0+44]
+/* 0x0fc8	1281 (143 144) */		add	%g2,%o1,%g2
+/* 0x0fcc	1282 (144 146) */		ldx	[%sp+112],%o2
+/* 0x0fd0	1283 (144 145) */		srlx	%g2,32,%o1
+/* 0x0fd4	1284 (145 147) */		ld	[%i1+56],%o0
+/* 0x0fd8	1285 (146 147) */		st	%g4,[%i0+48]
+/* 0x0fdc	1286 (146 147) */		sllx	%o2,19,%g3
+/* 0x0fe0	1287 (147 149) */		ldx	[%sp+96],%o2
+/* 0x0fe4	1288 (147 148) */		add	%g5,%g3,%g3
+/* 0x0fe8	1289 (148 150) */		ldx	[%sp+104],%g5
+/* 0x0fec	1290 (148 149) */		add	%g3,%o0,%g3
+/* 0x0ff0	1291 (149 151) */		ld	[%i1+60],%o0
+/* 0x0ff4	1292 (149 150) */		sllx	%o2,19,%g4
+/* 0x0ff8	1293 (149 150) */		add	%g3,%o1,%g3
+/* 0x0ffc	1294 (150 151) */		st	%g2,[%i0+52]
+/* 0x1000	1295 (150 151) */		srlx	%g3,32,%o1
+/* 0x1004	1296 (150 151) */		add	%g5,%g4,%g4
+/* 0x1008	1297 (151 152) */		st	%g3,[%i0+56]
+/* 0x100c	1298 (151 152) */		add	%g4,%o0,%g2
+/* 0x1010	1299 (152 153) */		add	%g2,%o1,%g2
+/* 0x1014	1300 (152 153) */		st	%g2,[%i0+60]
+/* 0x1018	1304 (153 154) */		srlx	%g2,32,%o7
+
+!
+! ENTRY .L77000061
+!
+
+        .L77000061:		/* frequency 1.0 confidence 0.0 */
+/* 0x119c	1437 ( 0  1) */		or	%g0,%o7,%i0
+
+!
+! ENTRY .L900000159
+!
+
+        .L900000159:		/* frequency 1.0 confidence 0.0 */
+/* 0x11a0	     ( 0  7) */		ret	! Result =  %o1 %o0 %f0 %f1
+/* 0x11a4	     ( 2  4) */		restore	%g0,%g0,%g0
+
+!
+! ENTRY .L77000073
+!
+
+        .L77000073:		/* frequency 1.0 confidence 0.0 */
+	or	%g0, %i4, %o2
+	or	%g0, %o0, %o1
+	or	%g0, %i3, %o0
+
+!
+! ENTRY .L77000052
+!
+
+        .L77000052:		/* frequency 1.0 confidence 0.0 */
+/* 0x1028	1318 ( 0  1) */		andn	%o2,%g2,%g2
+/* 0x102c	1319 ( 0  1) */		st	%g2,[%sp+96]
+/* 0x1030	1325 ( 0  1) */		add	%o0,1,%g3
+/* 0x1034	1326 ( 0  1) */		fmovd	%f0,%f14
+/* 0x1038	1327 ( 1  2) */		srl	%o2,19,%g2
+/* 0x103c	1328 ( 1  2) */		st	%g2,[%sp+92]
+/* 0x1040	1329 ( 1  2) */		or	%g0,0,%o5
+/* 0x1044	1330 ( 2  3) */		srl	%g3,31,%g2
+/* 0x1048	1331 ( 2  5) */		ldd	[%o1],%f6
+/* 0x104c	1335 ( 2  3) */		sethi	%hi(0x1800),%g1
+/* 0x1050	1336 ( 3  4) */		add	%g3,%g2,%g2
+/* 0x1054	1337 ( 3  4) */		xor	%g1,-304,%g1
+/* 0x1058	1338 ( 3  6) */		ldd	[%o1+8],%f20
+/* 0x105c	1339 ( 4  5) */		sra	%g2,1,%o3
+/* 0x1060	1340 ( 4  5) */		fmovs	%f6,%f8
+/* 0x1064	1341 ( 4  5) */		add	%g1,%fp,%g3
+/* 0x1068	1342 ( 5  6) */		fmovs	%f6,%f10
+/* 0x106c	1343 ( 5  7) */		ld	[%sp+96],%f9
+/* 0x1070	1344 ( 5  6) */		subcc	%o3,0,%g0
+/* 0x1074	1345 ( 6  8) */		ld	[%sp+92],%f11
+/* 0x1078	1346 ( 6  7) */		sethi	%hi(0x1800),%g1
+/* 0x107c	1347 ( 6  7) */		or	%g0,%i2,%o1
+/* 0x1080	1348 ( 7 10) */		fsubd	%f8,%f6,%f18
+/* 0x1084	1349 ( 7  8) */		xor	%g1,-296,%g1
+/* 0x1088	1350 ( 7  8) */		or	%g0,0,%g4
+/* 0x108c	1351 ( 8 11) */		fsubd	%f10,%f6,%f16
+/* 0x1090	1352 ( 8  9) */		bleu,pt	%icc,.L990000162	! tprob=0.50
+/* 0x1094	     ( 8  9) */		subcc	%o0,0,%g0
+/* 0x1098	1354 ( 9 10) */		add	%g1,%fp,%g2
+/* 0x109c	1355 ( 9 10) */		sethi	%hi(0x1800),%g1
+/* 0x10a0	1356 (10 11) */		xor	%g1,-288,%g1
+/* 0x10a4	1357 (10 11) */		subcc	%o3,7,%g0
+/* 0x10a8	1358 (11 12) */		add	%g1,%fp,%o7
+/* 0x10ac	1359 (11 12) */		sethi	%hi(0x1800),%g1
+/* 0x10b0	1360 (12 13) */		xor	%g1,-280,%g1
+/* 0x10b4	1361 (13 14) */		add	%g1,%fp,%o4
+/* 0x10b8	1362 (13 14) */		bl,pn	%icc,.L77000054	! tprob=0.50
+/* 0x10bc	     (13 14) */		sub	%o3,2,%o2
+/* 0x10c0	1364 (14 17) */		ldd	[%o1],%f2
+/* 0x10c4	1365 (14 15) */		add	%o1,16,%g5
+/* 0x10c8	1366 (14 15) */		or	%g0,4,%g4
+/* 0x10cc	1367 (15 18) */		ldd	[%o1+8],%f0
+/* 0x10d0	1368 (15 16) */		add	%o1,8,%o1
+/* 0x10d4	1369 (16 18) */		fxnor	%f14,%f2,%f6
+/* 0x10d8	1370 (16 19) */		ldd	[%g5],%f4
+/* 0x10dc	1371 (16 17) */		add	%o1,16,%o1
+/* 0x10e0	1372 (17 19) */		fxnor	%f14,%f0,%f12
+/* 0x10e4	1373 (17 20) */		ldd	[%o1],%f0
+/* 0x10e8	1374 (17 18) */		add	%o1,8,%o1
+/* 0x10ec	1375 (18 21) */		fitod	%f7,%f2
+/* 0x10f0	1376 (19 22) */		fitod	%f6,%f6
+/* 0x10f4	1377 (20 22) */		fxnor	%f14,%f4,%f10
+/* 0x10f8	1378 (21 24) */		fsubd	%f20,%f2,%f2
+/* 0x10fc	1379 (22 24) */		fxnor	%f14,%f0,%f8
+/* 0x1100	1380 (23 26) */		fitod	%f13,%f4
+/* 0x1104	1381 (24 27) */		fsubd	%f20,%f6,%f6
+/* 0x1108	1382 (24 27) */		fmuld	%f2,%f16,%f0
+
+!
+! ENTRY .L990000154
+!
+
+        .L990000154:		/* frequency 1.0 confidence 0.0 */
+/* 0x110c	1384 ( 0  3) */		ldd	[%o1],%f24
+/* 0x1110	1385 ( 0  1) */		add	%g4,3,%g4
+/* 0x1114	1386 ( 0  1) */		add	%o4,96,%o4
+/* 0x1118	1387 ( 1  4) */		fitod	%f11,%f22
+/* 0x111c	1388 ( 2  5) */		fsubd	%f20,%f4,%f26
+/* 0x1120	1389 ( 2  3) */		subcc	%g4,%o2,%g0
+/* 0x1124	1390 ( 2  3) */		add	%o7,96,%o7
+/* 0x1128	1391 ( 2  5) */		fmuld	%f6,%f18,%f28
+/* 0x112c	1392 ( 3  6) */		fmuld	%f6,%f16,%f6
+/* 0x1130	1393 ( 3  4) */		add	%g2,96,%g2
+/* 0x1134	1394 ( 3  4) */		add	%g3,96,%g3
+/* 0x1138	1395 ( 4  7) */		fdtox	%f0,%f0
+/* 0x113c	1396 ( 5  8) */		fitod	%f12,%f4
+/* 0x1140	1397 ( 5  8) */		fmuld	%f2,%f18,%f2
+/* 0x1144	1398 ( 6  9) */		fdtox	%f28,%f12
+/* 0x1148	1399 ( 7 10) */		fdtox	%f6,%f6
+/* 0x114c	1400 ( 7  8) */		std	%f12,[%g3-96]
+/* 0x1150	1401 ( 8  9) */		std	%f6,[%g2-96]
+/* 0x1154	1402 ( 8 11) */		fdtox	%f2,%f2
+/* 0x1158	1403 ( 9 12) */		fsubd	%f20,%f4,%f6
+/* 0x115c	1404 ( 9 10) */		std	%f2,[%o7-96]
+/* 0x1160	1405 ( 9 10) */		add	%o1,8,%o1
+/* 0x1164	1406 (10 12) */		fxnor	%f14,%f24,%f12
+/* 0x1168	1407 (10 13) */		fmuld	%f26,%f16,%f4
+/* 0x116c	1408 (10 11) */		std	%f0,[%o4-96]
+/* 0x1170	1409 (11 14) */		ldd	[%o1],%f0
+/* 0x1174	1410 (11 14) */		fitod	%f9,%f2
+/* 0x1178	1411 (12 15) */		fsubd	%f20,%f22,%f28
+/* 0x117c	1412 (12 15) */		fmuld	%f6,%f18,%f24
+/* 0x1180	1413 (13 16) */		fmuld	%f6,%f16,%f22
+/* 0x1184	1414 (13 16) */		fdtox	%f4,%f4
+/* 0x1188	1415 (14 17) */		fitod	%f10,%f6
+/* 0x118c	1416 (14 17) */		fmuld	%f26,%f18,%f10
+/* 0x1190	1417 (15 18) */		fdtox	%f24,%f24
+/* 0x1194	1418 (16 19) */		fdtox	%f22,%f22
+/* 0x1198	1419 (16 17) */		std	%f24,[%g3-64]
+/* 0x119c	1420 (17 18) */		std	%f22,[%g2-64]
+/* 0x11a0	1421 (17 20) */		fdtox	%f10,%f10
+/* 0x11a4	1422 (18 21) */		fsubd	%f20,%f6,%f6
+/* 0x11a8	1423 (18 19) */		std	%f10,[%o7-64]
+/* 0x11ac	1424 (18 19) */		add	%o1,8,%o1
+/* 0x11b0	1425 (19 21) */		fxnor	%f14,%f0,%f10
+/* 0x11b4	1426 (19 22) */		fmuld	%f28,%f16,%f0
+/* 0x11b8	1427 (19 20) */		std	%f4,[%o4-64]
+/* 0x11bc	1428 (20 23) */		ldd	[%o1],%f22
+/* 0x11c0	1429 (20 23) */		fitod	%f13,%f4
+/* 0x11c4	1430 (21 24) */		fsubd	%f20,%f2,%f2
+/* 0x11c8	1431 (21 24) */		fmuld	%f6,%f18,%f26
+/* 0x11cc	1432 (22 25) */		fmuld	%f6,%f16,%f24
+/* 0x11d0	1433 (22 25) */		fdtox	%f0,%f0
+/* 0x11d4	1434 (23 26) */		fitod	%f8,%f6
+/* 0x11d8	1435 (23 26) */		fmuld	%f28,%f18,%f8
+/* 0x11dc	1436 (24 27) */		fdtox	%f26,%f26
+/* 0x11e0	1437 (25 28) */		fdtox	%f24,%f24
+/* 0x11e4	1438 (25 26) */		std	%f26,[%g3-32]
+/* 0x11e8	1439 (26 27) */		std	%f24,[%g2-32]
+/* 0x11ec	1440 (26 29) */		fdtox	%f8,%f8
+/* 0x11f0	1441 (27 30) */		fsubd	%f20,%f6,%f6
+/* 0x11f4	1442 (27 28) */		std	%f8,[%o7-32]
+/* 0x11f8	1443 (27 28) */		add	%o1,8,%o1
+/* 0x11fc	1444 (28 30) */		fxnor	%f14,%f22,%f8
+/* 0x1200	1445 (28 29) */		std	%f0,[%o4-32]
+/* 0x1204	1446 (28 29) */		bcs,pt	%icc,.L990000154	! tprob=0.50
+/* 0x1208	     (28 31) */		fmuld	%f2,%f16,%f0
+
+!
+! ENTRY .L990000157
+!
+
+        .L990000157:		/* frequency 1.0 confidence 0.0 */
+/* 0x120c	1449 ( 0  3) */		fitod	%f12,%f28
+/* 0x1210	1450 ( 0  3) */		fmuld	%f6,%f18,%f24
+/* 0x1214	1451 ( 0  1) */		add	%g3,128,%g3
+/* 0x1218	1452 ( 1  4) */		fitod	%f10,%f12
+/* 0x121c	1453 ( 1  4) */		fmuld	%f6,%f16,%f26
+/* 0x1220	1454 ( 1  2) */		add	%g2,128,%g2
+/* 0x1224	1455 ( 2  5) */		fsubd	%f20,%f4,%f4
+/* 0x1228	1456 ( 2  5) */		fmuld	%f2,%f18,%f22
+/* 0x122c	1457 ( 2  3) */		add	%o7,128,%o7
+/* 0x1230	1458 ( 3  6) */		fdtox	%f24,%f6
+/* 0x1234	1459 ( 3  4) */		std	%f6,[%g3-128]
+/* 0x1238	1460 ( 3  4) */		add	%o4,128,%o4
+/* 0x123c	1461 ( 4  7) */		fsubd	%f20,%f28,%f2
+/* 0x1240	1462 ( 4  5) */		subcc	%g4,%o3,%g0
+/* 0x1244	1463 ( 5  8) */		fitod	%f11,%f6
+/* 0x1248	1464 ( 5  8) */		fmuld	%f4,%f18,%f24
+/* 0x124c	1465 ( 6  9) */		fdtox	%f26,%f10
+/* 0x1250	1466 ( 6  7) */		std	%f10,[%g2-128]
+/* 0x1254	1467 ( 7 10) */		fdtox	%f22,%f10
+/* 0x1258	1468 ( 7  8) */		std	%f10,[%o7-128]
+/* 0x125c	1469 ( 7 10) */		fmuld	%f2,%f18,%f26
+/* 0x1260	1470 ( 8 11) */		fsubd	%f20,%f12,%f10
+/* 0x1264	1471 ( 8 11) */		fmuld	%f2,%f16,%f2
+/* 0x1268	1472 ( 9 12) */		fsubd	%f20,%f6,%f22
+/* 0x126c	1473 ( 9 12) */		fmuld	%f4,%f16,%f12
+/* 0x1270	1474 (10 13) */		fdtox	%f0,%f0
+/* 0x1274	1475 (10 11) */		std	%f0,[%o4-128]
+/* 0x1278	1476 (11 14) */		fitod	%f8,%f4
+/* 0x127c	1477 (11 14) */		fmuld	%f10,%f18,%f6
+/* 0x1280	1478 (12 15) */		fdtox	%f26,%f0
+/* 0x1284	1479 (12 13) */		std	%f0,[%g3-96]
+/* 0x1288	1480 (12 15) */		fmuld	%f10,%f16,%f10
+/* 0x128c	1481 (13 16) */		fdtox	%f2,%f2
+/* 0x1290	1482 (13 14) */		std	%f2,[%g2-96]
+/* 0x1294	1483 (14 17) */		fitod	%f9,%f0
+/* 0x1298	1484 (14 17) */		fmuld	%f22,%f18,%f2
+/* 0x129c	1485 (15 18) */		fdtox	%f24,%f8
+/* 0x12a0	1486 (15 16) */		std	%f8,[%o7-96]
+/* 0x12a4	1487 (16 19) */		fsubd	%f20,%f4,%f4
+/* 0x12a8	1488 (16 19) */		fmuld	%f22,%f16,%f8
+/* 0x12ac	1489 (17 20) */		fdtox	%f12,%f12
+/* 0x12b0	1490 (17 18) */		std	%f12,[%o4-96]
+/* 0x12b4	1491 (18 21) */		fsubd	%f20,%f0,%f0
+/* 0x12b8	1492 (19 22) */		fdtox	%f6,%f6
+/* 0x12bc	1493 (19 20) */		std	%f6,[%g3-64]
+/* 0x12c0	1494 (20 23) */		fdtox	%f10,%f10
+/* 0x12c4	1495 (20 21) */		std	%f10,[%g2-64]
+/* 0x12c8	1496 (20 23) */		fmuld	%f4,%f18,%f6
+/* 0x12cc	1497 (21 24) */		fdtox	%f2,%f2
+/* 0x12d0	1498 (21 22) */		std	%f2,[%o7-64]
+/* 0x12d4	1499 (21 24) */		fmuld	%f4,%f16,%f4
+/* 0x12d8	1500 (22 25) */		fmuld	%f0,%f18,%f2
+/* 0x12dc	1501 (22 25) */		fdtox	%f8,%f8
+/* 0x12e0	1502 (22 23) */		std	%f8,[%o4-64]
+/* 0x12e4	1503 (23 26) */		fdtox	%f6,%f6
+/* 0x12e8	1504 (23 24) */		std	%f6,[%g3-32]
+/* 0x12ec	1505 (23 26) */		fmuld	%f0,%f16,%f0
+/* 0x12f0	1506 (24 27) */		fdtox	%f4,%f4
+/* 0x12f4	1507 (24 25) */		std	%f4,[%g2-32]
+/* 0x12f8	1508 (25 28) */		fdtox	%f2,%f2
+/* 0x12fc	1509 (25 26) */		std	%f2,[%o7-32]
+/* 0x1300	1510 (26 29) */		fdtox	%f0,%f0
+/* 0x1304	1511 (26 27) */		bcc,pn	%icc,.L77000056	! tprob=0.50
+/* 0x1308	     (26 27) */		std	%f0,[%o4-32]
+
+!
+! ENTRY .L77000054
+!
+
+        .L77000054:		/* frequency 1.0 confidence 0.0 */
+/* 0x130c	1514 ( 0  3) */		ldd	[%o1],%f0
+
+!
+! ENTRY .L990000161
+!
+
+        .L990000161:		/* frequency 1.0 confidence 0.0 */
+/* 0x1310	1516 ( 0  2) */		fxnor	%f14,%f0,%f0
+/* 0x1314	1517 ( 0  1) */		add	%g4,1,%g4
+/* 0x1318	1518 ( 0  1) */		add	%o1,8,%o1
+/* 0x131c	1519 ( 1  2) */		subcc	%g4,%o3,%g0
+/* 0x1320	1520 ( 2  5) */		fitod	%f0,%f2
+/* 0x1324	1521 ( 3  6) */		fitod	%f1,%f0
+/* 0x1328	1522 ( 5  8) */		fsubd	%f20,%f2,%f2
+/* 0x132c	1523 ( 6  9) */		fsubd	%f20,%f0,%f0
+/* 0x1330	1524 ( 8 11) */		fmuld	%f2,%f18,%f6
+/* 0x1334	1525 ( 9 12) */		fmuld	%f2,%f16,%f4
+/* 0x1338	1526 (10 13) */		fmuld	%f0,%f18,%f2
+/* 0x133c	1527 (11 14) */		fdtox	%f6,%f6
+/* 0x1340	1528 (11 12) */		std	%f6,[%g3]
+/* 0x1344	1529 (11 14) */		fmuld	%f0,%f16,%f0
+/* 0x1348	1530 (12 15) */		fdtox	%f4,%f4
+/* 0x134c	1531 (12 13) */		std	%f4,[%g2]
+/* 0x1350	1532 (12 13) */		add	%g2,32,%g2
+/* 0x1354	1533 (13 16) */		fdtox	%f2,%f2
+/* 0x1358	1534 (13 14) */		std	%f2,[%o7]
+/* 0x135c	1535 (13 14) */		add	%o7,32,%o7
+/* 0x1360	1536 (14 17) */		fdtox	%f0,%f0
+/* 0x1364	1537 (14 15) */		std	%f0,[%o4]
+/* 0x1368	1538 (14 15) */		add	%o4,32,%o4
+/* 0x136c	1539 (15 16) */		add	%g3,32,%g3
+/* 0x1370	1540 (15 16) */		bcs,a,pt	%icc,.L990000161	! tprob=0.50
+/* 0x1374	     (16 19) */		ldd	[%o1],%f0
+
+!
+! ENTRY .L77000056
+!
+
+         .L77000056:		/* frequency 1.0 confidence 0.0 */
+/* 0x1378	1548 ( 0  1) */		subcc	%o0,0,%g0
+
+!
+! ENTRY .L990000162
+!
+
+         .L990000162:		/* frequency 1.0 confidence 0.0 */
+/* 0x137c	1550 ( 0  1) */		bleu,pt	%icc,.L77770061	! tprob=0.50
+/* 0x1380	     ( 0  1) */		nop
+/* 0x1384	1555 ( 0  1) */		sethi	%hi(0x1800),%g1
+/* 0x1388	1556 ( 1  2) */		xor	%g1,-304,%g1
+/* 0x138c	1557 ( 1  2) */		or	%g0,%i1,%g4
+/* 0x1390	1558 ( 2  3) */		add	%g1,%fp,%g5
+/* 0x1394	1559 ( 2  3) */		sethi	%hi(0x1800),%g1
+/* 0x1398	1560 ( 3  4) */		xor	%g1,-296,%g1
+/* 0x139c	1561 ( 3  4) */		or	%g0,%o0,%o7
+/* 0x13a0	1562 ( 4  5) */		add	%g1,%fp,%g2
+/* 0x13a4	1563 ( 4  5) */		or	%g0,0,%i2
+/* 0x13a8	1564 ( 5  6) */		or	%g0,%i0,%g3
+/* 0x13ac	1565 ( 5  6) */		subcc	%o0,6,%g0
+/* 0x13b0	1566 ( 5  6) */		bl,pn	%icc,.L77000058	! tprob=0.50
+/* 0x13b4	     ( 6  7) */		sethi	%hi(0x1800),%g1
+/* 0x13b8	1568 ( 6  8) */		ld	[%g4],%o2
+/* 0x13bc	1569 ( 6  7) */		add	%g3,4,%g3
+/* 0x13c0	1570 ( 7  8) */		xor	%g1,-264,%g1
+/* 0x13c4	1571 ( 7  8) */		sub	%o7,3,%o4
+/* 0x13c8	1572 ( 8  9) */		add	%g1,%fp,%g2
+/* 0x13cc	1573 ( 8  9) */		sethi	%hi(0x1800),%g1
+/* 0x13d0	1574 ( 9 10) */		xor	%g1,-272,%g1
+/* 0x13d4	1575 ( 9 10) */		or	%g0,2,%i2
+/* 0x13d8	1576 (10 11) */		add	%g1,%fp,%g5
+/* 0x13dc	1577 (10 11) */		sethi	%hi(0x1800),%g1
+/* 0x13e0	1578 (11 12) */		xor	%g1,-296,%g1
+/* 0x13e4	1579 (12 13) */		add	%g1,%fp,%g1
+/* 0x13e8	1580 (13 15) */		ldx	[%g1],%o1
+/* 0x13ec	1581 (14 16) */		ldx	[%g1-8],%o0
+/* 0x13f0	1582 (15 16) */		sllx	%o1,19,%o1
+/* 0x13f4	1583 (15 17) */		ldx	[%g1+16],%o3
+/* 0x13f8	1584 (16 17) */		add	%o0,%o1,%o0
+/* 0x13fc	1585 (16 18) */		ld	[%g4+4],%o1
+/* 0x1400	1586 (16 17) */		add	%g4,8,%g4
+/* 0x1404	1587 (17 18) */		sllx	%o3,19,%o3
+/* 0x1408	1588 (17 18) */		add	%o0,%o2,%o0
+/* 0x140c	1589 (17 19) */		ldx	[%g1+8],%o2
+/* 0x1410	1590 (18 19) */		st	%o0,[%g3-4]
+/* 0x1414	1591 (18 19) */		srlx	%o0,32,%o0
+
+!
+! ENTRY .L990000142
+!
+
+        .L990000142:		/* frequency 1.0 confidence 0.0 */
+/* 0x1418	1593 ( 0  1) */		add	%o2,%o3,%o2
+/* 0x141c	1594 ( 0  1) */		add	%i2,4,%i2
+/* 0x1420	1595 ( 0  2) */		ld	[%g4],%o3
+/* 0x1424	1596 ( 1  2) */		srl	%o0,0,%o5
+/* 0x1428	1597 ( 1  2) */		add	%o2,%o1,%o1
+/* 0x142c	1598 ( 1  3) */		ldx	[%g2],%o0
+/* 0x1430	1599 ( 3  4) */		sllx	%o0,19,%o2
+/* 0x1434	1600 ( 3  5) */		ldx	[%g5],%o0
+/* 0x1438	1601 ( 3  4) */		add	%o1,%o5,%o1
+/* 0x143c	1602 ( 4  5) */		st	%o1,[%g3]
+/* 0x1440	1603 ( 4  5) */		srlx	%o1,32,%o5
+/* 0x1444	1604 ( 4  5) */		subcc	%i2,%o4,%g0
+/* 0x1448	1605 ( 5  7) */		ldx	[%g2+16],%o1
+/* 0x144c	1606 ( 5  6) */		add	%o0,%o2,%o0
+/* 0x1450	1607 ( 5  6) */		add	%g3,16,%g3
+/* 0x1454	1608 ( 6  8) */		ld	[%g4+4],%o2
+/* 0x1458	1609 ( 6  7) */		add	%o0,%o3,%o0
+/* 0x145c	1610 ( 7  8) */		sllx	%o1,19,%o3
+/* 0x1460	1611 ( 7  9) */		ldx	[%g5+16],%o1
+/* 0x1464	1612 ( 7  8) */		add	%o0,%o5,%o0
+/* 0x1468	1613 ( 8  9) */		st	%o0,[%g3-12]
+/* 0x146c	1614 ( 8  9) */		srlx	%o0,32,%o5
+/* 0x1470	1615 ( 8  9) */		add	%g4,16,%g4
+/* 0x1474	1616 ( 9 11) */		ldx	[%g2+32],%o0
+/* 0x1478	1617 ( 9 10) */		add	%o1,%o3,%o1
+/* 0x147c	1618 ( 9 10) */		add	%g2,64,%g2
+/* 0x1480	1619 (10 12) */		ld	[%g4-8],%o3
+/* 0x1484	1620 (10 11) */		add	%o1,%o2,%o2
+/* 0x1488	1621 (11 12) */		sllx	%o0,19,%o1
+/* 0x148c	1622 (11 13) */		ldx	[%g5+32],%o0
+/* 0x1490	1623 (11 12) */		add	%o2,%o5,%o2
+/* 0x1494	1624 (12 13) */		st	%o2,[%g3-8]
+/* 0x1498	1625 (12 13) */		srlx	%o2,32,%o5
+/* 0x149c	1626 (12 13) */		add	%g5,64,%g5
+/* 0x14a0	1627 (13 15) */		ldx	[%g2-16],%o2
+/* 0x14a4	1628 (13 14) */		add	%o0,%o1,%o0
+/* 0x14a8	1629 (14 16) */		ld	[%g4-4],%o1
+/* 0x14ac	1630 (14 15) */		add	%o0,%o3,%o0
+/* 0x14b0	1631 (15 16) */		sllx	%o2,19,%o3
+/* 0x14b4	1632 (15 17) */		ldx	[%g5-16],%o2
+/* 0x14b8	1633 (15 16) */		add	%o0,%o5,%o0
+/* 0x14bc	1634 (16 17) */		st	%o0,[%g3-4]
+/* 0x14c0	1635 (16 17) */		bcs,pt	%icc,.L990000142	! tprob=0.50
+/* 0x14c4	     (16 17) */		srlx	%o0,32,%o0
+
+!
+! ENTRY .L990000145
+!
+
+        .L990000145:		/* frequency 1.0 confidence 0.0 */
+/* 0x14c8	1638 ( 0  1) */		add	%o2,%o3,%o3
+/* 0x14cc	1639 ( 0  1) */		add	%g3,4,%g3
+/* 0x14d0	1640 ( 1  2) */		srl	%o0,0,%o2
+/* 0x14d4	1641 ( 1  2) */		add	%o3,%o1,%o0
+/* 0x14d8	1642 ( 2  3) */		add	%o0,%o2,%o0
+/* 0x14dc	1643 ( 2  3) */		st	%o0,[%g3-4]
+/* 0x14e0	1644 ( 2  3) */		subcc	%i2,%o7,%g0
+/* 0x14e4	1645 ( 2  3) */		bcc,pn	%icc,.L77770061	! tprob=0.50
+/* 0x14e8	     ( 3  4) */		srlx	%o0,32,%o5
+
+!
+! ENTRY .L77000058
+!
+
+        .L77000058:		/* frequency 1.0 confidence 0.0 */
+/* 0x14ec	1648 ( 0  2) */		ldx	[%g2],%o2
+
+!
+! ENTRY .L990000160
+!
+
+        .L990000160:		/* frequency 1.0 confidence 0.0 */
+/* 0x14f0	1650 ( 0  1) */		sllx	%o2,19,%o3
+/* 0x14f4	1651 ( 0  2) */		ldx	[%g5],%o0
+/* 0x14f8	1652 ( 0  1) */		add	%i2,1,%i2
+/* 0x14fc	1653 ( 1  2) */		srl	%o5,0,%o1
+/* 0x1500	1654 ( 1  3) */		ld	[%g4],%o2
+/* 0x1504	1655 ( 1  2) */		add	%g2,16,%g2
+/* 0x1508	1656 ( 2  3) */		add	%o0,%o3,%o0
+/* 0x150c	1657 ( 2  3) */		add	%g5,16,%g5
+/* 0x1510	1658 ( 3  4) */		add	%o0,%o2,%o0
+/* 0x1514	1659 ( 3  4) */		add	%g4,4,%g4
+/* 0x1518	1660 ( 4  5) */		add	%o0,%o1,%o0
+/* 0x151c	1661 ( 4  5) */		st	%o0,[%g3]
+/* 0x1520	1662 ( 4  5) */		subcc	%i2,%o7,%g0
+/* 0x1524	1663 ( 5  6) */		srlx	%o0,32,%o5
+/* 0x1528	1664 ( 5  6) */		add	%g3,4,%g3
+/* 0x152c	1665 ( 5  6) */		bcs,a,pt	%icc,.L990000160	! tprob=0.50
+/* 0x1530	     ( 6  8) */		ldx	[%g2],%o2
+
+!
+! ENTRY .L77770061
+!
+
+        .L77770061:		/* frequency 1.0 confidence 0.0 */
+/* 0x1534	     ( 0  2) */		ret	! Result =  %o1 %o0 %f0 %f1
+/* 0x1538	     ( 2  3) */		restore	%g0,%o5,%o0
+
+/* 0x11a8	1441 ( 0  0) */		.type	mul_add,2
+/* 0x11a8	1442 ( 0  0) */		.size	mul_add,(.-mul_add)
+/* 0x11a8	1445 ( 0  0) */		.align	16
+/* 0x11b0	1451 ( 0  0) */		.global	mul_add_inp
+
+!
+! ENTRY mul_add_inp
+!
+
+        .global mul_add_inp
+        mul_add_inp:		/* frequency 1.0 confidence 0.0 */
+/* 0x11b0	1453 ( 0  1) */		or	%g0,%o2,%g1
+/* 0x11b4	1454 ( 0  1) */		or	%g0,%o3,%o4
+/* 0x11b8	1455 ( 1  2) */		or	%g0,%o0,%g3
+/* 0x11bc	1456 ( 1  2) */		or	%g0,%o1,%g2
+/* 0x11c0	1466 ( 2  3) */		or	%g0,%g1,%o3
+/* 0x11c4	1467 ( 2  3) */		or	%g0,%g3,%o1
+/* 0x11c8	1468 ( 3  4) */		or	%g0,%g2,%o2
+/* 0x11cc	1469 ( 3  4) */		or	%g0,%o7,%g1
+/* 0x11d0	1470 ( 4  6) */		call	mul_add	! params = 	! Result = 
+/* 0x11d4	     ( 5  6) */		or	%g0,%g1,%o7
+/* 0x11d8	1472 ( 0  0) */		.type	mul_add_inp,2
+/* 0x11d8	1473 ( 0  0) */		.size	mul_add_inp,(.-mul_add_inp)
+
+	.section	".data",#alloc,#write
+/* 0x11d8	   6 ( 0  0) */		.align	8
+
+!
+! ENTRY mask_cnst
+!
+
+        mask_cnst:		/* frequency 1.0 confidence 0.0 */
+/* 0x11d8	   8 ( 0  0) */		.word	-2147483648
+/* 0x11dc	   9 ( 0  0) */		.word	-2147483648
+/* 0x11e0	  10 ( 0  0) */		.type	mask_cnst,#object
+/* 0x11e0	  11 ( 0  0) */		.size	mask_cnst,8
+
diff --git a/security/nss/lib/freebl/mpi/mpv_sparcv8x.s b/security/nss/lib/freebl/mpi/mpv_sparcv8x.s
new file mode 100644
index 000000000..154d69965
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mpv_sparcv8x.s
@@ -0,0 +1,175 @@
+! Inner multiply loop functions for pure 32-bit Sparc v8 CPUs.
+! ***** BEGIN LICENSE BLOCK *****
+! Version: MPL 1.1/GPL 2.0/LGPL 2.1
+! 
+! The contents of this file are subject to the Mozilla Public License Version 
+! 1.1 (the "License"); you may not use this file except in compliance with 
+! the License. You may obtain a copy of the License at 
+! http://www.mozilla.org/MPL/
+! 
+! Software distributed under the License is distributed on an "AS IS" basis,
+! WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+! for the specific language governing rights and limitations under the
+! License.
+!
+! The Original Code is a SPARC v8 optimized multiply and add function
+! 
+! The Initial Developer of the Original Code is Sun Microsystems Inc.
+! Portions created by Sun Microsystems Inc. are 
+! Copyright (C) 2000-2005 Sun Microsystems Inc.  All Rights Reserved.
+! 
+! Contributor(s):
+! 
+! Alternatively, the contents of this file may be used under the terms of
+! either the GNU General Public License Version 2 or later (the "GPL"), or
+! the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+! in which case the provisions of the GPL or the LGPL are applicable instead
+! of those above. If you wish to allow use of your version of this file only
+! under the terms of either the GPL or the LGPL, and not to allow others to
+! use your version of this file under the terms of the MPL, indicate your
+! decision by deleting the provisions above and replace them with the notice
+! and other provisions required by the GPL or the LGPL. If you do not delete
+! the provisions above, a recipient may use your version of this file under
+! the terms of any one of the MPL, the GPL or the LGPL.
+! 
+! ***** END LICENSE BLOCK *****
+
+! $Id$
+
+	.file	"mpv_sparcv8x.s"
+	.align	8
+
+	.section     ".text",#alloc,#execinstr
+	.global      s_mpv_mul_d
+ s_mpv_mul_d:
+	save         %sp, -0x60, %sp
+	mov          %i0, %o0
+	clr          %g4
+	cmp          %i1, 0x0
+	be           .L103
+	sub          %i1, 0x1, %o5
+	ld           [%o0], %g1
+.L101:
+	umul         %g1, %i2, %g2
+	rd           %y, %g1
+	add          %g2, %g4, %g3
+	mov          %g1, %o4
+	add          %o0, 0x4, %o0
+	cmp          %g3, %g4
+	blu,a        .L102
+	add          %g1, 0x1, %o4
+.L102:
+	st           %g3, [%i3]
+	mov          %o5, %g1
+	add          %i3, 0x4, %i3
+	cmp          %g1, 0x0
+	mov          %o4, %g4
+	sub          %o5, 0x1, %o5
+	bne,a        .L101
+	ld           [%o0], %g1
+.L103:
+	st           %g4, [%i3]
+	ret
+	restore
+
+	.type	s_mpv_mul_d,2
+	.size	s_mpv_mul_d,(.-s_mpv_mul_d)
+
+	.align	16
+	.global      s_mpv_mul_d_add
+ s_mpv_mul_d_add:
+
+	save         %sp, -0x60, %sp
+	mov          %i0, %o0
+	clr          %g4
+	cmp          %i1, 0x0
+	be           .L204
+	sub          %i1, 0x1, %o5
+	ld           [%o0], %g1
+.L201:
+	umul         %g1, %i2, %g2
+	rd           %y, %g1
+	add          %g2, %g4, %g3
+	mov          %g1, %o4
+	add          %o0, 0x4, %o0
+	cmp          %g3, %g4
+	blu,a        .L202
+	add          %g1, 0x1, %o4
+.L202:
+	ld           [%i3], %g2
+	add          %g3, %g2, %g1
+	cmp          %g1, %g2
+	blu,a        .L203
+	add          %o4, 0x1, %o4
+.L203:
+	st           %g1, [%i3]
+	mov          %o5, %g1
+	add          %i3, 0x4, %i3
+	cmp          %g1, 0x0
+	mov          %o4, %g4
+	sub          %o5, 0x1, %o5
+	bne,a        .L201
+	ld           [%o0], %g1
+.L204:
+	st           %g4, [%i3]
+	ret
+	restore
+
+	.type	s_mpv_mul_d_add,2
+	.size	s_mpv_mul_d_add,(.-s_mpv_mul_d_add)
+
+	.align	16
+	.global      s_mpv_mul_d_add_prop
+ s_mpv_mul_d_add_prop:
+
+	save         %sp, -0x60, %sp
+	mov          %i0, %o0
+	clr          %o5
+	cmp          %i1, 0x0
+	be           .L30x70
+	sub          %i1, 0x1, %g4
+	ld           [%o0], %g1
+.L30x1c:
+	umul         %g1, %i2, %g2
+	rd           %y, %g1
+	add          %g2, %o5, %g3
+	mov          %g1, %o4
+	add          %o0, 0x4, %o0
+	cmp          %g3, %o5
+	blu,a        .L30x3c
+	add          %g1, 0x1, %o4
+.L30x3c:
+	ld           [%i3], %g2
+	add          %g3, %g2, %g1
+	cmp          %g1, %g2
+	blu,a        .L30x50
+	add          %o4, 0x1, %o4
+.L30x50:
+	st           %g1, [%i3]
+	mov          %g4, %g1
+	add          %i3, 0x4, %i3
+	cmp          %g1, 0x0
+	mov          %o4, %o5
+	sub          %g4, 0x1, %g4
+	bne,a        .L30x1c
+	ld           [%o0], %g1
+.L30x70:
+	cmp          %o5, 0x0
+	be           .L30xa0
+	nop
+	ld           [%i3], %g1
+.L30x80:
+	add          %o5, %g1, %g2
+	st           %g2, [%i3]
+	add          %i3, 0x4, %i3
+	cmp          %g2, %g1
+	addx         %g0, 0x0, %o5
+	cmp          %o5, 0x0
+	bne,a        .L30x80
+	ld           [%i3], %g1
+.L30xa0:
+	ret
+	restore
+
+	.type	s_mpv_mul_d_add_prop,2
+	.size	s_mpv_mul_d_add_prop,(.-s_mpv_mul_d_add_prop)
diff --git a/security/nss/lib/freebl/mpi/mpv_sparcv9.s b/security/nss/lib/freebl/mpi/mpv_sparcv9.s
new file mode 100644
index 000000000..cb6472a16
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mpv_sparcv9.s
@@ -0,0 +1,1680 @@
+!
+! ***** BEGIN LICENSE BLOCK *****
+! Version: MPL 1.1/GPL 2.0/LGPL 2.1
+!
+! The contents of this file are subject to the Mozilla Public License Version
+! 1.1 (the "License"); you may not use this file except in compliance with
+! the License. You may obtain a copy of the License at
+! http://www.mozilla.org/MPL/
+!
+! Software distributed under the License is distributed on an "AS IS" basis,
+! WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+! for the specific language governing rights and limitations under the
+! License.
+!
+! The Original Code is a SPARC/VIS optimized multiply and add function.
+!
+! The Initial Developer of the Original Code is
+! Sun Microsystems Inc.
+! Portions created by the Initial Developer are Copyright (C) 1999-2000
+! the Initial Developer. All Rights Reserved.
+!
+! Contributor(s):
+!
+! Alternatively, the contents of this file may be used under the terms of
+! either the GNU General Public License Version 2 or later (the "GPL"), or
+! the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+! in which case the provisions of the GPL or the LGPL are applicable instead
+! of those above. If you wish to allow use of your version of this file only
+! under the terms of either the GPL or the LGPL, and not to allow others to
+! use your version of this file under the terms of the MPL, indicate your
+! decision by deleting the provisions above and replace them with the notice
+! and other provisions required by the GPL or the LGPL. If you do not delete
+! the provisions above, a recipient may use your version of this file under
+! the terms of any one of the MPL, the GPL or the LGPL.
+!
+! ***** END LICENSE BLOCK *****
+
+!  $Id$
+!
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 ( 0  0) */		.register	%g2,#scratch
+/* 000000	     ( 0  0) */		.register	%g3,#scratch
+/* 000000	   3 ( 0  0) */		.file	"mpv_sparc.c"
+/* 000000	  15 ( 0  0) */		.align	8
+!
+! SUBROUTINE .L_const_seg_900000101
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION	(ISSUE TIME)	(COMPLETION TIME)
+
+                                   .L_const_seg_900000101:		/* frequency 1.0 confidence 0.0 */
+/* 000000	  20 ( 0  0) */		.word	1127219200,0
+/* 0x0008	  21 ( 0  0) */		.word	1105199103,-4194304
+/* 0x0010	  22 ( 0  0) */		.align	8
+/* 0x0010	  28 ( 0  0) */		.global	mul_add
+
+!
+! ENTRY mul_add
+!
+
+                                   	.global mul_add
+                                   mul_add:		/* frequency 1.0 confidence 0.0 */
+/* 0x0010	  30 ( 0  1) */		sethi	%hi(0x1c00),%g1
+/* 0x0014	  31 ( 0  1) */		sethi	%hi(mask_cnst),%g2
+/* 0x0018	  32 ( 1  2) */		xor	%g1,-48,%g1
+/* 0x001c	  33 ( 1  2) */		add	%g2,%lo(mask_cnst),%g2
+/* 0x0020	  34 ( 2  3) */		save	%sp,%g1,%sp
+
+!
+! ENTRY .L900000149
+!
+
+                                   .L900000149:		/* frequency 1.0 confidence 0.0 */
+/* 0x0024	  36 ( 0  2) */		call	(.+0x8)	! params = 	! Result = 
+/* 0x0028	     ( 1  2) */		sethi	%hi((_GLOBAL_OFFSET_TABLE_-(.L900000149-.))),%g5
+/* 0x002c	 178 ( 2  3) */		sethi	%hi(.L_const_seg_900000101),%g3
+/* 0x0030	 179 ( 2  3) */		add	%g5,%lo((_GLOBAL_OFFSET_TABLE_-(.L900000149-.))),%g5
+/* 0x0034	 180 ( 3  4) */		add	%g3,%lo(.L_const_seg_900000101),%g3
+/* 0x0038	 181 ( 3  4) */		add	%g5,%o7,%o1
+/* 0x003c	 182 ( 4  5) */		sethi	%hi(0x80000),%g4
+/* 0x0040	 183 ( 4  6) */		ldx	[%o1+%g2],%g2
+/* 0x0044	 184 ( 4  5) */		or	%g0,%i2,%o2
+/* 0x0048	 185 ( 5  6) */		subcc	%i4,%g4,%g0
+/* 0x004c	 186 ( 5  7) */		ldx	[%o1+%g3],%o0
+/* 0x0050	 187 ( 6  7) */		or	%g0,%i0,%o7
+/* 0x0054	 188 ( 6  7) */		or	%g0,%i1,%o5
+/* 0x0058	 189 ( 6  9) */		ldd	[%g2],%f0
+/* 0x005c	 190 ( 6  7) */		bcc,pn	%icc,.L77000048	! tprob=0.50
+/* 0x0060	     ( 7  8) */		subcc	%i3,8,%g0
+/* 0x0064	 192 ( 7  8) */		bne,pn	%icc,.L900000158	! tprob=0.50
+/* 0x0068	     ( 8  9) */		subcc	%i3,16,%g0
+/* 0x006c	 194 ( 9 12) */		ldd	[%o2],%f4
+/* 0x0070	 195 (10 11) */		st	%i4,[%sp+2287]
+/* 0x0074	 196 (11 14) */		ldd	[%o0],%f8
+/* 0x0078	 197 (11 13) */		fxnor	%f0,%f4,%f4
+/* 0x007c	 198 (12 15) */		ldd	[%o2+8],%f10
+/* 0x0080	 199 (13 16) */		fitod	%f4,%f12
+/* 0x0084	 200 (13 16) */		ldd	[%o0+8],%f14
+/* 0x0088	 201 (14 17) */		ld	[%sp+2287],%f7
+/* 0x008c	 202 (14 17) */		fitod	%f5,%f4
+/* 0x0090	 203 (15 17) */		fxnor	%f0,%f10,%f10
+/* 0x0094	 204 (15 18) */		ldd	[%o2+16],%f16
+/* 0x0098	 205 (16 19) */		ldd	[%o2+24],%f18
+/* 0x009c	 206 (17 20) */		fsubd	%f14,%f4,%f4
+/* 0x00a0	 210 (17 20) */		ld	[%i1],%g2
+/* 0x00a4	 211 (18 20) */		fxnor	%f0,%f16,%f16
+/* 0x00a8	 212 (18 21) */		ld	[%i1+4],%g3
+/* 0x00ac	 213 (19 22) */		ld	[%i1+8],%g4
+/* 0x00b0	 214 (20 23) */		fitod	%f16,%f20
+/* 0x00b4	 215 (20 23) */		ld	[%i1+16],%o0
+/* 0x00b8	 216 (21 24) */		ld	[%i1+12],%g5
+/* 0x00bc	 217 (22 25) */		ld	[%i1+20],%o1
+/* 0x00c0	 218 (23 26) */		ld	[%i1+24],%o2
+/* 0x00c4	 219 (24 25) */		fmovs	%f8,%f6
+/* 0x00c8	 220 (24 27) */		ld	[%i1+28],%o3
+/* 0x00cc	 221 (26 29) */		fsubd	%f6,%f8,%f6
+/* 0x00d0	 222 (27 30) */		fsubd	%f14,%f12,%f8
+/* 0x00d4	 223 (28 31) */		fitod	%f10,%f12
+/* 0x00d8	 224 (29 32) */		fmuld	%f4,%f6,%f4
+/* 0x00dc	 225 (29 32) */		fitod	%f11,%f10
+/* 0x00e0	 226 (30 33) */		fmuld	%f8,%f6,%f8
+/* 0x00e4	 227 (31 34) */		fsubd	%f14,%f12,%f12
+/* 0x00e8	 228 (32 35) */		fdtox	%f4,%f4
+/* 0x00ec	 229 (32 33) */		std	%f4,[%sp+2271]
+/* 0x00f0	 230 (33 36) */		fdtox	%f8,%f8
+/* 0x00f4	 231 (33 34) */		std	%f8,[%sp+2279]
+/* 0x00f8	 232 (34 37) */		fmuld	%f12,%f6,%f12
+/* 0x00fc	 233 (34 37) */		fsubd	%f14,%f10,%f10
+/* 0x0100	 234 (35 38) */		fsubd	%f14,%f20,%f4
+/* 0x0104	 235 (36 39) */		fitod	%f17,%f8
+/* 0x0108	 236 (37 39) */		fxnor	%f0,%f18,%f16
+/* 0x010c	 237 (37 39) */		ldx	[%sp+2279],%o4
+/* 0x0110	 238 (37 40) */		fmuld	%f10,%f6,%f10
+/* 0x0114	 239 (38 41) */		fdtox	%f12,%f12
+/* 0x0118	 240 (38 39) */		std	%f12,[%sp+2263]
+/* 0x011c	 241 (38 41) */		fmuld	%f4,%f6,%f4
+/* 0x0120	 242 (39 42) */		fitod	%f16,%f18
+/* 0x0124	 243 (39 40) */		add	%o4,%g2,%g2
+/* 0x0128	 244 (39 40) */		st	%g2,[%i0]
+/* 0x012c	 245 (40 42) */		ldx	[%sp+2271],%o4
+/* 0x0130	 246 (40 43) */		fsubd	%f14,%f8,%f8
+/* 0x0134	 247 (40 41) */		srax	%g2,32,%o5
+/* 0x0138	 248 (41 44) */		fdtox	%f10,%f10
+/* 0x013c	 249 (41 42) */		std	%f10,[%sp+2255]
+/* 0x0140	 250 (42 45) */		fdtox	%f4,%f4
+/* 0x0144	 251 (42 43) */		std	%f4,[%sp+2247]
+/* 0x0148	 252 (42 43) */		add	%o4,%g3,%o4
+/* 0x014c	 253 (43 46) */		fitod	%f17,%f12
+/* 0x0150	 254 (43 45) */		ldx	[%sp+2263],%g2
+/* 0x0154	 255 (43 44) */		add	%o4,%o5,%g3
+/* 0x0158	 256 (43 46) */		fmuld	%f8,%f6,%f8
+/* 0x015c	 257 (44 47) */		fsubd	%f14,%f18,%f10
+/* 0x0160	 258 (44 45) */		st	%g3,[%i0+4]
+/* 0x0164	 259 (44 45) */		srax	%g3,32,%g3
+/* 0x0168	 260 (45 46) */		add	%g2,%g4,%g4
+/* 0x016c	 261 (45 47) */		ldx	[%sp+2255],%g2
+/* 0x0170	 262 (46 49) */		fsubd	%f14,%f12,%f4
+/* 0x0174	 263 (46 47) */		add	%g4,%g3,%g3
+/* 0x0178	 264 (46 48) */		ldx	[%sp+2247],%g4
+/* 0x017c	 265 (47 50) */		fmuld	%f10,%f6,%f10
+/* 0x0180	 266 (47 50) */		fdtox	%f8,%f8
+/* 0x0184	 267 (47 48) */		std	%f8,[%sp+2239]
+/* 0x0188	 268 (48 49) */		add	%g4,%o0,%g4
+/* 0x018c	 269 (48 49) */		add	%g2,%g5,%g2
+/* 0x0190	 270 (48 49) */		st	%g3,[%i0+8]
+/* 0x0194	 271 (49 52) */		fmuld	%f4,%f6,%f4
+/* 0x0198	 272 (49 50) */		srax	%g3,32,%o0
+/* 0x019c	 273 (49 51) */		ldx	[%sp+2239],%g5
+/* 0x01a0	 274 (50 53) */		fdtox	%f10,%f6
+/* 0x01a4	 275 (50 51) */		std	%f6,[%sp+2231]
+/* 0x01a8	 276 (50 51) */		add	%g2,%o0,%g2
+/* 0x01ac	 277 (51 52) */		srax	%g2,32,%g3
+/* 0x01b0	 278 (51 52) */		add	%g5,%o1,%o1
+/* 0x01b4	 279 (51 52) */		st	%g2,[%i0+12]
+/* 0x01b8	 280 (52 55) */		fdtox	%f4,%f4
+/* 0x01bc	 281 (52 53) */		std	%f4,[%sp+2223]
+/* 0x01c0	 282 (52 53) */		add	%g4,%g3,%g3
+/* 0x01c4	 283 (53 54) */		srax	%g3,32,%g4
+/* 0x01c8	 284 (53 54) */		st	%g3,[%i0+16]
+/* 0x01cc	 285 (54 56) */		ldx	[%sp+2231],%o0
+/* 0x01d0	 286 (54 55) */		add	%o1,%g4,%g4
+/* 0x01d4	 287 (55 56) */		srax	%g4,32,%g2
+/* 0x01d8	 288 (55 57) */		ldx	[%sp+2223],%g5
+/* 0x01dc	 289 (56 57) */		add	%o0,%o2,%o2
+/* 0x01e0	 290 (56 57) */		st	%g4,[%i0+20]
+/* 0x01e4	 291 (57 58) */		add	%o2,%g2,%g2
+/* 0x01e8	 292 (57 58) */		add	%g5,%o3,%g5
+/* 0x01ec	 293 (57 58) */		st	%g2,[%i0+24]
+/* 0x01f0	 294 (58 59) */		srax	%g2,32,%g3
+/* 0x01f4	 295 (59 60) */		add	%g5,%g3,%g2
+/* 0x01f8	 296 (59 60) */		st	%g2,[%i0+28]
+/* 0x01fc	 300 (60 61) */		srax	%g2,32,%o3
+/* 0x0200	 301 (61 62) */		srl	%o3,0,%i0
+/* 0x0204	     (62 64) */		ret	! Result =  %o1 %o0 %f0 %f1
+/* 0x0208	     (64 65) */		restore	%g0,%g0,%g0
+
+!
+! ENTRY .L900000158
+!
+
+                                   .L900000158:		/* frequency 1.0 confidence 0.0 */
+/* 0x020c	 308 ( 0  1) */		bne,a,pn	%icc,.L900000157	! tprob=0.50
+/* 0x0210	     ( 0  1) */		st	%i4,[%sp+2223]
+/* 0x0214	 315 ( 1  4) */		ldd	[%o2],%f4
+/* 0x0218	 316 ( 2  3) */		st	%i4,[%sp+2351]
+/* 0x021c	 317 ( 3  6) */		ldd	[%o0],%f8
+/* 0x0220	 318 ( 3  5) */		fxnor	%f0,%f4,%f4
+/* 0x0224	 319 ( 4  7) */		ldd	[%o2+8],%f10
+/* 0x0228	 320 ( 5  8) */		ldd	[%o0+8],%f14
+/* 0x022c	 321 ( 5  8) */		fitod	%f4,%f12
+/* 0x0230	 322 ( 6  9) */		ld	[%sp+2351],%f7
+/* 0x0234	 323 ( 6  8) */		fxnor	%f0,%f10,%f10
+/* 0x0238	 324 ( 7 10) */		ldd	[%o2+16],%f16
+/* 0x023c	 325 ( 7 10) */		fitod	%f5,%f4
+/* 0x0240	 326 ( 8 11) */		ldd	[%o2+24],%f18
+/* 0x0244	 330 ( 9 12) */		ldd	[%o2+32],%f20
+/* 0x0248	 331 ( 9 11) */		fxnor	%f0,%f16,%f16
+/* 0x024c	 335 (10 13) */		ld	[%i1],%g2
+/* 0x0250	 336 (10 13) */		fsubd	%f14,%f4,%f4
+/* 0x0254	 337 (11 14) */		ldd	[%o2+40],%f22
+/* 0x0258	 338 (11 14) */		fitod	%f16,%f28
+/* 0x025c	 339 (12 15) */		ld	[%i1+4],%g3
+/* 0x0260	 340 (13 16) */		ld	[%i1+8],%g4
+/* 0x0264	 341 (13 15) */		fxnor	%f0,%f22,%f22
+/* 0x0268	 342 (14 17) */		ld	[%i1+12],%g5
+/* 0x026c	 343 (15 18) */		ld	[%i1+16],%o0
+/* 0x0270	 344 (16 19) */		ldd	[%o2+48],%f24
+/* 0x0274	 345 (17 20) */		ld	[%i1+20],%o1
+/* 0x0278	 346 (17 18) */		fmovs	%f8,%f6
+/* 0x027c	 347 (18 21) */		ldd	[%o2+56],%f26
+/* 0x0280	 348 (19 22) */		ld	[%i1+24],%o2
+/* 0x0284	 349 (19 22) */		fsubd	%f6,%f8,%f6
+/* 0x0288	 350 (20 23) */		ld	[%i1+28],%o3
+/* 0x028c	 351 (20 23) */		fsubd	%f14,%f12,%f8
+/* 0x0290	 355 (21 24) */		ld	[%i1+32],%o4
+/* 0x0294	 356 (21 24) */		fitod	%f10,%f12
+/* 0x0298	 357 (22 25) */		ld	[%i1+36],%o7
+/* 0x029c	 358 (22 25) */		fitod	%f11,%f10
+/* 0x02a0	 359 (22 25) */		fmuld	%f4,%f6,%f4
+/* 0x02a4	 360 (23 26) */		ld	[%i1+40],%l1
+/* 0x02a8	 361 (23 26) */		fmuld	%f8,%f6,%f8
+/* 0x02ac	 362 (24 27) */		ld	[%i1+56],%l5
+/* 0x02b0	 363 (24 27) */		fsubd	%f14,%f12,%f12
+/* 0x02b4	 364 (25 28) */		fsubd	%f14,%f10,%f10
+/* 0x02b8	 365 (26 29) */		fdtox	%f8,%f8
+/* 0x02bc	 366 (26 27) */		std	%f8,[%sp+2343]
+/* 0x02c0	 367 (27 30) */		fitod	%f17,%f8
+/* 0x02c4	 368 (27 30) */		fmuld	%f12,%f6,%f12
+/* 0x02c8	 369 (28 31) */		fdtox	%f4,%f4
+/* 0x02cc	 370 (28 29) */		std	%f4,[%sp+2335]
+/* 0x02d0	 371 (28 31) */		fmuld	%f10,%f6,%f10
+/* 0x02d4	 372 (29 31) */		fxnor	%f0,%f18,%f16
+/* 0x02d8	 373 (30 33) */		fdtox	%f12,%f12
+/* 0x02dc	 374 (30 31) */		std	%f12,[%sp+2327]
+/* 0x02e0	 375 (31 33) */		ldx	[%sp+2343],%o5
+/* 0x02e4	 376 (31 34) */		fsubd	%f14,%f8,%f8
+/* 0x02e8	 377 (32 35) */		fsubd	%f14,%f28,%f4
+/* 0x02ec	 378 (33 36) */		fitod	%f17,%f12
+/* 0x02f0	 379 (33 34) */		add	%o5,%g2,%g2
+/* 0x02f4	 380 (33 34) */		st	%g2,[%i0]
+/* 0x02f8	 381 (34 36) */		ldx	[%sp+2335],%o5
+/* 0x02fc	 382 (34 37) */		fitod	%f16,%f18
+/* 0x0300	 383 (34 35) */		srax	%g2,32,%l0
+/* 0x0304	 384 (35 37) */		fxnor	%f0,%f20,%f16
+/* 0x0308	 385 (35 38) */		fmuld	%f8,%f6,%f20
+/* 0x030c	 386 (36 39) */		fdtox	%f10,%f10
+/* 0x0310	 387 (36 37) */		std	%f10,[%sp+2319]
+/* 0x0314	 388 (36 37) */		add	%o5,%g3,%g3
+/* 0x0318	 389 (36 39) */		fmuld	%f4,%f6,%f4
+/* 0x031c	 390 (37 40) */		fitod	%f16,%f8
+/* 0x0320	 391 (37 38) */		add	%g3,%l0,%g3
+/* 0x0324	 392 (37 38) */		st	%g3,[%i0+4]
+/* 0x0328	 393 (38 40) */		ldx	[%sp+2327],%o5
+/* 0x032c	 394 (38 41) */		fsubd	%f14,%f18,%f18
+/* 0x0330	 395 (38 39) */		srax	%g3,32,%l3
+/* 0x0334	 396 (39 41) */		ldx	[%sp+2319],%l2
+/* 0x0338	 397 (39 42) */		fdtox	%f4,%f4
+/* 0x033c	 398 (40 41) */		std	%f4,[%sp+2311]
+/* 0x0340	 399 (40 43) */		fdtox	%f20,%f20
+/* 0x0344	 400 (40 41) */		add	%o5,%g4,%g4
+/* 0x0348	 401 (41 42) */		std	%f20,[%sp+2303]
+/* 0x034c	 402 (41 44) */		fsubd	%f14,%f12,%f4
+/* 0x0350	 403 (41 42) */		add	%g4,%l3,%g4
+/* 0x0354	 404 (41 44) */		fmuld	%f18,%f6,%f18
+/* 0x0358	 405 (42 43) */		st	%g4,[%i0+8]
+/* 0x035c	 406 (42 45) */		fitod	%f17,%f16
+/* 0x0360	 407 (42 43) */		srax	%g4,32,%l4
+/* 0x0364	 408 (43 46) */		ld	[%i1+44],%l0
+/* 0x0368	 409 (43 46) */		fsubd	%f14,%f8,%f20
+/* 0x036c	 410 (43 44) */		add	%l2,%g5,%l2
+/* 0x0370	 411 (44 46) */		ldx	[%sp+2311],%g5
+/* 0x0374	 412 (44 47) */		fitod	%f22,%f8
+/* 0x0378	 413 (44 45) */		add	%l2,%l4,%l2
+/* 0x037c	 414 (44 47) */		fmuld	%f4,%f6,%f4
+/* 0x0380	 415 (45 46) */		st	%l2,[%i0+12]
+/* 0x0384	 416 (45 48) */		fsubd	%f14,%f16,%f10
+/* 0x0388	 417 (46 49) */		ld	[%i1+52],%l3
+/* 0x038c	 418 (46 49) */		fdtox	%f18,%f18
+/* 0x0390	 419 (46 47) */		add	%g5,%o0,%l4
+/* 0x0394	 420 (46 49) */		fmuld	%f20,%f6,%f12
+/* 0x0398	 421 (47 48) */		std	%f18,[%sp+2295]
+/* 0x039c	 422 (47 48) */		srax	%l2,32,%o0
+/* 0x03a0	 423 (47 50) */		fitod	%f23,%f16
+/* 0x03a4	 424 (48 51) */		ld	[%i1+48],%o5
+/* 0x03a8	 425 (48 51) */		fsubd	%f14,%f8,%f8
+/* 0x03ac	 426 (48 49) */		add	%l4,%o0,%l4
+/* 0x03b0	 427 (49 50) */		st	%l4,[%i0+16]
+/* 0x03b4	 428 (49 50) */		srax	%l4,32,%o0
+/* 0x03b8	 429 (49 51) */		fxnor	%f0,%f24,%f18
+/* 0x03bc	 430 (50 52) */		ldx	[%sp+2303],%g5
+/* 0x03c0	 431 (50 53) */		fdtox	%f4,%f4
+/* 0x03c4	 432 (51 52) */		std	%f4,[%sp+2287]
+/* 0x03c8	 433 (51 54) */		fdtox	%f12,%f12
+/* 0x03cc	 434 (51 54) */		fmuld	%f10,%f6,%f4
+/* 0x03d0	 435 (52 53) */		std	%f12,[%sp+2279]
+/* 0x03d4	 436 (52 55) */		fsubd	%f14,%f16,%f12
+/* 0x03d8	 437 (52 53) */		add	%g5,%o1,%g2
+/* 0x03dc	 438 (52 55) */		fmuld	%f8,%f6,%f8
+/* 0x03e0	 439 (53 55) */		ldx	[%sp+2295],%g5
+/* 0x03e4	 440 (53 56) */		fitod	%f18,%f10
+/* 0x03e8	 441 (53 54) */		add	%g2,%o0,%g2
+/* 0x03ec	 442 (54 55) */		st	%g2,[%i0+20]
+/* 0x03f0	 443 (54 57) */		fitod	%f19,%f16
+/* 0x03f4	 444 (54 55) */		srax	%g2,32,%o0
+/* 0x03f8	 445 (55 58) */		fdtox	%f8,%f8
+/* 0x03fc	 446 (55 56) */		std	%f8,[%sp+2263]
+/* 0x0400	 447 (55 56) */		add	%g5,%o2,%g3
+/* 0x0404	 448 (56 58) */		ldx	[%sp+2287],%g5
+/* 0x0408	 449 (56 59) */		fsubd	%f14,%f10,%f10
+/* 0x040c	 450 (56 57) */		add	%g3,%o0,%g3
+/* 0x0410	 451 (57 58) */		st	%g3,[%i0+24]
+/* 0x0414	 452 (57 60) */		fsubd	%f14,%f16,%f8
+/* 0x0418	 453 (57 58) */		srax	%g3,32,%o0
+/* 0x041c	 454 (58 61) */		fdtox	%f4,%f4
+/* 0x0420	 455 (58 59) */		std	%f4,[%sp+2271]
+/* 0x0424	 456 (58 59) */		add	%g5,%o3,%g4
+/* 0x0428	 457 (59 61) */		fxnor	%f0,%f26,%f18
+/* 0x042c	 458 (59 62) */		fmuld	%f12,%f6,%f4
+/* 0x0430	 459 (59 60) */		add	%g4,%o0,%g4
+/* 0x0434	 460 (60 61) */		st	%g4,[%i0+28]
+/* 0x0438	 461 (60 63) */		fmuld	%f10,%f6,%f10
+/* 0x043c	 462 (60 61) */		srax	%g4,32,%o0
+/* 0x0440	 463 (61 63) */		ldx	[%sp+2279],%g5
+/* 0x0444	 464 (61 64) */		fitod	%f18,%f12
+/* 0x0448	 465 (61 64) */		fmuld	%f8,%f6,%f8
+/* 0x044c	 466 (62 65) */		fdtox	%f4,%f4
+/* 0x0450	 467 (62 63) */		std	%f4,[%sp+2255]
+/* 0x0454	 468 (63 64) */		add	%g5,%o4,%l2
+/* 0x0458	 469 (63 65) */		ldx	[%sp+2271],%g5
+/* 0x045c	 470 (63 66) */		fdtox	%f10,%f16
+/* 0x0460	 471 (64 67) */		fsubd	%f14,%f12,%f4
+/* 0x0464	 472 (64 65) */		std	%f16,[%sp+2247]
+/* 0x0468	 473 (64 65) */		add	%l2,%o0,%l2
+/* 0x046c	 474 (65 68) */		fdtox	%f8,%f8
+/* 0x0470	 475 (65 66) */		std	%f8,[%sp+2239]
+/* 0x0474	 476 (65 66) */		add	%g5,%o7,%l4
+/* 0x0478	 477 (66 69) */		fitod	%f19,%f10
+/* 0x047c	 478 (66 68) */		ldx	[%sp+2263],%g5
+/* 0x0480	 479 (66 67) */		srax	%l2,32,%o0
+/* 0x0484	 480 (67 68) */		add	%l4,%o0,%l4
+/* 0x0488	 481 (67 70) */		fmuld	%f4,%f6,%f4
+/* 0x048c	 482 (67 69) */		ldx	[%sp+2255],%o0
+/* 0x0490	 483 (68 69) */		srax	%l4,32,%o1
+/* 0x0494	 484 (68 69) */		add	%g5,%l1,%l1
+/* 0x0498	 485 (68 69) */		st	%l2,[%i0+32]
+/* 0x049c	 486 (69 72) */		fsubd	%f14,%f10,%f8
+/* 0x04a0	 487 (69 71) */		ldx	[%sp+2239],%o3
+/* 0x04a4	 488 (69 70) */		add	%l1,%o1,%o1
+/* 0x04a8	 489 (70 72) */		ldx	[%sp+2247],%g5
+/* 0x04ac	 490 (70 71) */		srax	%o1,32,%o2
+/* 0x04b0	 491 (70 71) */		add	%o0,%l0,%o0
+/* 0x04b4	 492 (71 74) */		fdtox	%f4,%f4
+/* 0x04b8	 493 (71 72) */		std	%f4,[%sp+2231]
+/* 0x04bc	 494 (71 72) */		add	%o0,%o2,%o2
+/* 0x04c0	 495 (72 73) */		add	%o3,%l3,%l3
+/* 0x04c4	 496 (72 75) */		fmuld	%f8,%f6,%f4
+/* 0x04c8	 497 (72 73) */		add	%g5,%o5,%g5
+/* 0x04cc	 498 (73 74) */		srax	%o2,32,%o3
+/* 0x04d0	 499 (73 74) */		st	%l4,[%i0+36]
+/* 0x04d4	 500 (74 75) */		add	%g5,%o3,%g2
+/* 0x04d8	 501 (74 76) */		ldx	[%sp+2231],%o0
+/* 0x04dc	 502 (75 76) */		srax	%g2,32,%g3
+/* 0x04e0	 503 (75 78) */		fdtox	%f4,%f4
+/* 0x04e4	 504 (75 76) */		std	%f4,[%sp+2223]
+/* 0x04e8	 505 (76 77) */		st	%o1,[%i0+40]
+/* 0x04ec	 506 (76 77) */		add	%l3,%g3,%g3
+/* 0x04f0	 507 (76 77) */		add	%o0,%l5,%g5
+/* 0x04f4	 508 (77 78) */		st	%o2,[%i0+44]
+/* 0x04f8	 509 (77 78) */		srax	%g3,32,%g4
+/* 0x04fc	 510 (78 79) */		st	%g2,[%i0+48]
+/* 0x0500	 511 (78 79) */		add	%g5,%g4,%g4
+/* 0x0504	 512 (79 80) */		st	%g3,[%i0+52]
+/* 0x0508	 513 (79 80) */		srax	%g4,32,%g5
+/* 0x050c	 514 (80 83) */		ld	[%i1+60],%g3
+/* 0x0510	 515 (81 83) */		ldx	[%sp+2223],%g2
+/* 0x0514	 516 (82 83) */		st	%g4,[%i0+56]
+/* 0x0518	 517 (83 84) */		add	%g2,%g3,%g2
+/* 0x051c	 518 (84 85) */		add	%g2,%g5,%g2
+/* 0x0520	 519 (84 85) */		st	%g2,[%i0+60]
+/* 0x0524	 523 (85 86) */		srax	%g2,32,%o3
+/* 0x0528	 524 (86 87) */		srl	%o3,0,%i0
+/* 0x052c	     (87 89) */		ret	! Result =  %o1 %o0 %f0 %f1
+/* 0x0530	     (89 90) */		restore	%g0,%g0,%g0
+
+!
+! ENTRY .L900000157
+!
+
+                                   .L900000157:		/* frequency 1.0 confidence 0.0 */
+/* 0x0534	 532 ( 0  1) */		fmovd	%f0,%f14
+/* 0x0538	 533 ( 0  3) */		ldd	[%o0],%f8
+/* 0x053c	 539 ( 0  1) */		add	%i3,1,%g2
+/* 0x0540	 540 ( 1  4) */		ld	[%sp+2223],%f7
+/* 0x0544	 541 ( 1  2) */		srl	%g2,31,%g3
+/* 0x0548	 545 ( 1  2) */		add	%fp,-217,%g4
+/* 0x054c	 546 ( 2  3) */		add	%g2,%g3,%g2
+/* 0x0550	 547 ( 2  3) */		or	%g0,0,%g5
+/* 0x0554	 548 ( 2  5) */		ldd	[%o0+8],%f18
+/* 0x0558	 549 ( 3  4) */		fmovs	%f8,%f6
+/* 0x055c	 550 ( 3  4) */		sra	%g2,1,%o1
+/* 0x0560	 551 ( 3  4) */		or	%g0,0,%o0
+/* 0x0564	 552 ( 4  5) */		subcc	%o1,0,%g0
+/* 0x0568	 553 ( 5  6) */		or	%g0,%o1,%o3
+/* 0x056c	 554 ( 5  8) */		fsubd	%f6,%f8,%f16
+/* 0x0570	 555 ( 5  6) */		ble,pt	%icc,.L900000156	! tprob=0.50
+/* 0x0574	     ( 6  7) */		subcc	%i3,0,%g0
+/* 0x0578	 557 ( 6  7) */		sub	%o1,1,%g2
+/* 0x057c	 558 ( 7  8) */		or	%g0,0,%i0
+/* 0x0580	 559 ( 7  8) */		or	%g0,1,%g3
+/* 0x0584	 560 ( 8  9) */		subcc	%o3,10,%g0
+/* 0x0588	 561 ( 8  9) */		bl,pn	%icc,.L77000077	! tprob=0.50
+/* 0x058c	     ( 9 10) */		or	%g0,0,%o1
+/* 0x0590	 563 ( 9 12) */		ldd	[%i2+8],%f0
+/* 0x0594	 564 ( 9 10) */		sub	%o3,3,%o3
+/* 0x0598	 565 (10 13) */		ldd	[%i2],%f2
+/* 0x059c	 566 (10 11) */		or	%g0,7,%o0
+/* 0x05a0	 567 (10 11) */		or	%g0,2,%i0
+/* 0x05a4	 568 (11 13) */		fxnor	%f14,%f0,%f8
+/* 0x05a8	 569 (11 14) */		ldd	[%i2+16],%f4
+/* 0x05ac	 570 (11 12) */		or	%g0,16,%o2
+/* 0x05b0	 571 (12 14) */		fxnor	%f14,%f2,%f2
+/* 0x05b4	 572 (12 15) */		ldd	[%i2+24],%f6
+/* 0x05b8	 573 (12 13) */		or	%g0,48,%o4
+/* 0x05bc	 574 (13 16) */		fitod	%f8,%f12
+/* 0x05c0	 575 (13 14) */		or	%g0,24,%o1
+/* 0x05c4	 576 (13 14) */		or	%g0,3,%g3
+/* 0x05c8	 577 (14 17) */		fitod	%f2,%f0
+/* 0x05cc	 578 (15 18) */		fitod	%f3,%f20
+/* 0x05d0	 579 (15 18) */		ldd	[%i2+32],%f2
+/* 0x05d4	 580 (16 19) */		fitod	%f9,%f10
+/* 0x05d8	 581 (16 19) */		ldd	[%i2+40],%f8
+/* 0x05dc	 582 (17 20) */		fsubd	%f18,%f0,%f0
+/* 0x05e0	 583 (18 21) */		fsubd	%f18,%f20,%f22
+/* 0x05e4	 584 (19 22) */		fsubd	%f18,%f12,%f20
+/* 0x05e8	 585 (19 22) */		ldd	[%i2+48],%f12
+/* 0x05ec	 586 (20 23) */		fsubd	%f18,%f10,%f10
+/* 0x05f0	 587 (20 23) */		fmuld	%f0,%f16,%f0
+/* 0x05f4	 588 (21 23) */		fxnor	%f14,%f4,%f4
+/* 0x05f8	 589 (21 24) */		fmuld	%f22,%f16,%f22
+/* 0x05fc	 590 (22 24) */		fxnor	%f14,%f6,%f6
+/* 0x0600	 591 (22 25) */		fmuld	%f20,%f16,%f20
+/* 0x0604	 592 (23 26) */		fdtox	%f0,%f0
+/* 0x0608	 593 (23 24) */		std	%f0,[%fp-217]
+/* 0x060c	 594 (23 26) */		fmuld	%f10,%f16,%f10
+/* 0x0610	 595 (24 27) */		fdtox	%f22,%f22
+/* 0x0614	 596 (24 25) */		std	%f22,[%fp-209]
+/* 0x0618	 597 (25 28) */		fitod	%f5,%f0
+/* 0x061c	 598 (26 29) */		fdtox	%f10,%f10
+/* 0x0620	 599 (27 30) */		fdtox	%f20,%f20
+/* 0x0624	 600 (27 28) */		std	%f20,[%fp-201]
+/* 0x0628	 601 (28 31) */		fitod	%f4,%f4
+/* 0x062c	 602 (28 29) */		std	%f10,[%fp-193]
+/* 0x0630	 603 (29 31) */		fxnor	%f14,%f2,%f10
+/* 0x0634	 604 (30 33) */		fitod	%f7,%f2
+/* 0x0638	 605 (31 34) */		fsubd	%f18,%f0,%f0
+/* 0x063c	 606 (32 35) */		fsubd	%f18,%f4,%f4
+/* 0x0640	 607 (33 35) */		fxnor	%f14,%f8,%f8
+
+!
+! ENTRY .L900000144
+!
+
+                                   .L900000144:		/* frequency 1.0 confidence 0.0 */
+/* 0x0644	 609 ( 0  3) */		fitod	%f11,%f22
+/* 0x0648	 610 ( 0  1) */		add	%o0,3,%o0
+/* 0x064c	 611 ( 0  1) */		add	%g3,6,%g3
+/* 0x0650	 612 ( 0  3) */		fmuld	%f0,%f16,%f0
+/* 0x0654	 613 ( 1  4) */		fmuld	%f4,%f16,%f24
+/* 0x0658	 614 ( 1  2) */		subcc	%o0,%o3,%g0
+/* 0x065c	 615 ( 1  2) */		add	%i0,6,%i0
+/* 0x0660	 616 ( 1  4) */		fsubd	%f18,%f2,%f2
+/* 0x0664	 617 ( 2  5) */		fitod	%f6,%f4
+/* 0x0668	 618 ( 3  6) */		fdtox	%f0,%f0
+/* 0x066c	 619 ( 3  4) */		add	%o4,8,%i1
+/* 0x0670	 620 ( 4  7) */		ldd	[%i2+%i1],%f20
+/* 0x0674	 621 ( 4  7) */		fdtox	%f24,%f6
+/* 0x0678	 622 ( 4  5) */		add	%o2,16,%o4
+/* 0x067c	 623 ( 5  8) */		fsubd	%f18,%f4,%f4
+/* 0x0680	 624 ( 5  6) */		std	%f6,[%o4+%g4]
+/* 0x0684	 625 ( 5  6) */		add	%o1,16,%o2
+/* 0x0688	 626 ( 6  8) */		fxnor	%f14,%f12,%f6
+/* 0x068c	 627 ( 6  7) */		std	%f0,[%o2+%g4]
+/* 0x0690	 628 ( 7 10) */		fitod	%f9,%f0
+/* 0x0694	 629 ( 7 10) */		fmuld	%f2,%f16,%f2
+/* 0x0698	 630 ( 8 11) */		fmuld	%f4,%f16,%f24
+/* 0x069c	 631 ( 8 11) */		fsubd	%f18,%f22,%f12
+/* 0x06a0	 632 ( 9 12) */		fitod	%f10,%f4
+/* 0x06a4	 633 (10 13) */		fdtox	%f2,%f2
+/* 0x06a8	 634 (10 11) */		add	%i1,8,%o1
+/* 0x06ac	 635 (11 14) */		ldd	[%i2+%o1],%f22
+/* 0x06b0	 636 (11 14) */		fdtox	%f24,%f10
+/* 0x06b4	 637 (11 12) */		add	%o4,16,%i4
+/* 0x06b8	 638 (12 15) */		fsubd	%f18,%f4,%f4
+/* 0x06bc	 639 (12 13) */		std	%f10,[%i4+%g4]
+/* 0x06c0	 640 (12 13) */		add	%o2,16,%i1
+/* 0x06c4	 641 (13 15) */		fxnor	%f14,%f20,%f10
+/* 0x06c8	 642 (13 14) */		std	%f2,[%i1+%g4]
+/* 0x06cc	 643 (14 17) */		fitod	%f7,%f2
+/* 0x06d0	 644 (14 17) */		fmuld	%f12,%f16,%f12
+/* 0x06d4	 645 (15 18) */		fmuld	%f4,%f16,%f24
+/* 0x06d8	 646 (15 18) */		fsubd	%f18,%f0,%f0
+/* 0x06dc	 647 (16 19) */		fitod	%f8,%f4
+/* 0x06e0	 648 (17 20) */		fdtox	%f12,%f20
+/* 0x06e4	 649 (17 18) */		add	%o1,8,%o4
+/* 0x06e8	 650 (18 21) */		ldd	[%i2+%o4],%f12
+/* 0x06ec	 651 (18 21) */		fdtox	%f24,%f8
+/* 0x06f0	 652 (18 19) */		add	%i4,16,%o2
+/* 0x06f4	 653 (19 22) */		fsubd	%f18,%f4,%f4
+/* 0x06f8	 654 (19 20) */		std	%f8,[%o2+%g4]
+/* 0x06fc	 655 (19 20) */		add	%i1,16,%o1
+/* 0x0700	 656 (20 22) */		fxnor	%f14,%f22,%f8
+/* 0x0704	 657 (20 21) */		ble,pt	%icc,.L900000144	! tprob=0.50
+/* 0x0708	     (20 21) */		std	%f20,[%o1+%g4]
+
+!
+! ENTRY .L900000147
+!
+
+                                   .L900000147:		/* frequency 1.0 confidence 0.0 */
+/* 0x070c	 660 ( 0  3) */		fitod	%f6,%f6
+/* 0x0710	 661 ( 0  3) */		fmuld	%f4,%f16,%f24
+/* 0x0714	 662 ( 0  1) */		add	%i4,32,%l4
+/* 0x0718	 663 ( 1  4) */		fsubd	%f18,%f2,%f2
+/* 0x071c	 664 ( 1  4) */		fmuld	%f0,%f16,%f22
+/* 0x0720	 665 ( 1  2) */		add	%i1,32,%l3
+/* 0x0724	 666 ( 2  5) */		fitod	%f10,%f28
+/* 0x0728	 667 ( 2  3) */		sra	%o0,0,%o2
+/* 0x072c	 668 ( 2  3) */		add	%i4,48,%l2
+/* 0x0730	 669 ( 3  6) */		fsubd	%f18,%f6,%f4
+/* 0x0734	 670 ( 3  4) */		add	%i1,48,%l1
+/* 0x0738	 671 ( 3  4) */		add	%i4,64,%l0
+/* 0x073c	 672 ( 4  7) */		fitod	%f11,%f26
+/* 0x0740	 673 ( 4  5) */		sllx	%o2,3,%o1
+/* 0x0744	 674 ( 4  5) */		add	%i1,64,%i5
+/* 0x0748	 675 ( 5  8) */		fitod	%f8,%f6
+/* 0x074c	 676 ( 5  6) */		add	%i4,80,%i4
+/* 0x0750	 677 ( 5  6) */		add	%i1,80,%i1
+/* 0x0754	 678 ( 6  8) */		fxnor	%f14,%f12,%f0
+/* 0x0758	 679 ( 6  9) */		fmuld	%f4,%f16,%f20
+/* 0x075c	 680 ( 6  7) */		add	%i4,16,%o4
+/* 0x0760	 681 ( 7 10) */		fitod	%f9,%f4
+/* 0x0764	 682 ( 7 10) */		fmuld	%f2,%f16,%f12
+/* 0x0768	 683 ( 7  8) */		add	%i1,16,%o3
+/* 0x076c	 684 ( 8 11) */		fsubd	%f18,%f28,%f10
+/* 0x0770	 685 ( 8  9) */		subcc	%o0,%g2,%g0
+/* 0x0774	 686 ( 8  9) */		add	%g3,12,%g3
+/* 0x0778	 687 ( 9 12) */		fitod	%f0,%f2
+/* 0x077c	 688 (10 13) */		fsubd	%f18,%f26,%f8
+/* 0x0780	 689 (11 14) */		fitod	%f1,%f0
+/* 0x0784	 690 (11 14) */		fmuld	%f10,%f16,%f10
+/* 0x0788	 691 (12 15) */		fdtox	%f24,%f24
+/* 0x078c	 692 (12 13) */		std	%f24,[%l4+%g4]
+/* 0x0790	 693 (12 13) */		add	%i0,12,%i0
+/* 0x0794	 694 (13 16) */		fsubd	%f18,%f6,%f6
+/* 0x0798	 695 (13 16) */		fmuld	%f8,%f16,%f8
+/* 0x079c	 696 (14 17) */		fdtox	%f22,%f22
+/* 0x07a0	 697 (14 15) */		std	%f22,[%l3+%g4]
+/* 0x07a4	 698 (15 18) */		fsubd	%f18,%f4,%f4
+/* 0x07a8	 699 (16 19) */		fdtox	%f20,%f20
+/* 0x07ac	 700 (16 17) */		std	%f20,[%l2+%g4]
+/* 0x07b0	 701 (16 19) */		fmuld	%f6,%f16,%f6
+/* 0x07b4	 702 (17 20) */		fsubd	%f18,%f2,%f2
+/* 0x07b8	 703 (18 21) */		fsubd	%f18,%f0,%f0
+/* 0x07bc	 704 (18 21) */		fmuld	%f4,%f16,%f4
+/* 0x07c0	 705 (19 22) */		fdtox	%f12,%f12
+/* 0x07c4	 706 (19 20) */		std	%f12,[%l1+%g4]
+/* 0x07c8	 707 (20 23) */		fdtox	%f10,%f10
+/* 0x07cc	 708 (20 21) */		std	%f10,[%l0+%g4]
+/* 0x07d0	 709 (20 23) */		fmuld	%f2,%f16,%f2
+/* 0x07d4	 710 (21 24) */		fdtox	%f8,%f8
+/* 0x07d8	 711 (21 22) */		std	%f8,[%i5+%g4]
+/* 0x07dc	 712 (21 24) */		fmuld	%f0,%f16,%f0
+/* 0x07e0	 713 (22 25) */		fdtox	%f6,%f6
+/* 0x07e4	 714 (22 23) */		std	%f6,[%i4+%g4]
+/* 0x07e8	 715 (23 26) */		fdtox	%f4,%f4
+/* 0x07ec	 716 (23 24) */		std	%f4,[%i1+%g4]
+/* 0x07f0	 717 (24 27) */		fdtox	%f2,%f2
+/* 0x07f4	 718 (24 25) */		std	%f2,[%o4+%g4]
+/* 0x07f8	 719 (25 28) */		fdtox	%f0,%f0
+/* 0x07fc	 720 (25 26) */		bg,pn	%icc,.L77000043	! tprob=0.50
+/* 0x0800	     (25 26) */		std	%f0,[%o3+%g4]
+
+!
+! ENTRY .L77000077
+!
+
+                                   .L77000077:		/* frequency 1.0 confidence 0.0 */
+/* 0x0804	 723 ( 0  3) */		ldd	[%i2+%o1],%f0
+
+!
+! ENTRY .L900000155
+!
+
+                                   .L900000155:		/* frequency 1.0 confidence 0.0 */
+/* 0x0808	 725 ( 0  2) */		fxnor	%f14,%f0,%f0
+/* 0x080c	 726 ( 0  1) */		sra	%i0,0,%o1
+/* 0x0810	 727 ( 0  1) */		add	%o0,1,%o0
+/* 0x0814	 728 ( 1  2) */		sllx	%o1,3,%i4
+/* 0x0818	 729 ( 1  2) */		add	%i0,2,%i0
+/* 0x081c	 730 ( 2  5) */		fitod	%f0,%f2
+/* 0x0820	 731 ( 2  3) */		sra	%g3,0,%o1
+/* 0x0824	 732 ( 2  3) */		add	%g3,2,%g3
+/* 0x0828	 733 ( 3  6) */		fitod	%f1,%f0
+/* 0x082c	 734 ( 3  4) */		sllx	%o1,3,%i1
+/* 0x0830	 735 ( 3  4) */		subcc	%o0,%g2,%g0
+/* 0x0834	 736 ( 4  5) */		sra	%o0,0,%o2
+/* 0x0838	 737 ( 5  8) */		fsubd	%f18,%f2,%f2
+/* 0x083c	 738 ( 5  6) */		sllx	%o2,3,%o1
+/* 0x0840	 739 ( 6  9) */		fsubd	%f18,%f0,%f0
+/* 0x0844	 740 ( 8 11) */		fmuld	%f2,%f16,%f2
+/* 0x0848	 741 ( 9 12) */		fmuld	%f0,%f16,%f0
+/* 0x084c	 742 (11 14) */		fdtox	%f2,%f2
+/* 0x0850	 743 (11 12) */		std	%f2,[%i4+%g4]
+/* 0x0854	 744 (12 15) */		fdtox	%f0,%f0
+/* 0x0858	 745 (12 13) */		std	%f0,[%i1+%g4]
+/* 0x085c	 746 (12 13) */		ble,a,pt	%icc,.L900000155	! tprob=0.50
+/* 0x0860	     (14 17) */		ldd	[%i2+%o1],%f0
+
+!
+! ENTRY .L77000043
+!
+
+                                   .L77000043:		/* frequency 1.0 confidence 0.0 */
+/* 0x0864	 754 ( 0  1) */		subcc	%i3,0,%g0
+
+!
+! ENTRY .L900000156
+!
+
+                                   .L900000156:		/* frequency 1.0 confidence 0.0 */
+/* 0x0868	 756 ( 0  1) */		ble,a,pt	%icc,.L77000061	! tprob=0.50
+/* 0x086c	     ( 0  1) */		or	%g0,%g5,%o3
+/* 0x0870	 761 ( 0  2) */		ldx	[%fp-209],%i1
+/* 0x0874	 762 ( 1  2) */		sub	%i3,1,%g3
+/* 0x0878	 763 ( 1  2) */		or	%g0,0,%i0
+/* 0x087c	 764 ( 2  3) */		subcc	%i3,5,%g0
+/* 0x0880	 765 ( 2  3) */		bl,pn	%icc,.L77000078	! tprob=0.50
+/* 0x0884	     ( 2  4) */		ldx	[%fp-217],%i2
+/* 0x0888	 767 ( 3  6) */		ld	[%o5],%i3
+/* 0x088c	 768 ( 3  4) */		or	%g0,8,%g2
+/* 0x0890	 769 ( 3  4) */		or	%g0,16,%o4
+/* 0x0894	 770 ( 4  5) */		sub	%g3,1,%o3
+/* 0x0898	 771 ( 4  5) */		or	%g0,3,%i0
+/* 0x089c	 772 ( 5  6) */		add	%i2,%i3,%o1
+/* 0x08a0	 773 ( 5  8) */		ld	[%o5+4],%i2
+/* 0x08a4	 774 ( 6  7) */		st	%o1,[%o7]
+/* 0x08a8	 775 ( 6  7) */		srax	%o1,32,%o1
+/* 0x08ac	 776 ( 7  9) */		ldx	[%fp-201],%o2
+/* 0x08b0	 777 ( 7  8) */		add	%i1,%i2,%o0
+/* 0x08b4	 778 ( 7  8) */		or	%g0,%o1,%i1
+/* 0x08b8	 779 ( 8 11) */		ld	[%o5+8],%o1
+/* 0x08bc	 780 ( 8  9) */		add	%o0,%i1,%o0
+/* 0x08c0	 781 ( 9 10) */		st	%o0,[%o7+4]
+/* 0x08c4	 782 ( 9 10) */		srax	%o0,32,%o0
+
+!
+! ENTRY .L900000140
+!
+
+                                   .L900000140:		/* frequency 1.0 confidence 0.0 */
+/* 0x08c8	 784 ( 0  1) */		add	%g2,4,%i1
+/* 0x08cc	 785 ( 0  1) */		add	%o4,8,%o4
+/* 0x08d0	 786 ( 1  3) */		ldx	[%o4+%g4],%i2
+/* 0x08d4	 787 ( 1  2) */		sra	%o0,0,%g5
+/* 0x08d8	 788 ( 1  2) */		add	%o2,%o1,%o1
+/* 0x08dc	 789 ( 2  5) */		ld	[%o5+%i1],%o0
+/* 0x08e0	 790 ( 2  3) */		add	%o1,%g5,%o1
+/* 0x08e4	 791 ( 2  3) */		add	%i0,2,%i0
+/* 0x08e8	 792 ( 3  4) */		st	%o1,[%o7+%g2]
+/* 0x08ec	 793 ( 3  4) */		srax	%o1,32,%g5
+/* 0x08f0	 794 ( 3  4) */		subcc	%i0,%o3,%g0
+/* 0x08f4	 795 ( 4  5) */		add	%g2,8,%g2
+/* 0x08f8	 796 ( 4  5) */		add	%o4,8,%o4
+/* 0x08fc	 797 ( 5  7) */		ldx	[%o4+%g4],%o2
+/* 0x0900	 798 ( 5  6) */		add	%i2,%o0,%o0
+/* 0x0904	 799 ( 6  9) */		ld	[%o5+%g2],%o1
+/* 0x0908	 800 ( 6  7) */		add	%o0,%g5,%o0
+/* 0x090c	 801 ( 7  8) */		st	%o0,[%o7+%i1]
+/* 0x0910	 802 ( 7  8) */		ble,pt	%icc,.L900000140	! tprob=0.50
+/* 0x0914	     ( 7  8) */		srax	%o0,32,%o0
+
+!
+! ENTRY .L900000143
+!
+
+                                   .L900000143:		/* frequency 1.0 confidence 0.0 */
+/* 0x0918	 805 ( 0  1) */		sra	%o0,0,%o3
+/* 0x091c	 806 ( 0  1) */		add	%o2,%o1,%o0
+/* 0x0920	 807 ( 1  2) */		add	%o0,%o3,%o0
+/* 0x0924	 808 ( 1  2) */		st	%o0,[%o7+%g2]
+/* 0x0928	 809 ( 1  2) */		subcc	%i0,%g3,%g0
+/* 0x092c	 810 ( 2  3) */		srax	%o0,32,%g5
+/* 0x0930	 811 ( 2  3) */		bg,a,pn	%icc,.L77000061	! tprob=0.50
+/* 0x0934	     ( 3  4) */		or	%g0,%g5,%o3
+
+!
+! ENTRY .L77000078
+!
+
+                                   .L77000078:		/* frequency 1.0 confidence 0.0 */
+/* 0x0938	 814 ( 0  1) */		sra	%i0,0,%o0
+
+!
+! ENTRY .L900000154
+!
+
+                                   .L900000154:		/* frequency 1.0 confidence 0.0 */
+/* 0x093c	 816 ( 0  1) */		sllx	%o0,2,%g2
+/* 0x0940	 817 ( 0  1) */		add	%i0,1,%i0
+/* 0x0944	 818 ( 1  2) */		sllx	%o0,3,%o4
+/* 0x0948	 819 ( 1  4) */		ld	[%o5+%g2],%o2
+/* 0x094c	 820 ( 1  2) */		subcc	%i0,%g3,%g0
+/* 0x0950	 821 ( 2  4) */		ldx	[%o4+%g4],%o0
+/* 0x0954	 822 ( 2  3) */		sra	%g5,0,%o1
+/* 0x0958	 823 ( 4  5) */		add	%o0,%o2,%o0
+/* 0x095c	 824 ( 5  6) */		add	%o0,%o1,%o0
+/* 0x0960	 825 ( 5  6) */		st	%o0,[%o7+%g2]
+/* 0x0964	 826 ( 6  7) */		srax	%o0,32,%g5
+/* 0x0968	 827 ( 6  7) */		ble,pt	%icc,.L900000154	! tprob=0.50
+/* 0x096c	     ( 7  8) */		sra	%i0,0,%o0
+
+!
+! ENTRY .L77000047
+!
+
+                                   .L77000047:		/* frequency 1.0 confidence 0.0 */
+/* 0x0970	 834 ( 0  1) */		or	%g0,%g5,%o3
+
+!
+! ENTRY .L77000061
+!
+
+                                  .L77000061:		/* frequency 1.0 confidence 0.0 */
+
+/* 0x0974	 835 ( 1  2) */		srl	%o3,0,%i0
+/* 0x0978	     ( 2  4) */		ret	! Result =  %o1 %o0 %f0 %f1
+/* 0x097c	     ( 4  5) */		restore	%g0,%g0,%g0
+
+!
+! ENTRY .L77000048
+!
+
+                                   .L77000048:		/* frequency 1.0 confidence 0.0 */
+/* 0x0980	 844 ( 0  1) */		bne,pn	%icc,.L77000050	! tprob=0.50
+/* 0x0984	     ( 0  1) */		sethi	%hi(0xfff80000),%g2
+/* 0x0988	 854 ( 0  3) */		ldd	[%o2],%f4
+/* 0x098c	 855 ( 1  4) */		ldd	[%o0],%f6
+/* 0x0990	 856 ( 1  2) */		srl	%i4,19,%g3
+/* 0x0994	 857 ( 1  2) */		andn	%i4,%g2,%g2
+/* 0x0998	 858 ( 2  3) */		st	%g3,[%sp+2351]
+/* 0x099c	 859 ( 2  4) */		fxnor	%f0,%f4,%f4
+/* 0x09a0	 860 ( 3  4) */		st	%g2,[%sp+2355]
+/* 0x09a4	 861 ( 4  7) */		ldd	[%o2+8],%f12
+/* 0x09a8	 862 ( 4  7) */		fitod	%f4,%f10
+/* 0x09ac	 863 ( 5  8) */		ldd	[%o0+8],%f16
+/* 0x09b0	 864 ( 5  8) */		fitod	%f5,%f4
+/* 0x09b4	 865 ( 6  9) */		ldd	[%o2+16],%f18
+/* 0x09b8	 866 ( 6  8) */		fxnor	%f0,%f12,%f12
+/* 0x09bc	 867 ( 7 10) */		ld	[%sp+2351],%f9
+/* 0x09c0	 868 ( 7 10) */		fsubd	%f16,%f10,%f10
+/* 0x09c4	 869 ( 8 11) */		ld	[%sp+2355],%f15
+/* 0x09c8	 870 ( 8 11) */		fitod	%f12,%f22
+/* 0x09cc	 871 ( 9 12) */		ldd	[%o2+24],%f20
+/* 0x09d0	 872 ( 9 12) */		fitod	%f13,%f12
+/* 0x09d4	 876 (10 13) */		ld	[%i1],%g2
+/* 0x09d8	 877 (10 13) */		fsubd	%f16,%f4,%f4
+/* 0x09dc	 878 (11 14) */		ld	[%i1+4],%g3
+/* 0x09e0	 879 (11 14) */		fsubd	%f16,%f22,%f22
+/* 0x09e4	 880 (12 15) */		ld	[%i1+8],%g4
+/* 0x09e8	 881 (12 14) */		fxnor	%f0,%f18,%f18
+/* 0x09ec	 882 (13 16) */		ld	[%i1+12],%g5
+/* 0x09f0	 883 (13 16) */		fsubd	%f16,%f12,%f12
+/* 0x09f4	 884 (14 17) */		ld	[%i1+16],%o0
+/* 0x09f8	 885 (14 17) */		fitod	%f18,%f26
+/* 0x09fc	 886 (15 18) */		ld	[%i1+20],%o1
+/* 0x0a00	 887 (15 17) */		fxnor	%f0,%f20,%f20
+/* 0x0a04	 888 (16 19) */		ld	[%i1+24],%o2
+/* 0x0a08	 889 (17 20) */		ld	[%i1+28],%o3
+/* 0x0a0c	 890 (19 20) */		fmovs	%f6,%f8
+/* 0x0a10	 891 (20 21) */		fmovs	%f6,%f14
+/* 0x0a14	 892 (22 25) */		fsubd	%f8,%f6,%f8
+/* 0x0a18	 893 (23 26) */		fsubd	%f14,%f6,%f6
+/* 0x0a1c	 894 (25 28) */		fmuld	%f10,%f8,%f14
+/* 0x0a20	 895 (26 29) */		fmuld	%f10,%f6,%f10
+/* 0x0a24	 896 (27 30) */		fmuld	%f4,%f8,%f24
+/* 0x0a28	 897 (28 31) */		fdtox	%f14,%f14
+/* 0x0a2c	 898 (28 29) */		std	%f14,[%sp+2335]
+/* 0x0a30	 899 (28 31) */		fmuld	%f22,%f8,%f28
+/* 0x0a34	 900 (29 32) */		fitod	%f19,%f14
+/* 0x0a38	 901 (29 32) */		fmuld	%f22,%f6,%f18
+/* 0x0a3c	 902 (30 33) */		fdtox	%f10,%f10
+/* 0x0a40	 903 (30 31) */		std	%f10,[%sp+2343]
+/* 0x0a44	 904 (30 33) */		fmuld	%f4,%f6,%f4
+/* 0x0a48	 905 (31 34) */		fmuld	%f12,%f8,%f22
+/* 0x0a4c	 906 (32 35) */		fdtox	%f18,%f18
+/* 0x0a50	 907 (32 33) */		std	%f18,[%sp+2311]
+/* 0x0a54	 908 (32 35) */		fmuld	%f12,%f6,%f10
+/* 0x0a58	 909 (33 35) */		ldx	[%sp+2335],%o4
+/* 0x0a5c	 910 (33 36) */		fdtox	%f24,%f12
+/* 0x0a60	 911 (34 35) */		std	%f12,[%sp+2319]
+/* 0x0a64	 912 (34 37) */		fsubd	%f16,%f26,%f12
+/* 0x0a68	 913 (35 37) */		ldx	[%sp+2343],%o5
+/* 0x0a6c	 914 (35 36) */		sllx	%o4,19,%o4
+/* 0x0a70	 915 (35 38) */		fdtox	%f4,%f4
+/* 0x0a74	 916 (36 37) */		std	%f4,[%sp+2327]
+/* 0x0a78	 917 (36 39) */		fdtox	%f28,%f24
+/* 0x0a7c	 918 (37 38) */		std	%f24,[%sp+2303]
+/* 0x0a80	 919 (37 40) */		fitod	%f20,%f4
+/* 0x0a84	 920 (37 38) */		add	%o5,%o4,%o4
+/* 0x0a88	 921 (37 40) */		fmuld	%f12,%f8,%f24
+/* 0x0a8c	 922 (38 40) */		ldx	[%sp+2319],%o7
+/* 0x0a90	 923 (38 41) */		fsubd	%f16,%f14,%f14
+/* 0x0a94	 924 (38 39) */		add	%o4,%g2,%o4
+/* 0x0a98	 925 (38 41) */		fmuld	%f12,%f6,%f12
+/* 0x0a9c	 926 (39 41) */		ldx	[%sp+2327],%o5
+/* 0x0aa0	 927 (39 42) */		fitod	%f21,%f18
+/* 0x0aa4	 928 (40 41) */		st	%o4,[%i0]
+/* 0x0aa8	 929 (40 41) */		sllx	%o7,19,%o7
+/* 0x0aac	 930 (40 43) */		fdtox	%f22,%f20
+/* 0x0ab0	 931 (41 42) */		std	%f20,[%sp+2287]
+/* 0x0ab4	 932 (41 44) */		fdtox	%f10,%f10
+/* 0x0ab8	 933 (41 42) */		add	%o5,%o7,%o5
+/* 0x0abc	 934 (41 44) */		fmuld	%f14,%f8,%f20
+/* 0x0ac0	 935 (42 43) */		std	%f10,[%sp+2295]
+/* 0x0ac4	 936 (42 43) */		srlx	%o4,32,%o7
+/* 0x0ac8	 937 (42 45) */		fsubd	%f16,%f4,%f4
+/* 0x0acc	 938 (42 45) */		fmuld	%f14,%f6,%f14
+/* 0x0ad0	 939 (43 45) */		ldx	[%sp+2311],%g2
+/* 0x0ad4	 940 (43 46) */		fdtox	%f24,%f10
+/* 0x0ad8	 941 (43 44) */		add	%o5,%g3,%g3
+/* 0x0adc	 942 (44 45) */		std	%f10,[%sp+2271]
+/* 0x0ae0	 943 (44 45) */		add	%g3,%o7,%g3
+/* 0x0ae4	 944 (44 47) */		fdtox	%f12,%f12
+/* 0x0ae8	 945 (45 47) */		ldx	[%sp+2303],%l0
+/* 0x0aec	 946 (45 48) */		fsubd	%f16,%f18,%f10
+/* 0x0af0	 947 (45 48) */		fmuld	%f4,%f8,%f16
+/* 0x0af4	 948 (46 47) */		std	%f12,[%sp+2279]
+/* 0x0af8	 949 (46 49) */		fdtox	%f20,%f12
+/* 0x0afc	 950 (46 49) */		fmuld	%f4,%f6,%f4
+/* 0x0b00	 951 (47 48) */		std	%f12,[%sp+2255]
+/* 0x0b04	 952 (47 48) */		sllx	%l0,19,%l0
+/* 0x0b08	 953 (47 50) */		fdtox	%f14,%f12
+/* 0x0b0c	 954 (48 50) */		ldx	[%sp+2287],%o5
+/* 0x0b10	 955 (48 49) */		add	%g2,%l0,%g2
+/* 0x0b14	 956 (48 51) */		fmuld	%f10,%f8,%f8
+/* 0x0b18	 957 (49 51) */		ldx	[%sp+2295],%l1
+/* 0x0b1c	 958 (49 50) */		srlx	%g3,32,%l0
+/* 0x0b20	 959 (49 50) */		add	%g2,%g4,%g4
+/* 0x0b24	 960 (49 52) */		fmuld	%f10,%f6,%f6
+/* 0x0b28	 961 (50 51) */		std	%f12,[%sp+2263]
+/* 0x0b2c	 962 (50 51) */		sllx	%o5,19,%g2
+/* 0x0b30	 963 (50 51) */		add	%g4,%l0,%g4
+/* 0x0b34	 964 (51 53) */		ldx	[%sp+2279],%l0
+/* 0x0b38	 965 (51 52) */		srlx	%g4,32,%o5
+/* 0x0b3c	 966 (51 52) */		add	%l1,%g2,%g2
+/* 0x0b40	 967 (52 53) */		st	%g3,[%i0+4]
+/* 0x0b44	 968 (52 53) */		add	%g2,%g5,%g2
+/* 0x0b48	 969 (52 55) */		fdtox	%f16,%f10
+/* 0x0b4c	 970 (53 55) */		ldx	[%sp+2271],%o7
+/* 0x0b50	 971 (53 54) */		add	%g2,%o5,%g2
+/* 0x0b54	 972 (53 56) */		fdtox	%f4,%f4
+/* 0x0b58	 973 (54 55) */		std	%f10,[%sp+2239]
+/* 0x0b5c	 974 (55 56) */		sllx	%o7,19,%o7
+/* 0x0b60	 975 (55 56) */		std	%f4,[%sp+2247]
+/* 0x0b64	 976 (55 58) */		fdtox	%f8,%f4
+/* 0x0b68	 977 (56 57) */		add	%l0,%o7,%o7
+/* 0x0b6c	 978 (56 58) */		ldx	[%sp+2263],%o5
+/* 0x0b70	 979 (57 58) */		add	%o7,%o0,%o0
+/* 0x0b74	 980 (57 58) */		std	%f4,[%sp+2223]
+/* 0x0b78	 981 (57 60) */		fdtox	%f6,%f4
+/* 0x0b7c	 982 (58 60) */		ldx	[%sp+2255],%g5
+/* 0x0b80	 983 (58 59) */		srlx	%g2,32,%o7
+/* 0x0b84	 984 (59 60) */		std	%f4,[%sp+2231]
+/* 0x0b88	 985 (59 60) */		add	%o0,%o7,%o0
+/* 0x0b8c	 986 (60 61) */		sllx	%g5,19,%g5
+/* 0x0b90	 987 (60 62) */		ldx	[%sp+2247],%l1
+/* 0x0b94	 988 (61 62) */		add	%o5,%g5,%g5
+/* 0x0b98	 989 (61 62) */		st	%g2,[%i0+12]
+/* 0x0b9c	 990 (62 64) */		ldx	[%sp+2239],%l0
+/* 0x0ba0	 991 (62 63) */		srlx	%o0,32,%o4
+/* 0x0ba4	 992 (62 63) */		add	%g5,%o1,%o1
+/* 0x0ba8	 993 (63 64) */		add	%o1,%o4,%o1
+/* 0x0bac	 994 (63 65) */		ldx	[%sp+2223],%o7
+/* 0x0bb0	 995 (64 65) */		sllx	%l0,19,%g3
+/* 0x0bb4	 996 (64 66) */		ldx	[%sp+2231],%o5
+/* 0x0bb8	 997 (65 66) */		add	%l1,%g3,%o4
+/* 0x0bbc	 998 (65 66) */		st	%o0,[%i0+16]
+/* 0x0bc0	 999 (66 67) */		add	%o4,%o2,%o2
+/* 0x0bc4	1000 (66 67) */		st	%o1,[%i0+20]
+/* 0x0bc8	1001 (67 68) */		srlx	%o1,32,%o4
+/* 0x0bcc	1002 (67 68) */		st	%g4,[%i0+8]
+/* 0x0bd0	1003 (68 69) */		sllx	%o7,19,%g2
+/* 0x0bd4	1004 (68 69) */		add	%o2,%o4,%o4
+/* 0x0bd8	1005 (68 69) */		st	%o4,[%i0+24]
+/* 0x0bdc	1006 (69 70) */		add	%o5,%g2,%g2
+/* 0x0be0	1007 (70 71) */		srlx	%o4,32,%g3
+/* 0x0be4	1008 (70 71) */		add	%g2,%o3,%g2
+/* 0x0be8	1009 (71 72) */		add	%g2,%g3,%g2
+/* 0x0bec	1010 (71 72) */		st	%g2,[%i0+28]
+/* 0x0bf0	1014 (72 73) */		srlx	%g2,32,%o3
+/* 0x0bf4	1015 (73 74) */		srl	%o3,0,%i0
+/* 0x0bf8	     (74 76) */		ret	! Result =  %o1 %o0 %f0 %f1
+/* 0x0bfc	     (76 77) */		restore	%g0,%g0,%g0
+
+!
+! ENTRY .L77000050
+!
+
+                                   .L77000050:		/* frequency 1.0 confidence 0.0 */
+/* 0x0c00	1022 ( 0  1) */		subcc	%i3,16,%g0
+/* 0x0c04	1023 ( 0  1) */		bne,pn	%icc,.L77000073	! tprob=0.50
+/* 0x0c08	     ( 0  1) */		sethi	%hi(0xfff80000),%g2
+/* 0x0c0c	1034 ( 1  4) */		ldd	[%o2],%f4
+/* 0x0c10	1035 ( 1  2) */		andn	%i4,%g2,%g2
+/* 0x0c14	1036 ( 2  3) */		st	%g2,[%sp+2483]
+/* 0x0c18	1037 ( 2  3) */		srl	%i4,19,%g2
+/* 0x0c1c	1038 ( 3  4) */		st	%g2,[%sp+2479]
+/* 0x0c20	1039 ( 3  5) */		fxnor	%f0,%f4,%f4
+/* 0x0c24	1040 ( 4  7) */		ldd	[%o0],%f8
+/* 0x0c28	1041 ( 5  8) */		fitod	%f4,%f10
+/* 0x0c2c	1042 ( 5  8) */		ldd	[%o0+8],%f16
+/* 0x0c30	1043 ( 6  9) */		ldd	[%o2+8],%f14
+/* 0x0c34	1044 ( 6  9) */		fitod	%f5,%f4
+/* 0x0c38	1045 ( 7 10) */		ld	[%sp+2483],%f13
+/* 0x0c3c	1046 ( 8 11) */		ld	[%sp+2479],%f7
+/* 0x0c40	1047 ( 8 11) */		fsubd	%f16,%f10,%f10
+/* 0x0c44	1048 ( 9 11) */		fxnor	%f0,%f14,%f14
+/* 0x0c48	1049 (10 13) */		fsubd	%f16,%f4,%f4
+/* 0x0c4c	1050 (14 15) */		fmovs	%f8,%f12
+/* 0x0c50	1051 (15 16) */		fmovs	%f8,%f6
+/* 0x0c54	1052 (17 20) */		fsubd	%f12,%f8,%f12
+/* 0x0c58	1053 (18 21) */		fsubd	%f6,%f8,%f6
+/* 0x0c5c	1054 (19 22) */		fitod	%f14,%f8
+/* 0x0c60	1055 (20 23) */		fmuld	%f10,%f12,%f18
+/* 0x0c64	1056 (20 23) */		fitod	%f15,%f14
+/* 0x0c68	1057 (21 24) */		fmuld	%f10,%f6,%f10
+/* 0x0c6c	1058 (22 25) */		fsubd	%f16,%f8,%f8
+/* 0x0c70	1059 (22 25) */		fmuld	%f4,%f12,%f20
+/* 0x0c74	1060 (23 26) */		fmuld	%f4,%f6,%f4
+/* 0x0c78	1061 (23 26) */		fsubd	%f16,%f14,%f14
+/* 0x0c7c	1062 (24 27) */		fdtox	%f10,%f10
+/* 0x0c80	1063 (24 25) */		std	%f10,[%sp+2463]
+/* 0x0c84	1064 (25 28) */		fmuld	%f8,%f12,%f10
+/* 0x0c88	1065 (25 28) */		fdtox	%f18,%f18
+/* 0x0c8c	1066 (25 26) */		std	%f18,[%sp+2471]
+/* 0x0c90	1067 (26 29) */		fmuld	%f8,%f6,%f8
+/* 0x0c94	1068 (26 29) */		fdtox	%f4,%f4
+/* 0x0c98	1069 (26 27) */		std	%f4,[%sp+2447]
+/* 0x0c9c	1070 (27 30) */		fmuld	%f14,%f12,%f4
+/* 0x0ca0	1071 (27 30) */		fdtox	%f20,%f18
+/* 0x0ca4	1072 (27 28) */		std	%f18,[%sp+2455]
+/* 0x0ca8	1073 (28 31) */		fdtox	%f10,%f10
+/* 0x0cac	1074 (28 29) */		std	%f10,[%sp+2439]
+/* 0x0cb0	1075 (28 31) */		fmuld	%f14,%f6,%f14
+/* 0x0cb4	1076 (29 32) */		fdtox	%f8,%f8
+/* 0x0cb8	1077 (29 30) */		std	%f8,[%sp+2431]
+/* 0x0cbc	1078 (30 33) */		ldd	[%o2+16],%f10
+/* 0x0cc0	1079 (30 33) */		fdtox	%f4,%f4
+/* 0x0cc4	1080 (31 34) */		ldd	[%o2+24],%f8
+/* 0x0cc8	1081 (31 34) */		fdtox	%f14,%f14
+/* 0x0ccc	1082 (32 33) */		std	%f4,[%sp+2423]
+/* 0x0cd0	1083 (32 34) */		fxnor	%f0,%f10,%f10
+/* 0x0cd4	1084 (33 35) */		fxnor	%f0,%f8,%f4
+/* 0x0cd8	1085 (33 34) */		std	%f14,[%sp+2415]
+/* 0x0cdc	1086 (34 37) */		fitod	%f10,%f8
+/* 0x0ce0	1087 (35 38) */		fitod	%f11,%f10
+/* 0x0ce4	1088 (36 39) */		fitod	%f4,%f14
+/* 0x0ce8	1089 (37 40) */		fsubd	%f16,%f8,%f8
+/* 0x0cec	1090 (38 41) */		fsubd	%f16,%f10,%f10
+/* 0x0cf0	1091 (39 42) */		fsubd	%f16,%f14,%f14
+/* 0x0cf4	1092 (40 43) */		fmuld	%f8,%f12,%f18
+/* 0x0cf8	1093 (40 43) */		fitod	%f5,%f4
+/* 0x0cfc	1094 (41 44) */		fmuld	%f8,%f6,%f8
+/* 0x0d00	1095 (42 45) */		fmuld	%f10,%f12,%f20
+/* 0x0d04	1096 (43 46) */		fmuld	%f10,%f6,%f10
+/* 0x0d08	1097 (43 46) */		fsubd	%f16,%f4,%f4
+/* 0x0d0c	1098 (44 47) */		fdtox	%f8,%f8
+/* 0x0d10	1099 (44 45) */		std	%f8,[%sp+2399]
+/* 0x0d14	1100 (45 48) */		fmuld	%f14,%f12,%f8
+/* 0x0d18	1101 (45 48) */		fdtox	%f18,%f18
+/* 0x0d1c	1102 (45 46) */		std	%f18,[%sp+2407]
+/* 0x0d20	1103 (46 49) */		fdtox	%f10,%f10
+/* 0x0d24	1104 (46 47) */		std	%f10,[%sp+2383]
+/* 0x0d28	1105 (46 49) */		fmuld	%f14,%f6,%f14
+/* 0x0d2c	1106 (47 50) */		fmuld	%f4,%f12,%f10
+/* 0x0d30	1107 (47 50) */		fdtox	%f20,%f18
+/* 0x0d34	1108 (47 48) */		std	%f18,[%sp+2391]
+/* 0x0d38	1109 (48 51) */		fdtox	%f8,%f8
+/* 0x0d3c	1110 (48 49) */		std	%f8,[%sp+2375]
+/* 0x0d40	1111 (48 51) */		fmuld	%f4,%f6,%f4
+/* 0x0d44	1112 (49 52) */		fdtox	%f14,%f14
+/* 0x0d48	1113 (49 50) */		std	%f14,[%sp+2367]
+/* 0x0d4c	1117 (50 53) */		ldd	[%o2+32],%f8
+/* 0x0d50	1118 (50 53) */		fdtox	%f10,%f10
+/* 0x0d54	1119 (51 54) */		fdtox	%f4,%f4
+/* 0x0d58	1120 (51 52) */		std	%f4,[%sp+2351]
+/* 0x0d5c	1121 (52 54) */		fxnor	%f0,%f8,%f8
+/* 0x0d60	1122 (52 55) */		ldd	[%o2+40],%f14
+/* 0x0d64	1123 (53 54) */		std	%f10,[%sp+2359]
+/* 0x0d68	1124 (54 57) */		fitod	%f8,%f4
+/* 0x0d6c	1125 (55 57) */		fxnor	%f0,%f14,%f10
+/* 0x0d70	1126 (56 59) */		fitod	%f9,%f8
+/* 0x0d74	1127 (57 60) */		fsubd	%f16,%f4,%f4
+/* 0x0d78	1128 (58 61) */		fitod	%f10,%f14
+/* 0x0d7c	1129 (59 62) */		fsubd	%f16,%f8,%f8
+/* 0x0d80	1130 (60 63) */		fmuld	%f4,%f12,%f18
+/* 0x0d84	1131 (60 63) */		fitod	%f11,%f10
+/* 0x0d88	1132 (61 64) */		fmuld	%f4,%f6,%f4
+/* 0x0d8c	1133 (61 64) */		fsubd	%f16,%f14,%f14
+/* 0x0d90	1134 (62 65) */		fmuld	%f8,%f12,%f20
+/* 0x0d94	1135 (63 66) */		fmuld	%f8,%f6,%f8
+/* 0x0d98	1136 (63 66) */		fsubd	%f16,%f10,%f10
+/* 0x0d9c	1137 (64 67) */		fdtox	%f4,%f4
+/* 0x0da0	1138 (64 65) */		std	%f4,[%sp+2335]
+/* 0x0da4	1139 (65 68) */		fmuld	%f14,%f12,%f4
+/* 0x0da8	1140 (65 68) */		fdtox	%f18,%f18
+/* 0x0dac	1141 (65 66) */		std	%f18,[%sp+2343]
+/* 0x0db0	1142 (66 69) */		fdtox	%f8,%f8
+/* 0x0db4	1143 (66 67) */		std	%f8,[%sp+2319]
+/* 0x0db8	1144 (66 69) */		fmuld	%f14,%f6,%f14
+/* 0x0dbc	1145 (67 70) */		fmuld	%f10,%f12,%f8
+/* 0x0dc0	1146 (67 70) */		fdtox	%f20,%f18
+/* 0x0dc4	1147 (67 68) */		std	%f18,[%sp+2327]
+/* 0x0dc8	1148 (68 71) */		fdtox	%f4,%f4
+/* 0x0dcc	1149 (68 69) */		std	%f4,[%sp+2311]
+/* 0x0dd0	1150 (68 71) */		fmuld	%f10,%f6,%f10
+/* 0x0dd4	1151 (69 72) */		fdtox	%f14,%f14
+/* 0x0dd8	1152 (69 70) */		std	%f14,[%sp+2303]
+/* 0x0ddc	1153 (70 73) */		ldd	[%o2+48],%f4
+/* 0x0de0	1154 (70 73) */		fdtox	%f8,%f8
+/* 0x0de4	1155 (71 74) */		fdtox	%f10,%f10
+/* 0x0de8	1156 (71 72) */		std	%f10,[%sp+2287]
+/* 0x0dec	1157 (72 74) */		fxnor	%f0,%f4,%f4
+/* 0x0df0	1158 (72 75) */		ldd	[%o2+56],%f14
+/* 0x0df4	1159 (73 74) */		std	%f8,[%sp+2295]
+/* 0x0df8	1160 (74 77) */		fitod	%f4,%f10
+/* 0x0dfc	1161 (75 78) */		fitod	%f5,%f4
+/* 0x0e00	1162 (76 78) */		fxnor	%f0,%f14,%f8
+/* 0x0e04	1163 (77 80) */		fsubd	%f16,%f10,%f10
+/* 0x0e08	1164 (78 81) */		fsubd	%f16,%f4,%f4
+/* 0x0e0c	1165 (79 82) */		fitod	%f8,%f14
+/* 0x0e10	1166 (80 83) */		fmuld	%f10,%f12,%f18
+/* 0x0e14	1167 (80 83) */		fitod	%f9,%f8
+/* 0x0e18	1168 (81 84) */		fmuld	%f10,%f6,%f10
+/* 0x0e1c	1169 (82 85) */		fmuld	%f4,%f12,%f20
+/* 0x0e20	1170 (82 85) */		fsubd	%f16,%f14,%f14
+/* 0x0e24	1171 (83 86) */		fdtox	%f18,%f18
+/* 0x0e28	1172 (83 84) */		std	%f18,[%sp+2279]
+/* 0x0e2c	1173 (83 86) */		fmuld	%f4,%f6,%f4
+/* 0x0e30	1174 (84 87) */		fdtox	%f10,%f10
+/* 0x0e34	1175 (84 85) */		std	%f10,[%sp+2271]
+/* 0x0e38	1176 (85 88) */		fdtox	%f20,%f10
+/* 0x0e3c	1177 (85 86) */		std	%f10,[%sp+2263]
+/* 0x0e40	1178 (86 89) */		fdtox	%f4,%f4
+/* 0x0e44	1179 (86 87) */		std	%f4,[%sp+2255]
+/* 0x0e48	1180 (86 89) */		fmuld	%f14,%f12,%f10
+/* 0x0e4c	1181 (87 90) */		fmuld	%f14,%f6,%f4
+/* 0x0e50	1182 (89 92) */		fdtox	%f10,%f10
+/* 0x0e54	1183 (89 90) */		std	%f10,[%sp+2247]
+/* 0x0e58	1184 (90 93) */		fdtox	%f4,%f4
+/* 0x0e5c	1185 (90 91) */		std	%f4,[%sp+2239]
+/* 0x0e60	1189 (91 93) */		ldx	[%sp+2463],%g2
+/* 0x0e64	1190 (91 94) */		fsubd	%f16,%f8,%f4
+/* 0x0e68	1191 (92 94) */		ldx	[%sp+2471],%g3
+/* 0x0e6c	1192 (93 96) */		ld	[%i1],%g4
+/* 0x0e70	1193 (93 94) */		sllx	%g2,19,%g2
+/* 0x0e74	1194 (94 96) */		ldx	[%sp+2455],%g5
+/* 0x0e78	1195 (94 95) */		add	%g3,%g2,%g2
+/* 0x0e7c	1196 (94 97) */		fmuld	%f4,%f6,%f6
+/* 0x0e80	1197 (95 97) */		ldx	[%sp+2447],%g3
+/* 0x0e84	1198 (95 96) */		add	%g2,%g4,%g4
+/* 0x0e88	1199 (95 98) */		fmuld	%f4,%f12,%f4
+/* 0x0e8c	1200 (96 97) */		st	%g4,[%i0]
+/* 0x0e90	1201 (96 97) */		srlx	%g4,32,%g4
+/* 0x0e94	1202 (97 100) */		ld	[%i1+8],%o0
+/* 0x0e98	1203 (97 98) */		sllx	%g3,19,%g2
+/* 0x0e9c	1204 (97 100) */		fdtox	%f6,%f6
+/* 0x0ea0	1205 (98 101) */		ld	[%i1+4],%g3
+/* 0x0ea4	1206 (98 99) */		add	%g5,%g2,%g2
+/* 0x0ea8	1207 (98 101) */		fdtox	%f4,%f4
+/* 0x0eac	1208 (99 101) */		ldx	[%sp+2439],%g5
+/* 0x0eb0	1209 (100 103) */		ld	[%i1+12],%o1
+/* 0x0eb4	1210 (100 101) */		add	%g2,%g3,%g2
+/* 0x0eb8	1211 (101 103) */		ldx	[%sp+2431],%g3
+/* 0x0ebc	1212 (101 102) */		add	%g2,%g4,%g4
+/* 0x0ec0	1213 (102 103) */		st	%g4,[%i0+4]
+/* 0x0ec4	1214 (103 104) */		std	%f6,[%sp+2223]
+/* 0x0ec8	1215 (103 104) */		sllx	%g3,19,%g2
+/* 0x0ecc	1216 (104 106) */		ldx	[%sp+2423],%g3
+/* 0x0ed0	1217 (104 105) */		add	%g5,%g2,%g2
+/* 0x0ed4	1218 (105 107) */		ldx	[%sp+2415],%g5
+/* 0x0ed8	1219 (105 106) */		add	%g2,%o0,%g2
+/* 0x0edc	1220 (106 107) */		std	%f4,[%sp+2231]
+/* 0x0ee0	1221 (106 107) */		srlx	%g4,32,%o0
+/* 0x0ee4	1222 (107 109) */		ldx	[%sp+2407],%g4
+/* 0x0ee8	1223 (107 108) */		sllx	%g5,19,%g5
+/* 0x0eec	1224 (107 108) */		add	%g2,%o0,%g2
+/* 0x0ef0	1225 (108 109) */		st	%g2,[%i0+8]
+/* 0x0ef4	1226 (108 109) */		srlx	%g2,32,%o0
+/* 0x0ef8	1227 (108 109) */		add	%g3,%g5,%g3
+/* 0x0efc	1228 (109 111) */		ldx	[%sp+2399],%g5
+/* 0x0f00	1229 (109 110) */		add	%g3,%o1,%g3
+/* 0x0f04	1230 (110 113) */		ld	[%i1+16],%o1
+/* 0x0f08	1231 (110 111) */		add	%g3,%o0,%g3
+/* 0x0f0c	1232 (111 112) */		st	%g3,[%i0+12]
+/* 0x0f10	1233 (111 112) */		sllx	%g5,19,%g5
+/* 0x0f14	1234 (112 113) */		srlx	%g3,32,%o0
+/* 0x0f18	1235 (112 113) */		add	%g4,%g5,%g2
+/* 0x0f1c	1236 (112 114) */		ldx	[%sp+2383],%g5
+/* 0x0f20	1237 (113 115) */		ldx	[%sp+2391],%g4
+/* 0x0f24	1238 (113 114) */		add	%g2,%o1,%g2
+/* 0x0f28	1239 (114 117) */		ld	[%i1+20],%o1
+/* 0x0f2c	1240 (114 115) */		sllx	%g5,19,%g5
+/* 0x0f30	1241 (114 115) */		add	%g2,%o0,%g2
+/* 0x0f34	1242 (115 116) */		st	%g2,[%i0+16]
+/* 0x0f38	1243 (115 116) */		srlx	%g2,32,%o0
+/* 0x0f3c	1244 (115 116) */		add	%g4,%g5,%g3
+/* 0x0f40	1245 (116 118) */		ldx	[%sp+2367],%g5
+/* 0x0f44	1246 (116 117) */		add	%g3,%o1,%g3
+/* 0x0f48	1247 (117 119) */		ldx	[%sp+2375],%g4
+/* 0x0f4c	1248 (117 118) */		add	%g3,%o0,%g3
+/* 0x0f50	1249 (118 121) */		ld	[%i1+24],%o1
+/* 0x0f54	1250 (118 119) */		sllx	%g5,19,%g5
+/* 0x0f58	1251 (119 120) */		st	%g3,[%i0+20]
+/* 0x0f5c	1252 (119 120) */		add	%g4,%g5,%g2
+/* 0x0f60	1253 (120 122) */		ldx	[%sp+2351],%g5
+/* 0x0f64	1254 (120 121) */		srlx	%g3,32,%o0
+/* 0x0f68	1255 (120 121) */		add	%g2,%o1,%g2
+/* 0x0f6c	1256 (121 123) */		ldx	[%sp+2359],%g4
+/* 0x0f70	1257 (121 122) */		add	%g2,%o0,%g2
+/* 0x0f74	1258 (122 125) */		ld	[%i1+28],%o1
+/* 0x0f78	1259 (122 123) */		sllx	%g5,19,%g5
+/* 0x0f7c	1260 (123 124) */		st	%g2,[%i0+24]
+/* 0x0f80	1261 (123 124) */		add	%g4,%g5,%g3
+/* 0x0f84	1265 (124 126) */		ldx	[%sp+2335],%g5
+/* 0x0f88	1266 (124 125) */		srlx	%g2,32,%o0
+/* 0x0f8c	1267 (124 125) */		add	%g3,%o1,%g3
+/* 0x0f90	1268 (125 127) */		ldx	[%sp+2343],%g4
+/* 0x0f94	1269 (125 126) */		add	%g3,%o0,%g3
+/* 0x0f98	1270 (126 127) */		sllx	%g5,19,%g5
+/* 0x0f9c	1271 (126 129) */		ld	[%i1+32],%o1
+/* 0x0fa0	1272 (127 128) */		add	%g4,%g5,%g2
+/* 0x0fa4	1273 (127 129) */		ldx	[%sp+2319],%g5
+/* 0x0fa8	1274 (128 130) */		ldx	[%sp+2327],%g4
+/* 0x0fac	1275 (128 129) */		srlx	%g3,32,%o0
+/* 0x0fb0	1276 (128 129) */		add	%g2,%o1,%g2
+/* 0x0fb4	1277 (129 130) */		st	%g3,[%i0+28]
+/* 0x0fb8	1278 (129 130) */		sllx	%g5,19,%g5
+/* 0x0fbc	1279 (129 130) */		add	%g2,%o0,%g2
+/* 0x0fc0	1280 (130 133) */		ld	[%i1+36],%o1
+/* 0x0fc4	1281 (130 131) */		add	%g4,%g5,%g3
+/* 0x0fc8	1282 (131 133) */		ldx	[%sp+2303],%g5
+/* 0x0fcc	1283 (131 132) */		srlx	%g2,32,%o0
+/* 0x0fd0	1284 (132 134) */		ldx	[%sp+2311],%g4
+/* 0x0fd4	1285 (132 133) */		add	%g3,%o1,%g3
+/* 0x0fd8	1286 (133 134) */		sllx	%g5,19,%g5
+/* 0x0fdc	1287 (133 134) */		st	%g2,[%i0+32]
+/* 0x0fe0	1288 (133 134) */		add	%g3,%o0,%g3
+/* 0x0fe4	1289 (134 135) */		add	%g4,%g5,%g2
+/* 0x0fe8	1290 (134 136) */		ldx	[%sp+2287],%g5
+/* 0x0fec	1291 (135 137) */		ldx	[%sp+2295],%g4
+/* 0x0ff0	1292 (135 136) */		srlx	%g3,32,%o0
+/* 0x0ff4	1293 (136 139) */		ld	[%i1+40],%o1
+/* 0x0ff8	1294 (136 137) */		sllx	%g5,19,%g5
+/* 0x0ffc	1295 (137 138) */		st	%g3,[%i0+36]
+/* 0x1000	1296 (137 138) */		add	%g4,%g5,%g3
+/* 0x1004	1297 (138 140) */		ldx	[%sp+2271],%g5
+/* 0x1008	1298 (138 139) */		add	%g2,%o1,%g2
+/* 0x100c	1299 (139 141) */		ldx	[%sp+2279],%g4
+/* 0x1010	1300 (139 140) */		add	%g2,%o0,%g2
+/* 0x1014	1301 (140 143) */		ld	[%i1+44],%o1
+/* 0x1018	1302 (140 141) */		sllx	%g5,19,%g5
+/* 0x101c	1303 (141 142) */		st	%g2,[%i0+40]
+/* 0x1020	1304 (141 142) */		srlx	%g2,32,%o0
+/* 0x1024	1305 (141 142) */		add	%g4,%g5,%g2
+/* 0x1028	1306 (142 144) */		ldx	[%sp+2255],%g5
+/* 0x102c	1307 (142 143) */		add	%g3,%o1,%g3
+/* 0x1030	1308 (143 145) */		ldx	[%sp+2263],%g4
+/* 0x1034	1309 (143 144) */		add	%g3,%o0,%g3
+/* 0x1038	1310 (144 147) */		ld	[%i1+48],%o1
+/* 0x103c	1311 (144 145) */		sllx	%g5,19,%g5
+/* 0x1040	1312 (145 146) */		srlx	%g3,32,%o0
+/* 0x1044	1313 (145 146) */		st	%g3,[%i0+44]
+/* 0x1048	1314 (145 146) */		add	%g4,%g5,%g3
+/* 0x104c	1315 (146 148) */		ldx	[%sp+2239],%g5
+/* 0x1050	1316 (146 147) */		add	%g2,%o1,%g2
+/* 0x1054	1317 (147 150) */		ld	[%i1+52],%o1
+/* 0x1058	1318 (147 148) */		add	%g2,%o0,%g2
+/* 0x105c	1319 (148 150) */		ldx	[%sp+2247],%g4
+/* 0x1060	1320 (148 149) */		sllx	%g5,19,%g5
+/* 0x1064	1321 (149 150) */		srlx	%g2,32,%o0
+/* 0x1068	1322 (149 150) */		st	%g2,[%i0+48]
+/* 0x106c	1323 (149 150) */		add	%g3,%o1,%g3
+/* 0x1070	1324 (150 153) */		ld	[%i1+56],%o1
+/* 0x1074	1325 (150 151) */		add	%g4,%g5,%g2
+/* 0x1078	1326 (150 151) */		add	%g3,%o0,%g3
+/* 0x107c	1327 (151 153) */		ldx	[%sp+2223],%g5
+/* 0x1080	1328 (151 152) */		srlx	%g3,32,%o0
+/* 0x1084	1329 (152 154) */		ldx	[%sp+2231],%g4
+/* 0x1088	1330 (152 153) */		add	%g2,%o1,%g2
+/* 0x108c	1331 (153 154) */		sllx	%g5,19,%g5
+/* 0x1090	1332 (153 156) */		ld	[%i1+60],%o1
+/* 0x1094	1333 (153 154) */		add	%g2,%o0,%g2
+/* 0x1098	1334 (154 155) */		st	%g3,[%i0+52]
+/* 0x109c	1335 (154 155) */		add	%g4,%g5,%g3
+/* 0x10a0	1336 (155 156) */		st	%g2,[%i0+56]
+/* 0x10a4	1337 (155 156) */		srlx	%g2,32,%g2
+/* 0x10a8	1338 (155 156) */		add	%g3,%o1,%g3
+/* 0x10ac	1339 (156 157) */		add	%g3,%g2,%g2
+/* 0x10b0	1340 (156 157) */		st	%g2,[%i0+60]
+/* 0x10b4	1344 (157 158) */		srlx	%g2,32,%o3
+/* 0x10b8	1345 (158 159) */		srl	%o3,0,%i0
+/* 0x10bc	     (159 161) */		ret	! Result =  %o1 %o0 %f0 %f1
+/* 0x10c0	     (161 162) */		restore	%g0,%g0,%g0
+
+!
+! ENTRY .L77000073
+!
+
+                                   .L77000073:		/* frequency 1.0 confidence 0.0 */
+
+
+	or	%g0, %i4, %o2
+	or	%g0, %o0, %o1
+	or	%g0, %i3, %o0
+
+!
+! ENTRY .L77000052
+!
+
+                                   .L77000052:		/* frequency 1.0 confidence 0.0 */
+/* 0x1028	1318 ( 0  1) */		andn	%o2,%g2,%g2
+/* 0x102c	1319 ( 0  1) */		st	%g2,[%sp+2227]
+/* 0x1030	1325 ( 0  1) */		add	%o0,1,%g3
+/* 0x1034	1326 ( 0  1) */		fmovd	%f0,%f14
+/* 0x1038	1327 ( 1  2) */		srl	%o2,19,%g2
+/* 0x103c	1328 ( 1  2) */		st	%g2,[%sp+2223]
+/* 0x1040	1329 ( 1  2) */		or	%g0,0,%o5
+/* 0x1044	1330 ( 2  3) */		srl	%g3,31,%g2
+/* 0x1048	1331 ( 2  5) */		ldd	[%o1],%f6
+/* 0x104c	1335 ( 2  3) */		sethi	%hi(0x1000),%g1
+/* 0x1050	1336 ( 3  4) */		add	%g3,%g2,%g2
+/* 0x1054	1337 ( 3  4) */		xor	%g1,-625,%g1
+/* 0x1058	1338 ( 3  6) */		ldd	[%o1+8],%f20
+/* 0x105c	1339 ( 4  5) */		sra	%g2,1,%o3
+/* 0x1060	1340 ( 4  5) */		fmovs	%f6,%f8
+/* 0x1064	1341 ( 4  5) */		add	%g1,%fp,%g3
+/* 0x1068	1342 ( 5  6) */		fmovs	%f6,%f10
+/* 0x106c	1343 ( 5  7) */		ld	[%sp+2227],%f9
+/* 0x1070	1344 ( 5  6) */		subcc	%o3,0,%g0
+/* 0x1074	1345 ( 6  8) */		ld	[%sp+2223],%f11
+/* 0x1078	1346 ( 6  7) */		sethi	%hi(0x1000),%g1
+/* 0x107c	1347 ( 6  7) */		or	%g0,%i2,%o1
+/* 0x1080	1348 ( 7 10) */		fsubd	%f8,%f6,%f18
+/* 0x1084	1349 ( 7  8) */		xor	%g1,-617,%g1
+/* 0x1088	1350 ( 7  8) */		or	%g0,0,%g4
+/* 0x108c	1351 ( 8 11) */		fsubd	%f10,%f6,%f16
+/* 0x1090	1352 ( 8  9) */		bleu,pt	%icc,.L990000162	! tprob=0.50
+/* 0x1094	     ( 8  9) */		subcc	%o0,0,%g0
+/* 0x1098	1354 ( 9 10) */		add	%g1,%fp,%g2
+/* 0x109c	1355 ( 9 10) */		sethi	%hi(0x1000),%g1
+/* 0x10a0	1356 (10 11) */		xor	%g1,-609,%g1
+/* 0x10a4	1357 (10 11) */		subcc	%o3,7,%g0
+/* 0x10a8	1358 (11 12) */		add	%g1,%fp,%o7
+/* 0x10ac	1359 (11 12) */		sethi	%hi(0x1000),%g1
+/* 0x10b0	1360 (12 13) */		xor	%g1,-601,%g1
+/* 0x10b4	1361 (13 14) */		add	%g1,%fp,%o4
+/* 0x10b8	1362 (13 14) */		bl,pn	%icc,.L77000054	! tprob=0.50
+/* 0x10bc	     (13 14) */		sub	%o3,2,%o2
+/* 0x10c0	1364 (14 17) */		ldd	[%o1],%f2
+/* 0x10c4	1365 (14 15) */		add	%o1,16,%g5
+/* 0x10c8	1366 (14 15) */		or	%g0,4,%g4
+/* 0x10cc	1367 (15 18) */		ldd	[%o1+8],%f0
+/* 0x10d0	1368 (15 16) */		add	%o1,8,%o1
+/* 0x10d4	1369 (16 18) */		fxnor	%f14,%f2,%f6
+/* 0x10d8	1370 (16 19) */		ldd	[%g5],%f4
+/* 0x10dc	1371 (16 17) */		add	%o1,16,%o1
+/* 0x10e0	1372 (17 19) */		fxnor	%f14,%f0,%f12
+/* 0x10e4	1373 (17 20) */		ldd	[%o1],%f0
+/* 0x10e8	1374 (17 18) */		add	%o1,8,%o1
+/* 0x10ec	1375 (18 21) */		fitod	%f7,%f2
+/* 0x10f0	1376 (19 22) */		fitod	%f6,%f6
+/* 0x10f4	1377 (20 22) */		fxnor	%f14,%f4,%f10
+/* 0x10f8	1378 (21 24) */		fsubd	%f20,%f2,%f2
+/* 0x10fc	1379 (22 24) */		fxnor	%f14,%f0,%f8
+/* 0x1100	1380 (23 26) */		fitod	%f13,%f4
+/* 0x1104	1381 (24 27) */		fsubd	%f20,%f6,%f6
+/* 0x1108	1382 (24 27) */		fmuld	%f2,%f16,%f0
+
+!
+! ENTRY .L990000154
+!
+
+                                   .L990000154:		/* frequency 1.0 confidence 0.0 */
+/* 0x110c	1384 ( 0  3) */		ldd	[%o1],%f24
+/* 0x1110	1385 ( 0  1) */		add	%g4,3,%g4
+/* 0x1114	1386 ( 0  1) */		add	%o4,96,%o4
+/* 0x1118	1387 ( 1  4) */		fitod	%f11,%f22
+/* 0x111c	1388 ( 2  5) */		fsubd	%f20,%f4,%f26
+/* 0x1120	1389 ( 2  3) */		subcc	%g4,%o2,%g0
+/* 0x1124	1390 ( 2  3) */		add	%o7,96,%o7
+/* 0x1128	1391 ( 2  5) */		fmuld	%f6,%f18,%f28
+/* 0x112c	1392 ( 3  6) */		fmuld	%f6,%f16,%f6
+/* 0x1130	1393 ( 3  4) */		add	%g2,96,%g2
+/* 0x1134	1394 ( 3  4) */		add	%g3,96,%g3
+/* 0x1138	1395 ( 4  7) */		fdtox	%f0,%f0
+/* 0x113c	1396 ( 5  8) */		fitod	%f12,%f4
+/* 0x1140	1397 ( 5  8) */		fmuld	%f2,%f18,%f2
+/* 0x1144	1398 ( 6  9) */		fdtox	%f28,%f12
+/* 0x1148	1399 ( 7 10) */		fdtox	%f6,%f6
+/* 0x114c	1400 ( 7  8) */		std	%f12,[%g3-96]
+/* 0x1150	1401 ( 8  9) */		std	%f6,[%g2-96]
+/* 0x1154	1402 ( 8 11) */		fdtox	%f2,%f2
+/* 0x1158	1403 ( 9 12) */		fsubd	%f20,%f4,%f6
+/* 0x115c	1404 ( 9 10) */		std	%f2,[%o7-96]
+/* 0x1160	1405 ( 9 10) */		add	%o1,8,%o1
+/* 0x1164	1406 (10 12) */		fxnor	%f14,%f24,%f12
+/* 0x1168	1407 (10 13) */		fmuld	%f26,%f16,%f4
+/* 0x116c	1408 (10 11) */		std	%f0,[%o4-96]
+/* 0x1170	1409 (11 14) */		ldd	[%o1],%f0
+/* 0x1174	1410 (11 14) */		fitod	%f9,%f2
+/* 0x1178	1411 (12 15) */		fsubd	%f20,%f22,%f28
+/* 0x117c	1412 (12 15) */		fmuld	%f6,%f18,%f24
+/* 0x1180	1413 (13 16) */		fmuld	%f6,%f16,%f22
+/* 0x1184	1414 (13 16) */		fdtox	%f4,%f4
+/* 0x1188	1415 (14 17) */		fitod	%f10,%f6
+/* 0x118c	1416 (14 17) */		fmuld	%f26,%f18,%f10
+/* 0x1190	1417 (15 18) */		fdtox	%f24,%f24
+/* 0x1194	1418 (16 19) */		fdtox	%f22,%f22
+/* 0x1198	1419 (16 17) */		std	%f24,[%g3-64]
+/* 0x119c	1420 (17 18) */		std	%f22,[%g2-64]
+/* 0x11a0	1421 (17 20) */		fdtox	%f10,%f10
+/* 0x11a4	1422 (18 21) */		fsubd	%f20,%f6,%f6
+/* 0x11a8	1423 (18 19) */		std	%f10,[%o7-64]
+/* 0x11ac	1424 (18 19) */		add	%o1,8,%o1
+/* 0x11b0	1425 (19 21) */		fxnor	%f14,%f0,%f10
+/* 0x11b4	1426 (19 22) */		fmuld	%f28,%f16,%f0
+/* 0x11b8	1427 (19 20) */		std	%f4,[%o4-64]
+/* 0x11bc	1428 (20 23) */		ldd	[%o1],%f22
+/* 0x11c0	1429 (20 23) */		fitod	%f13,%f4
+/* 0x11c4	1430 (21 24) */		fsubd	%f20,%f2,%f2
+/* 0x11c8	1431 (21 24) */		fmuld	%f6,%f18,%f26
+/* 0x11cc	1432 (22 25) */		fmuld	%f6,%f16,%f24
+/* 0x11d0	1433 (22 25) */		fdtox	%f0,%f0
+/* 0x11d4	1434 (23 26) */		fitod	%f8,%f6
+/* 0x11d8	1435 (23 26) */		fmuld	%f28,%f18,%f8
+/* 0x11dc	1436 (24 27) */		fdtox	%f26,%f26
+/* 0x11e0	1437 (25 28) */		fdtox	%f24,%f24
+/* 0x11e4	1438 (25 26) */		std	%f26,[%g3-32]
+/* 0x11e8	1439 (26 27) */		std	%f24,[%g2-32]
+/* 0x11ec	1440 (26 29) */		fdtox	%f8,%f8
+/* 0x11f0	1441 (27 30) */		fsubd	%f20,%f6,%f6
+/* 0x11f4	1442 (27 28) */		std	%f8,[%o7-32]
+/* 0x11f8	1443 (27 28) */		add	%o1,8,%o1
+/* 0x11fc	1444 (28 30) */		fxnor	%f14,%f22,%f8
+/* 0x1200	1445 (28 29) */		std	%f0,[%o4-32]
+/* 0x1204	1446 (28 29) */		bcs,pt	%icc,.L990000154	! tprob=0.50
+/* 0x1208	     (28 31) */		fmuld	%f2,%f16,%f0
+
+!
+! ENTRY .L990000157
+!
+
+                                   .L990000157:		/* frequency 1.0 confidence 0.0 */
+/* 0x120c	1449 ( 0  3) */		fitod	%f12,%f28
+/* 0x1210	1450 ( 0  3) */		fmuld	%f6,%f18,%f24
+/* 0x1214	1451 ( 0  1) */		add	%g3,128,%g3
+/* 0x1218	1452 ( 1  4) */		fitod	%f10,%f12
+/* 0x121c	1453 ( 1  4) */		fmuld	%f6,%f16,%f26
+/* 0x1220	1454 ( 1  2) */		add	%g2,128,%g2
+/* 0x1224	1455 ( 2  5) */		fsubd	%f20,%f4,%f4
+/* 0x1228	1456 ( 2  5) */		fmuld	%f2,%f18,%f22
+/* 0x122c	1457 ( 2  3) */		add	%o7,128,%o7
+/* 0x1230	1458 ( 3  6) */		fdtox	%f24,%f6
+/* 0x1234	1459 ( 3  4) */		std	%f6,[%g3-128]
+/* 0x1238	1460 ( 3  4) */		add	%o4,128,%o4
+/* 0x123c	1461 ( 4  7) */		fsubd	%f20,%f28,%f2
+/* 0x1240	1462 ( 4  5) */		subcc	%g4,%o3,%g0
+/* 0x1244	1463 ( 5  8) */		fitod	%f11,%f6
+/* 0x1248	1464 ( 5  8) */		fmuld	%f4,%f18,%f24
+/* 0x124c	1465 ( 6  9) */		fdtox	%f26,%f10
+/* 0x1250	1466 ( 6  7) */		std	%f10,[%g2-128]
+/* 0x1254	1467 ( 7 10) */		fdtox	%f22,%f10
+/* 0x1258	1468 ( 7  8) */		std	%f10,[%o7-128]
+/* 0x125c	1469 ( 7 10) */		fmuld	%f2,%f18,%f26
+/* 0x1260	1470 ( 8 11) */		fsubd	%f20,%f12,%f10
+/* 0x1264	1471 ( 8 11) */		fmuld	%f2,%f16,%f2
+/* 0x1268	1472 ( 9 12) */		fsubd	%f20,%f6,%f22
+/* 0x126c	1473 ( 9 12) */		fmuld	%f4,%f16,%f12
+/* 0x1270	1474 (10 13) */		fdtox	%f0,%f0
+/* 0x1274	1475 (10 11) */		std	%f0,[%o4-128]
+/* 0x1278	1476 (11 14) */		fitod	%f8,%f4
+/* 0x127c	1477 (11 14) */		fmuld	%f10,%f18,%f6
+/* 0x1280	1478 (12 15) */		fdtox	%f26,%f0
+/* 0x1284	1479 (12 13) */		std	%f0,[%g3-96]
+/* 0x1288	1480 (12 15) */		fmuld	%f10,%f16,%f10
+/* 0x128c	1481 (13 16) */		fdtox	%f2,%f2
+/* 0x1290	1482 (13 14) */		std	%f2,[%g2-96]
+/* 0x1294	1483 (14 17) */		fitod	%f9,%f0
+/* 0x1298	1484 (14 17) */		fmuld	%f22,%f18,%f2
+/* 0x129c	1485 (15 18) */		fdtox	%f24,%f8
+/* 0x12a0	1486 (15 16) */		std	%f8,[%o7-96]
+/* 0x12a4	1487 (16 19) */		fsubd	%f20,%f4,%f4
+/* 0x12a8	1488 (16 19) */		fmuld	%f22,%f16,%f8
+/* 0x12ac	1489 (17 20) */		fdtox	%f12,%f12
+/* 0x12b0	1490 (17 18) */		std	%f12,[%o4-96]
+/* 0x12b4	1491 (18 21) */		fsubd	%f20,%f0,%f0
+/* 0x12b8	1492 (19 22) */		fdtox	%f6,%f6
+/* 0x12bc	1493 (19 20) */		std	%f6,[%g3-64]
+/* 0x12c0	1494 (20 23) */		fdtox	%f10,%f10
+/* 0x12c4	1495 (20 21) */		std	%f10,[%g2-64]
+/* 0x12c8	1496 (20 23) */		fmuld	%f4,%f18,%f6
+/* 0x12cc	1497 (21 24) */		fdtox	%f2,%f2
+/* 0x12d0	1498 (21 22) */		std	%f2,[%o7-64]
+/* 0x12d4	1499 (21 24) */		fmuld	%f4,%f16,%f4
+/* 0x12d8	1500 (22 25) */		fmuld	%f0,%f18,%f2
+/* 0x12dc	1501 (22 25) */		fdtox	%f8,%f8
+/* 0x12e0	1502 (22 23) */		std	%f8,[%o4-64]
+/* 0x12e4	1503 (23 26) */		fdtox	%f6,%f6
+/* 0x12e8	1504 (23 24) */		std	%f6,[%g3-32]
+/* 0x12ec	1505 (23 26) */		fmuld	%f0,%f16,%f0
+/* 0x12f0	1506 (24 27) */		fdtox	%f4,%f4
+/* 0x12f4	1507 (24 25) */		std	%f4,[%g2-32]
+/* 0x12f8	1508 (25 28) */		fdtox	%f2,%f2
+/* 0x12fc	1509 (25 26) */		std	%f2,[%o7-32]
+/* 0x1300	1510 (26 29) */		fdtox	%f0,%f0
+/* 0x1304	1511 (26 27) */		bcc,pn	%icc,.L77000056	! tprob=0.50
+/* 0x1308	     (26 27) */		std	%f0,[%o4-32]
+
+!
+! ENTRY .L77000054
+!
+
+                                   .L77000054:		/* frequency 1.0 confidence 0.0 */
+/* 0x130c	1514 ( 0  3) */		ldd	[%o1],%f0
+
+!
+! ENTRY .L990000161
+!
+
+                                   .L990000161:		/* frequency 1.0 confidence 0.0 */
+/* 0x1310	1516 ( 0  2) */		fxnor	%f14,%f0,%f0
+/* 0x1314	1517 ( 0  1) */		add	%g4,1,%g4
+/* 0x1318	1518 ( 0  1) */		add	%o1,8,%o1
+/* 0x131c	1519 ( 1  2) */		subcc	%g4,%o3,%g0
+/* 0x1320	1520 ( 2  5) */		fitod	%f0,%f2
+/* 0x1324	1521 ( 3  6) */		fitod	%f1,%f0
+/* 0x1328	1522 ( 5  8) */		fsubd	%f20,%f2,%f2
+/* 0x132c	1523 ( 6  9) */		fsubd	%f20,%f0,%f0
+/* 0x1330	1524 ( 8 11) */		fmuld	%f2,%f18,%f6
+/* 0x1334	1525 ( 9 12) */		fmuld	%f2,%f16,%f4
+/* 0x1338	1526 (10 13) */		fmuld	%f0,%f18,%f2
+/* 0x133c	1527 (11 14) */		fdtox	%f6,%f6
+/* 0x1340	1528 (11 12) */		std	%f6,[%g3]
+/* 0x1344	1529 (11 14) */		fmuld	%f0,%f16,%f0
+/* 0x1348	1530 (12 15) */		fdtox	%f4,%f4
+/* 0x134c	1531 (12 13) */		std	%f4,[%g2]
+/* 0x1350	1532 (12 13) */		add	%g2,32,%g2
+/* 0x1354	1533 (13 16) */		fdtox	%f2,%f2
+/* 0x1358	1534 (13 14) */		std	%f2,[%o7]
+/* 0x135c	1535 (13 14) */		add	%o7,32,%o7
+/* 0x1360	1536 (14 17) */		fdtox	%f0,%f0
+/* 0x1364	1537 (14 15) */		std	%f0,[%o4]
+/* 0x1368	1538 (14 15) */		add	%o4,32,%o4
+/* 0x136c	1539 (15 16) */		add	%g3,32,%g3
+/* 0x1370	1540 (15 16) */		bcs,a,pt	%icc,.L990000161	! tprob=0.50
+/* 0x1374	     (16 19) */		ldd	[%o1],%f0
+
+!
+! ENTRY .L77000056
+!
+
+                                   .L77000056:		/* frequency 1.0 confidence 0.0 */
+/* 0x1378	1548 ( 0  1) */		subcc	%o0,0,%g0
+
+!
+! ENTRY .L990000162
+!
+
+                                   .L990000162:		/* frequency 1.0 confidence 0.0 */
+/* 0x137c	1550 ( 0  1) */		bleu,pt	%icc,.L77770061	! tprob=0.50
+/* 0x1380	     ( 0  1) */		nop
+/* 0x1384	1555 ( 0  1) */		sethi	%hi(0x1000),%g1
+/* 0x1388	1556 ( 1  2) */		xor	%g1,-625,%g1
+/* 0x138c	1557 ( 1  2) */		or	%g0,%i1,%g4
+/* 0x1390	1558 ( 2  3) */		add	%g1,%fp,%g5
+/* 0x1394	1559 ( 2  3) */		sethi	%hi(0x1000),%g1
+/* 0x1398	1560 ( 3  4) */		xor	%g1,-617,%g1
+/* 0x139c	1561 ( 3  4) */		or	%g0,%o0,%o7
+/* 0x13a0	1562 ( 4  5) */		add	%g1,%fp,%g2
+/* 0x13a4	1563 ( 4  5) */		or	%g0,0,%i2
+/* 0x13a8	1564 ( 5  6) */		or	%g0,%i0,%g3
+/* 0x13ac	1565 ( 5  6) */		subcc	%o0,6,%g0
+/* 0x13b0	1566 ( 5  6) */		bl,pn	%icc,.L77000058	! tprob=0.50
+/* 0x13b4	     ( 6  7) */		sethi	%hi(0x1000),%g1
+/* 0x13b8	1568 ( 6  8) */		ld	[%g4],%o2
+/* 0x13bc	1569 ( 6  7) */		add	%g3,4,%g3
+/* 0x13c0	1570 ( 7  8) */		xor	%g1,-585,%g1
+/* 0x13c4	1571 ( 7  8) */		sub	%o7,3,%o4
+/* 0x13c8	1572 ( 8  9) */		add	%g1,%fp,%g2
+/* 0x13cc	1573 ( 8  9) */		sethi	%hi(0x1000),%g1
+/* 0x13d0	1574 ( 9 10) */		xor	%g1,-593,%g1
+/* 0x13d4	1575 ( 9 10) */		or	%g0,2,%i2
+/* 0x13d8	1576 (10 11) */		add	%g1,%fp,%g5
+/* 0x13dc	1577 (10 11) */		sethi	%hi(0x1000),%g1
+/* 0x13e0	1578 (11 12) */		xor	%g1,-617,%g1
+/* 0x13e4	1579 (12 13) */		add	%g1,%fp,%g1
+/* 0x13e8	1580 (13 15) */		ldx	[%g1],%o1
+/* 0x13ec	1581 (14 16) */		ldx	[%g1-8],%o0
+/* 0x13f0	1582 (15 16) */		sllx	%o1,19,%o1
+/* 0x13f4	1583 (15 17) */		ldx	[%g1+16],%o3
+/* 0x13f8	1584 (16 17) */		add	%o0,%o1,%o0
+/* 0x13fc	1585 (16 18) */		ld	[%g4+4],%o1
+/* 0x1400	1586 (16 17) */		add	%g4,8,%g4
+/* 0x1404	1587 (17 18) */		sllx	%o3,19,%o3
+/* 0x1408	1588 (17 18) */		add	%o0,%o2,%o0
+/* 0x140c	1589 (17 19) */		ldx	[%g1+8],%o2
+/* 0x1410	1590 (18 19) */		st	%o0,[%g3-4]
+/* 0x1414	1591 (18 19) */		srlx	%o0,32,%o0
+
+!
+! ENTRY .L990000142
+!
+
+                                   .L990000142:		/* frequency 1.0 confidence 0.0 */
+/* 0x1418	1593 ( 0  1) */		add	%o2,%o3,%o2
+/* 0x141c	1594 ( 0  1) */		add	%i2,4,%i2
+/* 0x1420	1595 ( 0  2) */		ld	[%g4],%o3
+/* 0x1424	1596 ( 1  2) */		srl	%o0,0,%o5
+/* 0x1428	1597 ( 1  2) */		add	%o2,%o1,%o1
+/* 0x142c	1598 ( 1  3) */		ldx	[%g2],%o0
+/* 0x1430	1599 ( 3  4) */		sllx	%o0,19,%o2
+/* 0x1434	1600 ( 3  5) */		ldx	[%g5],%o0
+/* 0x1438	1601 ( 3  4) */		add	%o1,%o5,%o1
+/* 0x143c	1602 ( 4  5) */		st	%o1,[%g3]
+/* 0x1440	1603 ( 4  5) */		srlx	%o1,32,%o5
+/* 0x1444	1604 ( 4  5) */		subcc	%i2,%o4,%g0
+/* 0x1448	1605 ( 5  7) */		ldx	[%g2+16],%o1
+/* 0x144c	1606 ( 5  6) */		add	%o0,%o2,%o0
+/* 0x1450	1607 ( 5  6) */		add	%g3,16,%g3
+/* 0x1454	1608 ( 6  8) */		ld	[%g4+4],%o2
+/* 0x1458	1609 ( 6  7) */		add	%o0,%o3,%o0
+/* 0x145c	1610 ( 7  8) */		sllx	%o1,19,%o3
+/* 0x1460	1611 ( 7  9) */		ldx	[%g5+16],%o1
+/* 0x1464	1612 ( 7  8) */		add	%o0,%o5,%o0
+/* 0x1468	1613 ( 8  9) */		st	%o0,[%g3-12]
+/* 0x146c	1614 ( 8  9) */		srlx	%o0,32,%o5
+/* 0x1470	1615 ( 8  9) */		add	%g4,16,%g4
+/* 0x1474	1616 ( 9 11) */		ldx	[%g2+32],%o0
+/* 0x1478	1617 ( 9 10) */		add	%o1,%o3,%o1
+/* 0x147c	1618 ( 9 10) */		add	%g2,64,%g2
+/* 0x1480	1619 (10 12) */		ld	[%g4-8],%o3
+/* 0x1484	1620 (10 11) */		add	%o1,%o2,%o2
+/* 0x1488	1621 (11 12) */		sllx	%o0,19,%o1
+/* 0x148c	1622 (11 13) */		ldx	[%g5+32],%o0
+/* 0x1490	1623 (11 12) */		add	%o2,%o5,%o2
+/* 0x1494	1624 (12 13) */		st	%o2,[%g3-8]
+/* 0x1498	1625 (12 13) */		srlx	%o2,32,%o5
+/* 0x149c	1626 (12 13) */		add	%g5,64,%g5
+/* 0x14a0	1627 (13 15) */		ldx	[%g2-16],%o2
+/* 0x14a4	1628 (13 14) */		add	%o0,%o1,%o0
+/* 0x14a8	1629 (14 16) */		ld	[%g4-4],%o1
+/* 0x14ac	1630 (14 15) */		add	%o0,%o3,%o0
+/* 0x14b0	1631 (15 16) */		sllx	%o2,19,%o3
+/* 0x14b4	1632 (15 17) */		ldx	[%g5-16],%o2
+/* 0x14b8	1633 (15 16) */		add	%o0,%o5,%o0
+/* 0x14bc	1634 (16 17) */		st	%o0,[%g3-4]
+/* 0x14c0	1635 (16 17) */		bcs,pt	%icc,.L990000142	! tprob=0.50
+/* 0x14c4	     (16 17) */		srlx	%o0,32,%o0
+
+!
+! ENTRY .L990000145
+!
+
+                                   .L990000145:		/* frequency 1.0 confidence 0.0 */
+/* 0x14c8	1638 ( 0  1) */		add	%o2,%o3,%o3
+/* 0x14cc	1639 ( 0  1) */		add	%g3,4,%g3
+/* 0x14d0	1640 ( 1  2) */		srl	%o0,0,%o2
+/* 0x14d4	1641 ( 1  2) */		add	%o3,%o1,%o0
+/* 0x14d8	1642 ( 2  3) */		add	%o0,%o2,%o0
+/* 0x14dc	1643 ( 2  3) */		st	%o0,[%g3-4]
+/* 0x14e0	1644 ( 2  3) */		subcc	%i2,%o7,%g0
+/* 0x14e4	1645 ( 2  3) */		bcc,pn	%icc,.L77770061	! tprob=0.50
+/* 0x14e8	     ( 3  4) */		srlx	%o0,32,%o5
+
+!
+! ENTRY .L77000058
+!
+
+                                   .L77000058:		/* frequency 1.0 confidence 0.0 */
+/* 0x14ec	1648 ( 0  2) */		ldx	[%g2],%o2
+
+!
+! ENTRY .L990000160
+!
+
+                                   .L990000160:		/* frequency 1.0 confidence 0.0 */
+/* 0x14f0	1650 ( 0  1) */		sllx	%o2,19,%o3
+/* 0x14f4	1651 ( 0  2) */		ldx	[%g5],%o0
+/* 0x14f8	1652 ( 0  1) */		add	%i2,1,%i2
+/* 0x14fc	1653 ( 1  2) */		srl	%o5,0,%o1
+/* 0x1500	1654 ( 1  3) */		ld	[%g4],%o2
+/* 0x1504	1655 ( 1  2) */		add	%g2,16,%g2
+/* 0x1508	1656 ( 2  3) */		add	%o0,%o3,%o0
+/* 0x150c	1657 ( 2  3) */		add	%g5,16,%g5
+/* 0x1510	1658 ( 3  4) */		add	%o0,%o2,%o0
+/* 0x1514	1659 ( 3  4) */		add	%g4,4,%g4
+/* 0x1518	1660 ( 4  5) */		add	%o0,%o1,%o0
+/* 0x151c	1661 ( 4  5) */		st	%o0,[%g3]
+/* 0x1520	1662 ( 4  5) */		subcc	%i2,%o7,%g0
+/* 0x1524	1663 ( 5  6) */		srlx	%o0,32,%o5
+/* 0x1528	1664 ( 5  6) */		add	%g3,4,%g3
+/* 0x152c	1665 ( 5  6) */		bcs,a,pt	%icc,.L990000160	! tprob=0.50
+/* 0x1530	     ( 6  8) */		ldx	[%g2],%o2
+
+!
+! ENTRY .L77770061
+!
+
+                                   .L77770061:		/* frequency 1.0 confidence 0.0 */
+/* 0x1534	     ( 0  2) */		ret	! Result =  %o1 %o0 %f0 %f1
+/* 0x1538	     ( 2  3) */		restore	%g0,%o5,%o0
+
+
+/* 0x124c	1476 ( 0  0) */		.type	mul_add,2
+/* 0x124c	1477 ( 0  0) */		.size	mul_add,(.-mul_add)
+/* 0x124c	1480 ( 0  0) */		.align	8
+/* 0x1250	1486 ( 0  0) */		.global	mul_add_inp
+
+!
+! ENTRY mul_add_inp
+!
+
+                                   	.global mul_add_inp
+                                   mul_add_inp:		/* frequency 1.0 confidence 0.0 */
+/* 0x1250	1488 ( 0  1) */		save	%sp,-176,%sp
+/* 0x1254	1500 ( 1  2) */		sra	%i2,0,%o3
+/* 0x1258	1501 ( 1  2) */		or	%g0,%i1,%o2
+/* 0x125c	1502 ( 2  3) */		or	%g0,%i0,%o0
+/* 0x1260	1503 ( 2  3) */		or	%g0,%i0,%o1
+/* 0x1264	1504 ( 3  5) */		call	mul_add	! params = 	! Result = 
+/* 0x1268	     ( 4  5) */		srl	%i3,0,%o4
+/* 0x126c	1506 ( 5  6) */		srl	%o0,0,%i0
+/* 0x1270	     ( 6  8) */		ret	! Result =  %o1 %o0 %f0 %f1
+/* 0x1274	     ( 8  9) */		restore	%g0,%g0,%g0
+/* 0x1278	1509 ( 0  0) */		.type	mul_add_inp,2
+/* 0x1278	1510 ( 0  0) */		.size	mul_add_inp,(.-mul_add_inp)
+
+	.section	".data",#alloc,#write
+/* 0x1278	   6 ( 0  0) */		.align	8
+
+!
+! ENTRY mask_cnst
+!
+
+                                   mask_cnst:		/* frequency 1.0 confidence 0.0 */
+/* 0x1278	   8 ( 0  0) */		.xword	-9223372034707292160
+/* 0x1280	   9 ( 0  0) */		.type	mask_cnst,#object
+/* 0x1280	  10 ( 0  0) */		.size	mask_cnst,8
+
diff --git a/security/nss/lib/freebl/mpi/mpvalpha.c b/security/nss/lib/freebl/mpi/mpvalpha.c
new file mode 100644
index 000000000..5118e73c3
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mpvalpha.c
@@ -0,0 +1,214 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is Multiple Precision Integer optimization code for 
+ * the Compaq Alpha processor.
+ *
+ * The Initial Developer of the Original Code is
+ * Richard C. Swift.
+ * Portions created by the Initial Developer are Copyright (C) 2001
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):	Richard C. Swift	(swift@netscape.com)
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "mpi-priv.h"
+#include <c_asm.h>
+
+
+#define MP_MUL_DxD(a, b, Phi, Plo)		\
+ { Plo = asm ("mulq %a0, %a1, %v0", a, b);	\
+   Phi = asm ("umulh %a0, %a1, %v0", a, b); }	\
+
+/* This is empty for the loop in s_mpv_mul_d	*/
+#define CARRY_ADD
+
+#define ONE_MUL				\
+    a_i = *a++;				\
+    MP_MUL_DxD(a_i, b, a1b1, a0b0);	\
+    a0b0 += carry;			\
+    if (a0b0 < carry)			\
+      ++a1b1;				\
+    CARRY_ADD				\
+    *c++ = a0b0;			\
+    carry = a1b1;			\
+
+#define FOUR_MUL			\
+	ONE_MUL				\
+	ONE_MUL				\
+	ONE_MUL				\
+	ONE_MUL				\
+
+#define SIXTEEN_MUL			\
+	FOUR_MUL			\
+	FOUR_MUL			\
+	FOUR_MUL			\
+	FOUR_MUL			\
+
+#define THIRTYTWO_MUL			\
+	SIXTEEN_MUL			\
+	SIXTEEN_MUL			\
+
+#define ONETWENTYEIGHT_MUL		\
+	THIRTYTWO_MUL			\
+	THIRTYTWO_MUL			\
+	THIRTYTWO_MUL			\
+	THIRTYTWO_MUL			\
+
+
+#define EXPAND_256(CALL)		\
+ mp_digit carry = 0;			\
+ mp_digit a_i;				\
+ mp_digit a0b0, a1b1;			\
+ if (a_len &255) {			\
+	if (a_len &1) {			\
+	  ONE_MUL			\
+	}				\
+	if (a_len &2) {			\
+	  ONE_MUL			\
+	  ONE_MUL			\
+	}				\
+	if (a_len &4) {			\
+	  FOUR_MUL			\
+	}				\
+	if (a_len &8) {			\
+	  FOUR_MUL			\
+	  FOUR_MUL			\
+	}				\
+	if (a_len & 16 ) {		\
+	  SIXTEEN_MUL			\
+	}				\
+	if (a_len & 32 ) {		\
+	  THIRTYTWO_MUL			\
+	}				\
+	if (a_len & 64 ) {		\
+	  THIRTYTWO_MUL			\
+	  THIRTYTWO_MUL			\
+	}				\
+	if (a_len & 128) {		\
+	  ONETWENTYEIGHT_MUL		\
+	}				\
+	a_len = a_len & (-256);		\
+  }					\
+  if (a_len>=256 ) {			\
+	carry = CALL(a, a_len, b, c, carry);	\
+	c += a_len;			\
+  }					\
+
+#define FUNC_NAME(NAME)			\
+mp_digit NAME(const mp_digit *a, 	\
+	mp_size a_len,			\
+	mp_digit b, mp_digit *c, 	\
+	mp_digit carry)			\
+
+#define DECLARE_MUL_256(FNAME)		\
+FUNC_NAME(FNAME)			\
+{					\
+  mp_digit a_i;				\
+  mp_digit a0b0, a1b1;			\
+  while (a_len) {			\
+	ONETWENTYEIGHT_MUL		\
+	ONETWENTYEIGHT_MUL		\
+	a_len-= 256;			\
+  }					\
+  return carry;				\
+}					\
+
+/* Expanding the loop in s_mpv_mul_d appeared to slow down the
+   (admittedly) small number of tests (i.e., timetest) used to
+   measure performance, so this define disables that optimization. */
+#define DO_NOT_EXPAND 1
+
+/* Need forward declaration so it can be instantiated after
+	the routine that uses it; this helps locality somewhat	*/
+#if !defined(DO_NOT_EXPAND)
+FUNC_NAME(s_mpv_mul_d_MUL256);
+#endif
+
+/* c = a * b */
+void s_mpv_mul_d(const mp_digit *a, mp_size a_len, 
+			mp_digit b, mp_digit *c)
+{
+#if defined(DO_NOT_EXPAND)
+  mp_digit carry = 0;
+  while (a_len--) {
+    mp_digit a_i = *a++;
+    mp_digit a0b0, a1b1;
+
+    MP_MUL_DxD(a_i, b, a1b1, a0b0);
+
+    a0b0 += carry;
+    if (a0b0 < carry)
+      ++a1b1;
+    *c++ = a0b0;
+    carry = a1b1;
+  }
+#else
+  EXPAND_256(s_mpv_mul_d_MUL256)
+#endif
+  *c = carry;
+}
+
+#if !defined(DO_NOT_EXPAND)
+DECLARE_MUL_256(s_mpv_mul_d_MUL256)
+#endif
+
+#undef CARRY_ADD
+/* This is redefined for the loop in s_mpv_mul_d_add */
+#define CARRY_ADD			\
+    a0b0 += a_i = *c;			\
+    if (a0b0 < a_i)			\
+      ++a1b1;				\
+
+/* Need forward declaration so it can be instantiated between the
+	two routines that use it; this helps locality somewhat	*/
+FUNC_NAME(s_mpv_mul_d_add_MUL256);
+
+/* c += a * b */
+void s_mpv_mul_d_add(const mp_digit *a, mp_size a_len, 
+			mp_digit b, mp_digit *c)
+{
+  EXPAND_256(s_mpv_mul_d_add_MUL256)
+  *c = carry;
+}
+
+/* Instantiate multiply 256 routine here */
+DECLARE_MUL_256(s_mpv_mul_d_add_MUL256)
+
+/* Presently, this is only used by the Montgomery arithmetic code. */
+/* c += a * b */
+void s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, 
+			mp_digit b, mp_digit *c)
+{
+  EXPAND_256(s_mpv_mul_d_add_MUL256)
+  while (carry) {
+    mp_digit c_i = *c;
+    carry += c_i;
+    *c++ = carry;
+    carry = carry < c_i;
+  }
+}
+
diff --git a/security/nss/lib/freebl/mpi/mulsqr.c b/security/nss/lib/freebl/mpi/mulsqr.c
new file mode 100644
index 000000000..d73ad8d69
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/mulsqr.c
@@ -0,0 +1,115 @@
+/*
+ * Test whether to include squaring code given the current settings
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1997
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <limits.h>
+#include <time.h>
+
+#define MP_SQUARE 1  /* make sure squaring code is included */
+
+#include "mpi.h"
+#include "mpprime.h"
+
+int main(int argc, char *argv[])
+{
+  int           ntests, prec, ix;
+  unsigned int  seed;
+  clock_t       start, stop;
+  double        multime, sqrtime;
+  mp_int        a, c;
+
+  seed = (unsigned int)time(NULL);
+
+  if(argc < 3) {
+    fprintf(stderr, "Usage: %s <ntests> <nbits>\n", argv[0]);
+    return 1;
+  }
+
+  if((ntests = abs(atoi(argv[1]))) == 0) {
+    fprintf(stderr, "%s: must request at least 1 test.\n", argv[0]);
+    return 1;
+  }
+  if((prec = abs(atoi(argv[2]))) < CHAR_BIT) {
+    fprintf(stderr, "%s: must request at least %d bits.\n", argv[0],
+	    CHAR_BIT);
+    return 1;
+  }
+
+  prec = (prec + (DIGIT_BIT - 1)) / DIGIT_BIT;
+
+  mp_init_size(&a, prec);
+  mp_init_size(&c, 2 * prec);
+
+  /* Test multiplication by self */
+  srand(seed);
+  start = clock();
+  for(ix = 0; ix < ntests; ix++) {
+    mpp_random_size(&a, prec);
+    mp_mul(&a, &a, &c);
+  }
+  stop = clock();
+
+  multime = (double)(stop - start) / CLOCKS_PER_SEC;
+
+  /* Test squaring */
+  srand(seed);
+  start = clock();
+  for(ix = 0; ix < ntests; ix++) {
+    mpp_random_size(&a, prec);
+    mp_sqr(&a, &c);
+  }
+  stop = clock();
+
+  sqrtime = (double)(stop - start) / CLOCKS_PER_SEC;
+
+  printf("Multiply: %.4f\n", multime);
+  printf("Square:   %.4f\n", sqrtime);
+  if(multime < sqrtime) {
+    printf("Speedup:  %.1f%%\n", 100.0 * (1.0 - multime / sqrtime));
+    printf("Prefer:   multiply\n");
+  } else {
+    printf("Speedup:  %.1f%%\n", 100.0 * (1.0 - sqrtime / multime));
+    printf("Prefer:   square\n");
+  }
+
+  mp_clear(&a); mp_clear(&c);
+  return 0;
+
+}
diff --git a/security/nss/lib/freebl/mpi/multest b/security/nss/lib/freebl/mpi/multest
new file mode 100755
index 000000000..e8004ffd9
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/multest
@@ -0,0 +1,111 @@
+#!/bin/sh
+#
+# multest
+#
+# Run multiply and square timing tests, to compute a chart for the
+# current processor and compiler combination.
+
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+#
+# The Initial Developer of the Original Code is
+# Michael J. Fromberger <sting@linguist.dartmouth.edu>.
+# Portions created by the Initial Developer are Copyright (C) 2000
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+# $Id$
+#
+
+ECHO=/bin/echo
+MAKE=gmake
+
+$ECHO "\n** Running multiply and square timing tests\n"
+
+$ECHO "Bringing 'mulsqr' up to date ... "
+if $MAKE mulsqr ; then
+    :
+else
+    $ECHO "\nMake failed to build mulsqr.\n"
+    exit 1
+fi
+
+if [ ! -x ./mulsqr ] ; then
+    $ECHO "\nCannot find 'mulsqr' program, testing cannot continue.\n"
+    exit 1
+fi
+
+sizes='64 128 192 256 320 384 448 512 640 768 896 1024 1536 2048'
+ntests=500000
+
+$ECHO "Running timing tests, please wait ... "
+
+trap 'echo "oop!";rm -f tt*.tmp;exit 0' INT HUP
+
+touch tt$$.tmp
+$ECHO $ntests tests >> tt$$.tmp
+for size in $sizes ; do
+    $ECHO "$size bits ... \c"
+    set -A res `./mulsqr $ntests $size|head -3|tr -d '%'|awk '{print $2}'`
+    $ECHO $size"\t"${res[0]}"\t"${res[1]}"\t"${res[2]} >> tt$$.tmp
+    $ECHO "(done)"
+done
+mv tt$$.tmp mulsqr-results.txt
+rm -f tt$$.tmp
+
+$ECHO "\n** Running Karatsuba-Ofman multiplication tests\n"
+
+$ECHO "Brining 'karatsuba' up to date ... "
+if $MAKE karatsuba ; then
+    :
+else
+    $ECHO "\nMake failed to build karatsuba.\n"
+    exit 1
+fi
+
+if [ ! -x ./karatsuba ] ; then
+    $ECHO "\nCannot find 'karatsuba' program, testing cannot continue.\n"
+    exit 1
+fi
+
+ntests=100000
+
+trap 'echo "oop!";rm -f tt*.tmp;exit 0' INT HUP
+
+touch tt$$.tmp
+for size in $sizes ; do
+    $ECHO "$size bits ... "
+    ./karatsuba $ntests $size >> tt$$.tmp
+    tail -2 tt$$.tmp
+done
+mv tt$$.tmp karatsuba-results.txt
+rm -f tt$$.tmp
+
+exit 0
diff --git a/security/nss/lib/freebl/mpi/primes.c b/security/nss/lib/freebl/mpi/primes.c
new file mode 100644
index 000000000..2391c5e4b
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/primes.c
@@ -0,0 +1,874 @@
+/*
+ * These tables of primes wwere generated using the 'sieve' program
+ * (sieve.c) and converted to this format with 'ptab.pl'.  
+ *
+ * The 'small' table is just the first 128 primes.  The 'large' table
+ * is a table of all the prime values that will fit into a single
+ * mp_digit (given the current size of an mp_digit, which is two bytes).
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1997
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#if SMALL_TABLE
+#define MP_PRIME_TAB_SIZE 128
+#else
+#define MP_PRIME_TAB_SIZE 6542
+#endif
+
+const int prime_tab_size = MP_PRIME_TAB_SIZE;
+const mp_digit  prime_tab[] = {
+	0x0002, 0x0003, 0x0005, 0x0007, 0x000B, 0x000D, 0x0011, 0x0013, 
+	0x0017, 0x001D, 0x001F, 0x0025, 0x0029, 0x002B, 0x002F, 0x0035, 
+	0x003B, 0x003D, 0x0043, 0x0047, 0x0049, 0x004F, 0x0053, 0x0059, 
+	0x0061, 0x0065, 0x0067, 0x006B, 0x006D, 0x0071, 0x007F, 0x0083, 
+	0x0089, 0x008B, 0x0095, 0x0097, 0x009D, 0x00A3, 0x00A7, 0x00AD, 
+	0x00B3, 0x00B5, 0x00BF, 0x00C1, 0x00C5, 0x00C7, 0x00D3, 0x00DF, 
+	0x00E3, 0x00E5, 0x00E9, 0x00EF, 0x00F1, 0x00FB, 0x0101, 0x0107, 
+	0x010D, 0x010F, 0x0115, 0x0119, 0x011B, 0x0125, 0x0133, 0x0137, 
+	0x0139, 0x013D, 0x014B, 0x0151, 0x015B, 0x015D, 0x0161, 0x0167, 
+	0x016F, 0x0175, 0x017B, 0x017F, 0x0185, 0x018D, 0x0191, 0x0199, 
+	0x01A3, 0x01A5, 0x01AF, 0x01B1, 0x01B7, 0x01BB, 0x01C1, 0x01C9, 
+	0x01CD, 0x01CF, 0x01D3, 0x01DF, 0x01E7, 0x01EB, 0x01F3, 0x01F7, 
+	0x01FD, 0x0209, 0x020B, 0x021D, 0x0223, 0x022D, 0x0233, 0x0239, 
+	0x023B, 0x0241, 0x024B, 0x0251, 0x0257, 0x0259, 0x025F, 0x0265, 
+	0x0269, 0x026B, 0x0277, 0x0281, 0x0283, 0x0287, 0x028D, 0x0293, 
+	0x0295, 0x02A1, 0x02A5, 0x02AB, 0x02B3, 0x02BD, 0x02C5, 0x02CF, 
+#if ! SMALL_TABLE
+	0x02D7, 0x02DD, 0x02E3, 0x02E7, 0x02EF, 0x02F5, 0x02F9, 0x0301, 
+	0x0305, 0x0313, 0x031D, 0x0329, 0x032B, 0x0335, 0x0337, 0x033B, 
+	0x033D, 0x0347, 0x0355, 0x0359, 0x035B, 0x035F, 0x036D, 0x0371, 
+	0x0373, 0x0377, 0x038B, 0x038F, 0x0397, 0x03A1, 0x03A9, 0x03AD, 
+	0x03B3, 0x03B9, 0x03C7, 0x03CB, 0x03D1, 0x03D7, 0x03DF, 0x03E5, 
+	0x03F1, 0x03F5, 0x03FB, 0x03FD, 0x0407, 0x0409, 0x040F, 0x0419, 
+	0x041B, 0x0425, 0x0427, 0x042D, 0x043F, 0x0443, 0x0445, 0x0449, 
+	0x044F, 0x0455, 0x045D, 0x0463, 0x0469, 0x047F, 0x0481, 0x048B, 
+	0x0493, 0x049D, 0x04A3, 0x04A9, 0x04B1, 0x04BD, 0x04C1, 0x04C7, 
+	0x04CD, 0x04CF, 0x04D5, 0x04E1, 0x04EB, 0x04FD, 0x04FF, 0x0503, 
+	0x0509, 0x050B, 0x0511, 0x0515, 0x0517, 0x051B, 0x0527, 0x0529, 
+	0x052F, 0x0551, 0x0557, 0x055D, 0x0565, 0x0577, 0x0581, 0x058F, 
+	0x0593, 0x0595, 0x0599, 0x059F, 0x05A7, 0x05AB, 0x05AD, 0x05B3, 
+	0x05BF, 0x05C9, 0x05CB, 0x05CF, 0x05D1, 0x05D5, 0x05DB, 0x05E7, 
+	0x05F3, 0x05FB, 0x0607, 0x060D, 0x0611, 0x0617, 0x061F, 0x0623, 
+	0x062B, 0x062F, 0x063D, 0x0641, 0x0647, 0x0649, 0x064D, 0x0653, 
+	0x0655, 0x065B, 0x0665, 0x0679, 0x067F, 0x0683, 0x0685, 0x069D, 
+	0x06A1, 0x06A3, 0x06AD, 0x06B9, 0x06BB, 0x06C5, 0x06CD, 0x06D3, 
+	0x06D9, 0x06DF, 0x06F1, 0x06F7, 0x06FB, 0x06FD, 0x0709, 0x0713, 
+	0x071F, 0x0727, 0x0737, 0x0745, 0x074B, 0x074F, 0x0751, 0x0755, 
+	0x0757, 0x0761, 0x076D, 0x0773, 0x0779, 0x078B, 0x078D, 0x079D, 
+	0x079F, 0x07B5, 0x07BB, 0x07C3, 0x07C9, 0x07CD, 0x07CF, 0x07D3, 
+	0x07DB, 0x07E1, 0x07EB, 0x07ED, 0x07F7, 0x0805, 0x080F, 0x0815, 
+	0x0821, 0x0823, 0x0827, 0x0829, 0x0833, 0x083F, 0x0841, 0x0851, 
+	0x0853, 0x0859, 0x085D, 0x085F, 0x0869, 0x0871, 0x0883, 0x089B, 
+	0x089F, 0x08A5, 0x08AD, 0x08BD, 0x08BF, 0x08C3, 0x08CB, 0x08DB, 
+	0x08DD, 0x08E1, 0x08E9, 0x08EF, 0x08F5, 0x08F9, 0x0905, 0x0907, 
+	0x091D, 0x0923, 0x0925, 0x092B, 0x092F, 0x0935, 0x0943, 0x0949, 
+	0x094D, 0x094F, 0x0955, 0x0959, 0x095F, 0x096B, 0x0971, 0x0977, 
+	0x0985, 0x0989, 0x098F, 0x099B, 0x09A3, 0x09A9, 0x09AD, 0x09C7, 
+	0x09D9, 0x09E3, 0x09EB, 0x09EF, 0x09F5, 0x09F7, 0x09FD, 0x0A13, 
+	0x0A1F, 0x0A21, 0x0A31, 0x0A39, 0x0A3D, 0x0A49, 0x0A57, 0x0A61, 
+	0x0A63, 0x0A67, 0x0A6F, 0x0A75, 0x0A7B, 0x0A7F, 0x0A81, 0x0A85, 
+	0x0A8B, 0x0A93, 0x0A97, 0x0A99, 0x0A9F, 0x0AA9, 0x0AAB, 0x0AB5, 
+	0x0ABD, 0x0AC1, 0x0ACF, 0x0AD9, 0x0AE5, 0x0AE7, 0x0AED, 0x0AF1, 
+	0x0AF3, 0x0B03, 0x0B11, 0x0B15, 0x0B1B, 0x0B23, 0x0B29, 0x0B2D, 
+	0x0B3F, 0x0B47, 0x0B51, 0x0B57, 0x0B5D, 0x0B65, 0x0B6F, 0x0B7B, 
+	0x0B89, 0x0B8D, 0x0B93, 0x0B99, 0x0B9B, 0x0BB7, 0x0BB9, 0x0BC3, 
+	0x0BCB, 0x0BCF, 0x0BDD, 0x0BE1, 0x0BE9, 0x0BF5, 0x0BFB, 0x0C07, 
+	0x0C0B, 0x0C11, 0x0C25, 0x0C2F, 0x0C31, 0x0C41, 0x0C5B, 0x0C5F, 
+	0x0C61, 0x0C6D, 0x0C73, 0x0C77, 0x0C83, 0x0C89, 0x0C91, 0x0C95, 
+	0x0C9D, 0x0CB3, 0x0CB5, 0x0CB9, 0x0CBB, 0x0CC7, 0x0CE3, 0x0CE5, 
+	0x0CEB, 0x0CF1, 0x0CF7, 0x0CFB, 0x0D01, 0x0D03, 0x0D0F, 0x0D13, 
+	0x0D1F, 0x0D21, 0x0D2B, 0x0D2D, 0x0D3D, 0x0D3F, 0x0D4F, 0x0D55, 
+	0x0D69, 0x0D79, 0x0D81, 0x0D85, 0x0D87, 0x0D8B, 0x0D8D, 0x0DA3, 
+	0x0DAB, 0x0DB7, 0x0DBD, 0x0DC7, 0x0DC9, 0x0DCD, 0x0DD3, 0x0DD5, 
+	0x0DDB, 0x0DE5, 0x0DE7, 0x0DF3, 0x0DFD, 0x0DFF, 0x0E09, 0x0E17, 
+	0x0E1D, 0x0E21, 0x0E27, 0x0E2F, 0x0E35, 0x0E3B, 0x0E4B, 0x0E57, 
+	0x0E59, 0x0E5D, 0x0E6B, 0x0E71, 0x0E75, 0x0E7D, 0x0E87, 0x0E8F, 
+	0x0E95, 0x0E9B, 0x0EB1, 0x0EB7, 0x0EB9, 0x0EC3, 0x0ED1, 0x0ED5, 
+	0x0EDB, 0x0EED, 0x0EEF, 0x0EF9, 0x0F07, 0x0F0B, 0x0F0D, 0x0F17, 
+	0x0F25, 0x0F29, 0x0F31, 0x0F43, 0x0F47, 0x0F4D, 0x0F4F, 0x0F53, 
+	0x0F59, 0x0F5B, 0x0F67, 0x0F6B, 0x0F7F, 0x0F95, 0x0FA1, 0x0FA3, 
+	0x0FA7, 0x0FAD, 0x0FB3, 0x0FB5, 0x0FBB, 0x0FD1, 0x0FD3, 0x0FD9, 
+	0x0FE9, 0x0FEF, 0x0FFB, 0x0FFD, 0x1003, 0x100F, 0x101F, 0x1021, 
+	0x1025, 0x102B, 0x1039, 0x103D, 0x103F, 0x1051, 0x1069, 0x1073, 
+	0x1079, 0x107B, 0x1085, 0x1087, 0x1091, 0x1093, 0x109D, 0x10A3, 
+	0x10A5, 0x10AF, 0x10B1, 0x10BB, 0x10C1, 0x10C9, 0x10E7, 0x10F1, 
+	0x10F3, 0x10FD, 0x1105, 0x110B, 0x1115, 0x1127, 0x112D, 0x1139, 
+	0x1145, 0x1147, 0x1159, 0x115F, 0x1163, 0x1169, 0x116F, 0x1181, 
+	0x1183, 0x118D, 0x119B, 0x11A1, 0x11A5, 0x11A7, 0x11AB, 0x11C3, 
+	0x11C5, 0x11D1, 0x11D7, 0x11E7, 0x11EF, 0x11F5, 0x11FB, 0x120D, 
+	0x121D, 0x121F, 0x1223, 0x1229, 0x122B, 0x1231, 0x1237, 0x1241, 
+	0x1247, 0x1253, 0x125F, 0x1271, 0x1273, 0x1279, 0x127D, 0x128F, 
+	0x1297, 0x12AF, 0x12B3, 0x12B5, 0x12B9, 0x12BF, 0x12C1, 0x12CD, 
+	0x12D1, 0x12DF, 0x12FD, 0x1307, 0x130D, 0x1319, 0x1327, 0x132D, 
+	0x1337, 0x1343, 0x1345, 0x1349, 0x134F, 0x1357, 0x135D, 0x1367, 
+	0x1369, 0x136D, 0x137B, 0x1381, 0x1387, 0x138B, 0x1391, 0x1393, 
+	0x139D, 0x139F, 0x13AF, 0x13BB, 0x13C3, 0x13D5, 0x13D9, 0x13DF, 
+	0x13EB, 0x13ED, 0x13F3, 0x13F9, 0x13FF, 0x141B, 0x1421, 0x142F, 
+	0x1433, 0x143B, 0x1445, 0x144D, 0x1459, 0x146B, 0x146F, 0x1471, 
+	0x1475, 0x148D, 0x1499, 0x149F, 0x14A1, 0x14B1, 0x14B7, 0x14BD, 
+	0x14CB, 0x14D5, 0x14E3, 0x14E7, 0x1505, 0x150B, 0x1511, 0x1517, 
+	0x151F, 0x1525, 0x1529, 0x152B, 0x1537, 0x153D, 0x1541, 0x1543, 
+	0x1549, 0x155F, 0x1565, 0x1567, 0x156B, 0x157D, 0x157F, 0x1583, 
+	0x158F, 0x1591, 0x1597, 0x159B, 0x15B5, 0x15BB, 0x15C1, 0x15C5, 
+	0x15CD, 0x15D7, 0x15F7, 0x1607, 0x1609, 0x160F, 0x1613, 0x1615, 
+	0x1619, 0x161B, 0x1625, 0x1633, 0x1639, 0x163D, 0x1645, 0x164F, 
+	0x1655, 0x1669, 0x166D, 0x166F, 0x1675, 0x1693, 0x1697, 0x169F, 
+	0x16A9, 0x16AF, 0x16B5, 0x16BD, 0x16C3, 0x16CF, 0x16D3, 0x16D9, 
+	0x16DB, 0x16E1, 0x16E5, 0x16EB, 0x16ED, 0x16F7, 0x16F9, 0x1709, 
+	0x170F, 0x1723, 0x1727, 0x1733, 0x1741, 0x175D, 0x1763, 0x1777, 
+	0x177B, 0x178D, 0x1795, 0x179B, 0x179F, 0x17A5, 0x17B3, 0x17B9, 
+	0x17BF, 0x17C9, 0x17CB, 0x17D5, 0x17E1, 0x17E9, 0x17F3, 0x17F5, 
+	0x17FF, 0x1807, 0x1813, 0x181D, 0x1835, 0x1837, 0x183B, 0x1843, 
+	0x1849, 0x184D, 0x1855, 0x1867, 0x1871, 0x1877, 0x187D, 0x187F, 
+	0x1885, 0x188F, 0x189B, 0x189D, 0x18A7, 0x18AD, 0x18B3, 0x18B9, 
+	0x18C1, 0x18C7, 0x18D1, 0x18D7, 0x18D9, 0x18DF, 0x18E5, 0x18EB, 
+	0x18F5, 0x18FD, 0x1915, 0x191B, 0x1931, 0x1933, 0x1945, 0x1949, 
+	0x1951, 0x195B, 0x1979, 0x1981, 0x1993, 0x1997, 0x1999, 0x19A3, 
+	0x19A9, 0x19AB, 0x19B1, 0x19B5, 0x19C7, 0x19CF, 0x19DB, 0x19ED, 
+	0x19FD, 0x1A03, 0x1A05, 0x1A11, 0x1A17, 0x1A21, 0x1A23, 0x1A2D, 
+	0x1A2F, 0x1A35, 0x1A3F, 0x1A4D, 0x1A51, 0x1A69, 0x1A6B, 0x1A7B, 
+	0x1A7D, 0x1A87, 0x1A89, 0x1A93, 0x1AA7, 0x1AAB, 0x1AAD, 0x1AB1, 
+	0x1AB9, 0x1AC9, 0x1ACF, 0x1AD5, 0x1AD7, 0x1AE3, 0x1AF3, 0x1AFB, 
+	0x1AFF, 0x1B05, 0x1B23, 0x1B25, 0x1B2F, 0x1B31, 0x1B37, 0x1B3B, 
+	0x1B41, 0x1B47, 0x1B4F, 0x1B55, 0x1B59, 0x1B65, 0x1B6B, 0x1B73, 
+	0x1B7F, 0x1B83, 0x1B91, 0x1B9D, 0x1BA7, 0x1BBF, 0x1BC5, 0x1BD1, 
+	0x1BD7, 0x1BD9, 0x1BEF, 0x1BF7, 0x1C09, 0x1C13, 0x1C19, 0x1C27, 
+	0x1C2B, 0x1C2D, 0x1C33, 0x1C3D, 0x1C45, 0x1C4B, 0x1C4F, 0x1C55, 
+	0x1C73, 0x1C81, 0x1C8B, 0x1C8D, 0x1C99, 0x1CA3, 0x1CA5, 0x1CB5, 
+	0x1CB7, 0x1CC9, 0x1CE1, 0x1CF3, 0x1CF9, 0x1D09, 0x1D1B, 0x1D21, 
+	0x1D23, 0x1D35, 0x1D39, 0x1D3F, 0x1D41, 0x1D4B, 0x1D53, 0x1D5D, 
+	0x1D63, 0x1D69, 0x1D71, 0x1D75, 0x1D7B, 0x1D7D, 0x1D87, 0x1D89, 
+	0x1D95, 0x1D99, 0x1D9F, 0x1DA5, 0x1DA7, 0x1DB3, 0x1DB7, 0x1DC5, 
+	0x1DD7, 0x1DDB, 0x1DE1, 0x1DF5, 0x1DF9, 0x1E01, 0x1E07, 0x1E0B, 
+	0x1E13, 0x1E17, 0x1E25, 0x1E2B, 0x1E2F, 0x1E3D, 0x1E49, 0x1E4D, 
+	0x1E4F, 0x1E6D, 0x1E71, 0x1E89, 0x1E8F, 0x1E95, 0x1EA1, 0x1EAD, 
+	0x1EBB, 0x1EC1, 0x1EC5, 0x1EC7, 0x1ECB, 0x1EDD, 0x1EE3, 0x1EEF, 
+	0x1EF7, 0x1EFD, 0x1F01, 0x1F0D, 0x1F0F, 0x1F1B, 0x1F39, 0x1F49, 
+	0x1F4B, 0x1F51, 0x1F67, 0x1F75, 0x1F7B, 0x1F85, 0x1F91, 0x1F97, 
+	0x1F99, 0x1F9D, 0x1FA5, 0x1FAF, 0x1FB5, 0x1FBB, 0x1FD3, 0x1FE1, 
+	0x1FE7, 0x1FEB, 0x1FF3, 0x1FFF, 0x2011, 0x201B, 0x201D, 0x2027, 
+	0x2029, 0x202D, 0x2033, 0x2047, 0x204D, 0x2051, 0x205F, 0x2063, 
+	0x2065, 0x2069, 0x2077, 0x207D, 0x2089, 0x20A1, 0x20AB, 0x20B1, 
+	0x20B9, 0x20C3, 0x20C5, 0x20E3, 0x20E7, 0x20ED, 0x20EF, 0x20FB, 
+	0x20FF, 0x210D, 0x2113, 0x2135, 0x2141, 0x2149, 0x214F, 0x2159, 
+	0x215B, 0x215F, 0x2173, 0x217D, 0x2185, 0x2195, 0x2197, 0x21A1, 
+	0x21AF, 0x21B3, 0x21B5, 0x21C1, 0x21C7, 0x21D7, 0x21DD, 0x21E5, 
+	0x21E9, 0x21F1, 0x21F5, 0x21FB, 0x2203, 0x2209, 0x220F, 0x221B, 
+	0x2221, 0x2225, 0x222B, 0x2231, 0x2239, 0x224B, 0x224F, 0x2263, 
+	0x2267, 0x2273, 0x2275, 0x227F, 0x2285, 0x2287, 0x2291, 0x229D, 
+	0x229F, 0x22A3, 0x22B7, 0x22BD, 0x22DB, 0x22E1, 0x22E5, 0x22ED, 
+	0x22F7, 0x2303, 0x2309, 0x230B, 0x2327, 0x2329, 0x232F, 0x2333, 
+	0x2335, 0x2345, 0x2351, 0x2353, 0x2359, 0x2363, 0x236B, 0x2383, 
+	0x238F, 0x2395, 0x23A7, 0x23AD, 0x23B1, 0x23BF, 0x23C5, 0x23C9, 
+	0x23D5, 0x23DD, 0x23E3, 0x23EF, 0x23F3, 0x23F9, 0x2405, 0x240B, 
+	0x2417, 0x2419, 0x2429, 0x243D, 0x2441, 0x2443, 0x244D, 0x245F, 
+	0x2467, 0x246B, 0x2479, 0x247D, 0x247F, 0x2485, 0x249B, 0x24A1, 
+	0x24AF, 0x24B5, 0x24BB, 0x24C5, 0x24CB, 0x24CD, 0x24D7, 0x24D9, 
+	0x24DD, 0x24DF, 0x24F5, 0x24F7, 0x24FB, 0x2501, 0x2507, 0x2513, 
+	0x2519, 0x2527, 0x2531, 0x253D, 0x2543, 0x254B, 0x254F, 0x2573, 
+	0x2581, 0x258D, 0x2593, 0x2597, 0x259D, 0x259F, 0x25AB, 0x25B1, 
+	0x25BD, 0x25CD, 0x25CF, 0x25D9, 0x25E1, 0x25F7, 0x25F9, 0x2605, 
+	0x260B, 0x260F, 0x2615, 0x2627, 0x2629, 0x2635, 0x263B, 0x263F, 
+	0x264B, 0x2653, 0x2659, 0x2665, 0x2669, 0x266F, 0x267B, 0x2681, 
+	0x2683, 0x268F, 0x269B, 0x269F, 0x26AD, 0x26B3, 0x26C3, 0x26C9, 
+	0x26CB, 0x26D5, 0x26DD, 0x26EF, 0x26F5, 0x2717, 0x2719, 0x2735, 
+	0x2737, 0x274D, 0x2753, 0x2755, 0x275F, 0x276B, 0x276D, 0x2773, 
+	0x2777, 0x277F, 0x2795, 0x279B, 0x279D, 0x27A7, 0x27AF, 0x27B3, 
+	0x27B9, 0x27C1, 0x27C5, 0x27D1, 0x27E3, 0x27EF, 0x2803, 0x2807, 
+	0x280D, 0x2813, 0x281B, 0x281F, 0x2821, 0x2831, 0x283D, 0x283F, 
+	0x2849, 0x2851, 0x285B, 0x285D, 0x2861, 0x2867, 0x2875, 0x2881, 
+	0x2897, 0x289F, 0x28BB, 0x28BD, 0x28C1, 0x28D5, 0x28D9, 0x28DB, 
+	0x28DF, 0x28ED, 0x28F7, 0x2903, 0x2905, 0x2911, 0x2921, 0x2923, 
+	0x293F, 0x2947, 0x295D, 0x2965, 0x2969, 0x296F, 0x2975, 0x2983, 
+	0x2987, 0x298F, 0x299B, 0x29A1, 0x29A7, 0x29AB, 0x29BF, 0x29C3, 
+	0x29D5, 0x29D7, 0x29E3, 0x29E9, 0x29ED, 0x29F3, 0x2A01, 0x2A13, 
+	0x2A1D, 0x2A25, 0x2A2F, 0x2A4F, 0x2A55, 0x2A5F, 0x2A65, 0x2A6B, 
+	0x2A6D, 0x2A73, 0x2A83, 0x2A89, 0x2A8B, 0x2A97, 0x2A9D, 0x2AB9, 
+	0x2ABB, 0x2AC5, 0x2ACD, 0x2ADD, 0x2AE3, 0x2AEB, 0x2AF1, 0x2AFB, 
+	0x2B13, 0x2B27, 0x2B31, 0x2B33, 0x2B3D, 0x2B3F, 0x2B4B, 0x2B4F, 
+	0x2B55, 0x2B69, 0x2B6D, 0x2B6F, 0x2B7B, 0x2B8D, 0x2B97, 0x2B99, 
+	0x2BA3, 0x2BA5, 0x2BA9, 0x2BBD, 0x2BCD, 0x2BE7, 0x2BEB, 0x2BF3, 
+	0x2BF9, 0x2BFD, 0x2C09, 0x2C0F, 0x2C17, 0x2C23, 0x2C2F, 0x2C35, 
+	0x2C39, 0x2C41, 0x2C57, 0x2C59, 0x2C69, 0x2C77, 0x2C81, 0x2C87, 
+	0x2C93, 0x2C9F, 0x2CAD, 0x2CB3, 0x2CB7, 0x2CCB, 0x2CCF, 0x2CDB, 
+	0x2CE1, 0x2CE3, 0x2CE9, 0x2CEF, 0x2CFF, 0x2D07, 0x2D1D, 0x2D1F, 
+	0x2D3B, 0x2D43, 0x2D49, 0x2D4D, 0x2D61, 0x2D65, 0x2D71, 0x2D89, 
+	0x2D9D, 0x2DA1, 0x2DA9, 0x2DB3, 0x2DB5, 0x2DC5, 0x2DC7, 0x2DD3, 
+	0x2DDF, 0x2E01, 0x2E03, 0x2E07, 0x2E0D, 0x2E19, 0x2E1F, 0x2E25, 
+	0x2E2D, 0x2E33, 0x2E37, 0x2E39, 0x2E3F, 0x2E57, 0x2E5B, 0x2E6F, 
+	0x2E79, 0x2E7F, 0x2E85, 0x2E93, 0x2E97, 0x2E9D, 0x2EA3, 0x2EA5, 
+	0x2EB1, 0x2EB7, 0x2EC1, 0x2EC3, 0x2ECD, 0x2ED3, 0x2EE7, 0x2EEB, 
+	0x2F05, 0x2F09, 0x2F0B, 0x2F11, 0x2F27, 0x2F29, 0x2F41, 0x2F45, 
+	0x2F4B, 0x2F4D, 0x2F51, 0x2F57, 0x2F6F, 0x2F75, 0x2F7D, 0x2F81, 
+	0x2F83, 0x2FA5, 0x2FAB, 0x2FB3, 0x2FC3, 0x2FCF, 0x2FD1, 0x2FDB, 
+	0x2FDD, 0x2FE7, 0x2FED, 0x2FF5, 0x2FF9, 0x3001, 0x300D, 0x3023, 
+	0x3029, 0x3037, 0x303B, 0x3055, 0x3059, 0x305B, 0x3067, 0x3071, 
+	0x3079, 0x307D, 0x3085, 0x3091, 0x3095, 0x30A3, 0x30A9, 0x30B9, 
+	0x30BF, 0x30C7, 0x30CB, 0x30D1, 0x30D7, 0x30DF, 0x30E5, 0x30EF, 
+	0x30FB, 0x30FD, 0x3103, 0x3109, 0x3119, 0x3121, 0x3127, 0x312D, 
+	0x3139, 0x3143, 0x3145, 0x314B, 0x315D, 0x3161, 0x3167, 0x316D, 
+	0x3173, 0x317F, 0x3191, 0x3199, 0x319F, 0x31A9, 0x31B1, 0x31C3, 
+	0x31C7, 0x31D5, 0x31DB, 0x31ED, 0x31F7, 0x31FF, 0x3209, 0x3215, 
+	0x3217, 0x321D, 0x3229, 0x3235, 0x3259, 0x325D, 0x3263, 0x326B, 
+	0x326F, 0x3275, 0x3277, 0x327B, 0x328D, 0x3299, 0x329F, 0x32A7, 
+	0x32AD, 0x32B3, 0x32B7, 0x32C9, 0x32CB, 0x32CF, 0x32D1, 0x32E9, 
+	0x32ED, 0x32F3, 0x32F9, 0x3307, 0x3325, 0x332B, 0x332F, 0x3335, 
+	0x3341, 0x3347, 0x335B, 0x335F, 0x3367, 0x336B, 0x3373, 0x3379, 
+	0x337F, 0x3383, 0x33A1, 0x33A3, 0x33AD, 0x33B9, 0x33C1, 0x33CB, 
+	0x33D3, 0x33EB, 0x33F1, 0x33FD, 0x3401, 0x340F, 0x3413, 0x3419, 
+	0x341B, 0x3437, 0x3445, 0x3455, 0x3457, 0x3463, 0x3469, 0x346D, 
+	0x3481, 0x348B, 0x3491, 0x3497, 0x349D, 0x34A5, 0x34AF, 0x34BB, 
+	0x34C9, 0x34D3, 0x34E1, 0x34F1, 0x34FF, 0x3509, 0x3517, 0x351D, 
+	0x352D, 0x3533, 0x353B, 0x3541, 0x3551, 0x3565, 0x356F, 0x3571, 
+	0x3577, 0x357B, 0x357D, 0x3581, 0x358D, 0x358F, 0x3599, 0x359B, 
+	0x35A1, 0x35B7, 0x35BD, 0x35BF, 0x35C3, 0x35D5, 0x35DD, 0x35E7, 
+	0x35EF, 0x3605, 0x3607, 0x3611, 0x3623, 0x3631, 0x3635, 0x3637, 
+	0x363B, 0x364D, 0x364F, 0x3653, 0x3659, 0x3661, 0x366B, 0x366D, 
+	0x368B, 0x368F, 0x36AD, 0x36AF, 0x36B9, 0x36BB, 0x36CD, 0x36D1, 
+	0x36E3, 0x36E9, 0x36F7, 0x3701, 0x3703, 0x3707, 0x371B, 0x373F, 
+	0x3745, 0x3749, 0x374F, 0x375D, 0x3761, 0x3775, 0x377F, 0x378D, 
+	0x37A3, 0x37A9, 0x37AB, 0x37C9, 0x37D5, 0x37DF, 0x37F1, 0x37F3, 
+	0x37F7, 0x3805, 0x380B, 0x3821, 0x3833, 0x3835, 0x3841, 0x3847, 
+	0x384B, 0x3853, 0x3857, 0x385F, 0x3865, 0x386F, 0x3871, 0x387D, 
+	0x388F, 0x3899, 0x38A7, 0x38B7, 0x38C5, 0x38C9, 0x38CF, 0x38D5, 
+	0x38D7, 0x38DD, 0x38E1, 0x38E3, 0x38FF, 0x3901, 0x391D, 0x3923, 
+	0x3925, 0x3929, 0x392F, 0x393D, 0x3941, 0x394D, 0x395B, 0x396B, 
+	0x3979, 0x397D, 0x3983, 0x398B, 0x3991, 0x3995, 0x399B, 0x39A1, 
+	0x39A7, 0x39AF, 0x39B3, 0x39BB, 0x39BF, 0x39CD, 0x39DD, 0x39E5, 
+	0x39EB, 0x39EF, 0x39FB, 0x3A03, 0x3A13, 0x3A15, 0x3A1F, 0x3A27, 
+	0x3A2B, 0x3A31, 0x3A4B, 0x3A51, 0x3A5B, 0x3A63, 0x3A67, 0x3A6D, 
+	0x3A79, 0x3A87, 0x3AA5, 0x3AA9, 0x3AB7, 0x3ACD, 0x3AD5, 0x3AE1, 
+	0x3AE5, 0x3AEB, 0x3AF3, 0x3AFD, 0x3B03, 0x3B11, 0x3B1B, 0x3B21, 
+	0x3B23, 0x3B2D, 0x3B39, 0x3B45, 0x3B53, 0x3B59, 0x3B5F, 0x3B71, 
+	0x3B7B, 0x3B81, 0x3B89, 0x3B9B, 0x3B9F, 0x3BA5, 0x3BA7, 0x3BAD, 
+	0x3BB7, 0x3BB9, 0x3BC3, 0x3BCB, 0x3BD1, 0x3BD7, 0x3BE1, 0x3BE3, 
+	0x3BF5, 0x3BFF, 0x3C01, 0x3C0D, 0x3C11, 0x3C17, 0x3C1F, 0x3C29, 
+	0x3C35, 0x3C43, 0x3C4F, 0x3C53, 0x3C5B, 0x3C65, 0x3C6B, 0x3C71, 
+	0x3C85, 0x3C89, 0x3C97, 0x3CA7, 0x3CB5, 0x3CBF, 0x3CC7, 0x3CD1, 
+	0x3CDD, 0x3CDF, 0x3CF1, 0x3CF7, 0x3D03, 0x3D0D, 0x3D19, 0x3D1B, 
+	0x3D1F, 0x3D21, 0x3D2D, 0x3D33, 0x3D37, 0x3D3F, 0x3D43, 0x3D6F, 
+	0x3D73, 0x3D75, 0x3D79, 0x3D7B, 0x3D85, 0x3D91, 0x3D97, 0x3D9D, 
+	0x3DAB, 0x3DAF, 0x3DB5, 0x3DBB, 0x3DC1, 0x3DC9, 0x3DCF, 0x3DF3, 
+	0x3E05, 0x3E09, 0x3E0F, 0x3E11, 0x3E1D, 0x3E23, 0x3E29, 0x3E2F, 
+	0x3E33, 0x3E41, 0x3E57, 0x3E63, 0x3E65, 0x3E77, 0x3E81, 0x3E87, 
+	0x3EA1, 0x3EB9, 0x3EBD, 0x3EBF, 0x3EC3, 0x3EC5, 0x3EC9, 0x3ED7, 
+	0x3EDB, 0x3EE1, 0x3EE7, 0x3EEF, 0x3EFF, 0x3F0B, 0x3F0D, 0x3F37, 
+	0x3F3B, 0x3F3D, 0x3F41, 0x3F59, 0x3F5F, 0x3F65, 0x3F67, 0x3F79, 
+	0x3F7D, 0x3F8B, 0x3F91, 0x3FAD, 0x3FBF, 0x3FCD, 0x3FD3, 0x3FDD, 
+	0x3FE9, 0x3FEB, 0x3FF1, 0x3FFD, 0x401B, 0x4021, 0x4025, 0x402B, 
+	0x4031, 0x403F, 0x4043, 0x4045, 0x405D, 0x4061, 0x4067, 0x406D, 
+	0x4087, 0x4091, 0x40A3, 0x40A9, 0x40B1, 0x40B7, 0x40BD, 0x40DB, 
+	0x40DF, 0x40EB, 0x40F7, 0x40F9, 0x4109, 0x410B, 0x4111, 0x4115, 
+	0x4121, 0x4133, 0x4135, 0x413B, 0x413F, 0x4159, 0x4165, 0x416B, 
+	0x4177, 0x417B, 0x4193, 0x41AB, 0x41B7, 0x41BD, 0x41BF, 0x41CB, 
+	0x41E7, 0x41EF, 0x41F3, 0x41F9, 0x4205, 0x4207, 0x4219, 0x421F, 
+	0x4223, 0x4229, 0x422F, 0x4243, 0x4253, 0x4255, 0x425B, 0x4261, 
+	0x4273, 0x427D, 0x4283, 0x4285, 0x4289, 0x4291, 0x4297, 0x429D, 
+	0x42B5, 0x42C5, 0x42CB, 0x42D3, 0x42DD, 0x42E3, 0x42F1, 0x4307, 
+	0x430F, 0x431F, 0x4325, 0x4327, 0x4333, 0x4337, 0x4339, 0x434F, 
+	0x4357, 0x4369, 0x438B, 0x438D, 0x4393, 0x43A5, 0x43A9, 0x43AF, 
+	0x43B5, 0x43BD, 0x43C7, 0x43CF, 0x43E1, 0x43E7, 0x43EB, 0x43ED, 
+	0x43F1, 0x43F9, 0x4409, 0x440B, 0x4417, 0x4423, 0x4429, 0x443B, 
+	0x443F, 0x4445, 0x444B, 0x4451, 0x4453, 0x4459, 0x4465, 0x446F, 
+	0x4483, 0x448F, 0x44A1, 0x44A5, 0x44AB, 0x44AD, 0x44BD, 0x44BF, 
+	0x44C9, 0x44D7, 0x44DB, 0x44F9, 0x44FB, 0x4505, 0x4511, 0x4513, 
+	0x452B, 0x4531, 0x4541, 0x4549, 0x4553, 0x4555, 0x4561, 0x4577, 
+	0x457D, 0x457F, 0x458F, 0x45A3, 0x45AD, 0x45AF, 0x45BB, 0x45C7, 
+	0x45D9, 0x45E3, 0x45EF, 0x45F5, 0x45F7, 0x4601, 0x4603, 0x4609, 
+	0x4613, 0x4625, 0x4627, 0x4633, 0x4639, 0x463D, 0x4643, 0x4645, 
+	0x465D, 0x4679, 0x467B, 0x467F, 0x4681, 0x468B, 0x468D, 0x469D, 
+	0x46A9, 0x46B1, 0x46C7, 0x46C9, 0x46CF, 0x46D3, 0x46D5, 0x46DF, 
+	0x46E5, 0x46F9, 0x4705, 0x470F, 0x4717, 0x4723, 0x4729, 0x472F, 
+	0x4735, 0x4739, 0x474B, 0x474D, 0x4751, 0x475D, 0x476F, 0x4771, 
+	0x477D, 0x4783, 0x4787, 0x4789, 0x4799, 0x47A5, 0x47B1, 0x47BF, 
+	0x47C3, 0x47CB, 0x47DD, 0x47E1, 0x47ED, 0x47FB, 0x4801, 0x4807, 
+	0x480B, 0x4813, 0x4819, 0x481D, 0x4831, 0x483D, 0x4847, 0x4855, 
+	0x4859, 0x485B, 0x486B, 0x486D, 0x4879, 0x4897, 0x489B, 0x48A1, 
+	0x48B9, 0x48CD, 0x48E5, 0x48EF, 0x48F7, 0x4903, 0x490D, 0x4919, 
+	0x491F, 0x492B, 0x4937, 0x493D, 0x4945, 0x4955, 0x4963, 0x4969, 
+	0x496D, 0x4973, 0x4997, 0x49AB, 0x49B5, 0x49D3, 0x49DF, 0x49E1, 
+	0x49E5, 0x49E7, 0x4A03, 0x4A0F, 0x4A1D, 0x4A23, 0x4A39, 0x4A41, 
+	0x4A45, 0x4A57, 0x4A5D, 0x4A6B, 0x4A7D, 0x4A81, 0x4A87, 0x4A89, 
+	0x4A8F, 0x4AB1, 0x4AC3, 0x4AC5, 0x4AD5, 0x4ADB, 0x4AED, 0x4AEF, 
+	0x4B07, 0x4B0B, 0x4B0D, 0x4B13, 0x4B1F, 0x4B25, 0x4B31, 0x4B3B, 
+	0x4B43, 0x4B49, 0x4B59, 0x4B65, 0x4B6D, 0x4B77, 0x4B85, 0x4BAD, 
+	0x4BB3, 0x4BB5, 0x4BBB, 0x4BBF, 0x4BCB, 0x4BD9, 0x4BDD, 0x4BDF, 
+	0x4BE3, 0x4BE5, 0x4BE9, 0x4BF1, 0x4BF7, 0x4C01, 0x4C07, 0x4C0D, 
+	0x4C0F, 0x4C15, 0x4C1B, 0x4C21, 0x4C2D, 0x4C33, 0x4C4B, 0x4C55, 
+	0x4C57, 0x4C61, 0x4C67, 0x4C73, 0x4C79, 0x4C7F, 0x4C8D, 0x4C93, 
+	0x4C99, 0x4CCD, 0x4CE1, 0x4CE7, 0x4CF1, 0x4CF3, 0x4CFD, 0x4D05, 
+	0x4D0F, 0x4D1B, 0x4D27, 0x4D29, 0x4D2F, 0x4D33, 0x4D41, 0x4D51, 
+	0x4D59, 0x4D65, 0x4D6B, 0x4D81, 0x4D83, 0x4D8D, 0x4D95, 0x4D9B, 
+	0x4DB1, 0x4DB3, 0x4DC9, 0x4DCF, 0x4DD7, 0x4DE1, 0x4DED, 0x4DF9, 
+	0x4DFB, 0x4E05, 0x4E0B, 0x4E17, 0x4E19, 0x4E1D, 0x4E2B, 0x4E35, 
+	0x4E37, 0x4E3D, 0x4E4F, 0x4E53, 0x4E5F, 0x4E67, 0x4E79, 0x4E85, 
+	0x4E8B, 0x4E91, 0x4E95, 0x4E9B, 0x4EA1, 0x4EAF, 0x4EB3, 0x4EB5, 
+	0x4EC1, 0x4ECD, 0x4ED1, 0x4ED7, 0x4EE9, 0x4EFB, 0x4F07, 0x4F09, 
+	0x4F19, 0x4F25, 0x4F2D, 0x4F3F, 0x4F49, 0x4F63, 0x4F67, 0x4F6D, 
+	0x4F75, 0x4F7B, 0x4F81, 0x4F85, 0x4F87, 0x4F91, 0x4FA5, 0x4FA9, 
+	0x4FAF, 0x4FB7, 0x4FBB, 0x4FCF, 0x4FD9, 0x4FDB, 0x4FFD, 0x4FFF, 
+	0x5003, 0x501B, 0x501D, 0x5029, 0x5035, 0x503F, 0x5045, 0x5047, 
+	0x5053, 0x5071, 0x5077, 0x5083, 0x5093, 0x509F, 0x50A1, 0x50B7, 
+	0x50C9, 0x50D5, 0x50E3, 0x50ED, 0x50EF, 0x50FB, 0x5107, 0x510B, 
+	0x510D, 0x5111, 0x5117, 0x5123, 0x5125, 0x5135, 0x5147, 0x5149, 
+	0x5171, 0x5179, 0x5189, 0x518F, 0x5197, 0x51A1, 0x51A3, 0x51A7, 
+	0x51B9, 0x51C1, 0x51CB, 0x51D3, 0x51DF, 0x51E3, 0x51F5, 0x51F7, 
+	0x5209, 0x5213, 0x5215, 0x5219, 0x521B, 0x521F, 0x5227, 0x5243, 
+	0x5245, 0x524B, 0x5261, 0x526D, 0x5273, 0x5281, 0x5293, 0x5297, 
+	0x529D, 0x52A5, 0x52AB, 0x52B1, 0x52BB, 0x52C3, 0x52C7, 0x52C9, 
+	0x52DB, 0x52E5, 0x52EB, 0x52FF, 0x5315, 0x531D, 0x5323, 0x5341, 
+	0x5345, 0x5347, 0x534B, 0x535D, 0x5363, 0x5381, 0x5383, 0x5387, 
+	0x538F, 0x5395, 0x5399, 0x539F, 0x53AB, 0x53B9, 0x53DB, 0x53E9, 
+	0x53EF, 0x53F3, 0x53F5, 0x53FB, 0x53FF, 0x540D, 0x5411, 0x5413, 
+	0x5419, 0x5435, 0x5437, 0x543B, 0x5441, 0x5449, 0x5453, 0x5455, 
+	0x545F, 0x5461, 0x546B, 0x546D, 0x5471, 0x548F, 0x5491, 0x549D, 
+	0x54A9, 0x54B3, 0x54C5, 0x54D1, 0x54DF, 0x54E9, 0x54EB, 0x54F7, 
+	0x54FD, 0x5507, 0x550D, 0x551B, 0x5527, 0x552B, 0x5539, 0x553D, 
+	0x554F, 0x5551, 0x555B, 0x5563, 0x5567, 0x556F, 0x5579, 0x5585, 
+	0x5597, 0x55A9, 0x55B1, 0x55B7, 0x55C9, 0x55D9, 0x55E7, 0x55ED, 
+	0x55F3, 0x55FD, 0x560B, 0x560F, 0x5615, 0x5617, 0x5623, 0x562F, 
+	0x5633, 0x5639, 0x563F, 0x564B, 0x564D, 0x565D, 0x565F, 0x566B, 
+	0x5671, 0x5675, 0x5683, 0x5689, 0x568D, 0x568F, 0x569B, 0x56AD, 
+	0x56B1, 0x56D5, 0x56E7, 0x56F3, 0x56FF, 0x5701, 0x5705, 0x5707, 
+	0x570B, 0x5713, 0x571F, 0x5723, 0x5747, 0x574D, 0x575F, 0x5761, 
+	0x576D, 0x5777, 0x577D, 0x5789, 0x57A1, 0x57A9, 0x57AF, 0x57B5, 
+	0x57C5, 0x57D1, 0x57D3, 0x57E5, 0x57EF, 0x5803, 0x580D, 0x580F, 
+	0x5815, 0x5827, 0x582B, 0x582D, 0x5855, 0x585B, 0x585D, 0x586D, 
+	0x586F, 0x5873, 0x587B, 0x588D, 0x5897, 0x58A3, 0x58A9, 0x58AB, 
+	0x58B5, 0x58BD, 0x58C1, 0x58C7, 0x58D3, 0x58D5, 0x58DF, 0x58F1, 
+	0x58F9, 0x58FF, 0x5903, 0x5917, 0x591B, 0x5921, 0x5945, 0x594B, 
+	0x594D, 0x5957, 0x595D, 0x5975, 0x597B, 0x5989, 0x5999, 0x599F, 
+	0x59B1, 0x59B3, 0x59BD, 0x59D1, 0x59DB, 0x59E3, 0x59E9, 0x59ED, 
+	0x59F3, 0x59F5, 0x59FF, 0x5A01, 0x5A0D, 0x5A11, 0x5A13, 0x5A17, 
+	0x5A1F, 0x5A29, 0x5A2F, 0x5A3B, 0x5A4D, 0x5A5B, 0x5A67, 0x5A77, 
+	0x5A7F, 0x5A85, 0x5A95, 0x5A9D, 0x5AA1, 0x5AA3, 0x5AA9, 0x5ABB, 
+	0x5AD3, 0x5AE5, 0x5AEF, 0x5AFB, 0x5AFD, 0x5B01, 0x5B0F, 0x5B19, 
+	0x5B1F, 0x5B25, 0x5B2B, 0x5B3D, 0x5B49, 0x5B4B, 0x5B67, 0x5B79, 
+	0x5B87, 0x5B97, 0x5BA3, 0x5BB1, 0x5BC9, 0x5BD5, 0x5BEB, 0x5BF1, 
+	0x5BF3, 0x5BFD, 0x5C05, 0x5C09, 0x5C0B, 0x5C0F, 0x5C1D, 0x5C29, 
+	0x5C2F, 0x5C33, 0x5C39, 0x5C47, 0x5C4B, 0x5C4D, 0x5C51, 0x5C6F, 
+	0x5C75, 0x5C77, 0x5C7D, 0x5C87, 0x5C89, 0x5CA7, 0x5CBD, 0x5CBF, 
+	0x5CC3, 0x5CC9, 0x5CD1, 0x5CD7, 0x5CDD, 0x5CED, 0x5CF9, 0x5D05, 
+	0x5D0B, 0x5D13, 0x5D17, 0x5D19, 0x5D31, 0x5D3D, 0x5D41, 0x5D47, 
+	0x5D4F, 0x5D55, 0x5D5B, 0x5D65, 0x5D67, 0x5D6D, 0x5D79, 0x5D95, 
+	0x5DA3, 0x5DA9, 0x5DAD, 0x5DB9, 0x5DC1, 0x5DC7, 0x5DD3, 0x5DD7, 
+	0x5DDD, 0x5DEB, 0x5DF1, 0x5DFD, 0x5E07, 0x5E0D, 0x5E13, 0x5E1B, 
+	0x5E21, 0x5E27, 0x5E2B, 0x5E2D, 0x5E31, 0x5E39, 0x5E45, 0x5E49, 
+	0x5E57, 0x5E69, 0x5E73, 0x5E75, 0x5E85, 0x5E8B, 0x5E9F, 0x5EA5, 
+	0x5EAF, 0x5EB7, 0x5EBB, 0x5ED9, 0x5EFD, 0x5F09, 0x5F11, 0x5F27, 
+	0x5F33, 0x5F35, 0x5F3B, 0x5F47, 0x5F57, 0x5F5D, 0x5F63, 0x5F65, 
+	0x5F77, 0x5F7B, 0x5F95, 0x5F99, 0x5FA1, 0x5FB3, 0x5FBD, 0x5FC5, 
+	0x5FCF, 0x5FD5, 0x5FE3, 0x5FE7, 0x5FFB, 0x6011, 0x6023, 0x602F, 
+	0x6037, 0x6053, 0x605F, 0x6065, 0x606B, 0x6073, 0x6079, 0x6085, 
+	0x609D, 0x60AD, 0x60BB, 0x60BF, 0x60CD, 0x60D9, 0x60DF, 0x60E9, 
+	0x60F5, 0x6109, 0x610F, 0x6113, 0x611B, 0x612D, 0x6139, 0x614B, 
+	0x6155, 0x6157, 0x615B, 0x616F, 0x6179, 0x6187, 0x618B, 0x6191, 
+	0x6193, 0x619D, 0x61B5, 0x61C7, 0x61C9, 0x61CD, 0x61E1, 0x61F1, 
+	0x61FF, 0x6209, 0x6217, 0x621D, 0x6221, 0x6227, 0x623B, 0x6241, 
+	0x624B, 0x6251, 0x6253, 0x625F, 0x6265, 0x6283, 0x628D, 0x6295, 
+	0x629B, 0x629F, 0x62A5, 0x62AD, 0x62D5, 0x62D7, 0x62DB, 0x62DD, 
+	0x62E9, 0x62FB, 0x62FF, 0x6305, 0x630D, 0x6317, 0x631D, 0x632F, 
+	0x6341, 0x6343, 0x634F, 0x635F, 0x6367, 0x636D, 0x6371, 0x6377, 
+	0x637D, 0x637F, 0x63B3, 0x63C1, 0x63C5, 0x63D9, 0x63E9, 0x63EB, 
+	0x63EF, 0x63F5, 0x6401, 0x6403, 0x6409, 0x6415, 0x6421, 0x6427, 
+	0x642B, 0x6439, 0x6443, 0x6449, 0x644F, 0x645D, 0x6467, 0x6475, 
+	0x6485, 0x648D, 0x6493, 0x649F, 0x64A3, 0x64AB, 0x64C1, 0x64C7, 
+	0x64C9, 0x64DB, 0x64F1, 0x64F7, 0x64F9, 0x650B, 0x6511, 0x6521, 
+	0x652F, 0x6539, 0x653F, 0x654B, 0x654D, 0x6553, 0x6557, 0x655F, 
+	0x6571, 0x657D, 0x658D, 0x658F, 0x6593, 0x65A1, 0x65A5, 0x65AD, 
+	0x65B9, 0x65C5, 0x65E3, 0x65F3, 0x65FB, 0x65FF, 0x6601, 0x6607, 
+	0x661D, 0x6629, 0x6631, 0x663B, 0x6641, 0x6647, 0x664D, 0x665B, 
+	0x6661, 0x6673, 0x667D, 0x6689, 0x668B, 0x6695, 0x6697, 0x669B, 
+	0x66B5, 0x66B9, 0x66C5, 0x66CD, 0x66D1, 0x66E3, 0x66EB, 0x66F5, 
+	0x6703, 0x6713, 0x6719, 0x671F, 0x6727, 0x6731, 0x6737, 0x673F, 
+	0x6745, 0x6751, 0x675B, 0x676F, 0x6779, 0x6781, 0x6785, 0x6791, 
+	0x67AB, 0x67BD, 0x67C1, 0x67CD, 0x67DF, 0x67E5, 0x6803, 0x6809, 
+	0x6811, 0x6817, 0x682D, 0x6839, 0x683B, 0x683F, 0x6845, 0x684B, 
+	0x684D, 0x6857, 0x6859, 0x685D, 0x6863, 0x6869, 0x686B, 0x6871, 
+	0x6887, 0x6899, 0x689F, 0x68B1, 0x68BD, 0x68C5, 0x68D1, 0x68D7, 
+	0x68E1, 0x68ED, 0x68EF, 0x68FF, 0x6901, 0x690B, 0x690D, 0x6917, 
+	0x6929, 0x692F, 0x6943, 0x6947, 0x6949, 0x694F, 0x6965, 0x696B, 
+	0x6971, 0x6983, 0x6989, 0x6997, 0x69A3, 0x69B3, 0x69B5, 0x69BB, 
+	0x69C1, 0x69C5, 0x69D3, 0x69DF, 0x69E3, 0x69E5, 0x69F7, 0x6A07, 
+	0x6A2B, 0x6A37, 0x6A3D, 0x6A4B, 0x6A67, 0x6A69, 0x6A75, 0x6A7B, 
+	0x6A87, 0x6A8D, 0x6A91, 0x6A93, 0x6AA3, 0x6AC1, 0x6AC9, 0x6AE1, 
+	0x6AE7, 0x6B05, 0x6B0F, 0x6B11, 0x6B23, 0x6B27, 0x6B2D, 0x6B39, 
+	0x6B41, 0x6B57, 0x6B59, 0x6B5F, 0x6B75, 0x6B87, 0x6B89, 0x6B93, 
+	0x6B95, 0x6B9F, 0x6BBD, 0x6BBF, 0x6BDB, 0x6BE1, 0x6BEF, 0x6BFF, 
+	0x6C05, 0x6C19, 0x6C29, 0x6C2B, 0x6C31, 0x6C35, 0x6C55, 0x6C59, 
+	0x6C5B, 0x6C5F, 0x6C65, 0x6C67, 0x6C73, 0x6C77, 0x6C7D, 0x6C83, 
+	0x6C8F, 0x6C91, 0x6C97, 0x6C9B, 0x6CA1, 0x6CA9, 0x6CAF, 0x6CB3, 
+	0x6CC7, 0x6CCB, 0x6CEB, 0x6CF5, 0x6CFD, 0x6D0D, 0x6D0F, 0x6D25, 
+	0x6D27, 0x6D2B, 0x6D31, 0x6D39, 0x6D3F, 0x6D4F, 0x6D5D, 0x6D61, 
+	0x6D73, 0x6D7B, 0x6D7F, 0x6D93, 0x6D99, 0x6DA5, 0x6DB1, 0x6DB7, 
+	0x6DC1, 0x6DC3, 0x6DCD, 0x6DCF, 0x6DDB, 0x6DF7, 0x6E03, 0x6E15, 
+	0x6E17, 0x6E29, 0x6E33, 0x6E3B, 0x6E45, 0x6E75, 0x6E77, 0x6E7B, 
+	0x6E81, 0x6E89, 0x6E93, 0x6E95, 0x6E9F, 0x6EBD, 0x6EBF, 0x6EE3, 
+	0x6EE9, 0x6EF3, 0x6EF9, 0x6EFB, 0x6F0D, 0x6F11, 0x6F17, 0x6F1F, 
+	0x6F2F, 0x6F3D, 0x6F4D, 0x6F53, 0x6F61, 0x6F65, 0x6F79, 0x6F7D, 
+	0x6F83, 0x6F85, 0x6F8F, 0x6F9B, 0x6F9D, 0x6FA3, 0x6FAF, 0x6FB5, 
+	0x6FBB, 0x6FBF, 0x6FCB, 0x6FCD, 0x6FD3, 0x6FD7, 0x6FE3, 0x6FE9, 
+	0x6FF1, 0x6FF5, 0x6FF7, 0x6FFD, 0x700F, 0x7019, 0x701F, 0x7027, 
+	0x7033, 0x7039, 0x704F, 0x7051, 0x7057, 0x7063, 0x7075, 0x7079, 
+	0x7087, 0x708D, 0x7091, 0x70A5, 0x70AB, 0x70BB, 0x70C3, 0x70C7, 
+	0x70CF, 0x70E5, 0x70ED, 0x70F9, 0x70FF, 0x7105, 0x7115, 0x7121, 
+	0x7133, 0x7151, 0x7159, 0x715D, 0x715F, 0x7163, 0x7169, 0x7183, 
+	0x7187, 0x7195, 0x71AD, 0x71C3, 0x71C9, 0x71CB, 0x71D1, 0x71DB, 
+	0x71E1, 0x71EF, 0x71F5, 0x71FB, 0x7207, 0x7211, 0x7217, 0x7219, 
+	0x7225, 0x722F, 0x723B, 0x7243, 0x7255, 0x7267, 0x7271, 0x7277, 
+	0x727F, 0x728F, 0x7295, 0x729B, 0x72A3, 0x72B3, 0x72C7, 0x72CB, 
+	0x72CD, 0x72D7, 0x72D9, 0x72E3, 0x72EF, 0x72F5, 0x72FD, 0x7303, 
+	0x730D, 0x7321, 0x732B, 0x733D, 0x7357, 0x735B, 0x7361, 0x737F, 
+	0x7381, 0x7385, 0x738D, 0x7393, 0x739F, 0x73AB, 0x73BD, 0x73C1, 
+	0x73C9, 0x73DF, 0x73E5, 0x73E7, 0x73F3, 0x7415, 0x741B, 0x742D, 
+	0x7439, 0x743F, 0x7441, 0x745D, 0x746B, 0x747B, 0x7489, 0x748D, 
+	0x749B, 0x74A7, 0x74AB, 0x74B1, 0x74B7, 0x74B9, 0x74DD, 0x74E1, 
+	0x74E7, 0x74FB, 0x7507, 0x751F, 0x7525, 0x753B, 0x753D, 0x754D, 
+	0x755F, 0x756B, 0x7577, 0x7589, 0x758B, 0x7591, 0x7597, 0x759D, 
+	0x75A1, 0x75A7, 0x75B5, 0x75B9, 0x75BB, 0x75D1, 0x75D9, 0x75E5, 
+	0x75EB, 0x75F5, 0x75FB, 0x7603, 0x760F, 0x7621, 0x762D, 0x7633, 
+	0x763D, 0x763F, 0x7655, 0x7663, 0x7669, 0x766F, 0x7673, 0x7685, 
+	0x768B, 0x769F, 0x76B5, 0x76B7, 0x76C3, 0x76DB, 0x76DF, 0x76F1, 
+	0x7703, 0x7705, 0x771B, 0x771D, 0x7721, 0x772D, 0x7735, 0x7741, 
+	0x774B, 0x7759, 0x775D, 0x775F, 0x7771, 0x7781, 0x77A7, 0x77AD, 
+	0x77B3, 0x77B9, 0x77C5, 0x77CF, 0x77D5, 0x77E1, 0x77E9, 0x77EF, 
+	0x77F3, 0x77F9, 0x7807, 0x7825, 0x782B, 0x7835, 0x783D, 0x7853, 
+	0x7859, 0x7861, 0x786D, 0x7877, 0x7879, 0x7883, 0x7885, 0x788B, 
+	0x7895, 0x7897, 0x78A1, 0x78AD, 0x78BF, 0x78D3, 0x78D9, 0x78DD, 
+	0x78E5, 0x78FB, 0x7901, 0x7907, 0x7925, 0x792B, 0x7939, 0x793F, 
+	0x794B, 0x7957, 0x795D, 0x7967, 0x7969, 0x7973, 0x7991, 0x7993, 
+	0x79A3, 0x79AB, 0x79AF, 0x79B1, 0x79B7, 0x79C9, 0x79CD, 0x79CF, 
+	0x79D5, 0x79D9, 0x79F3, 0x79F7, 0x79FF, 0x7A05, 0x7A0F, 0x7A11, 
+	0x7A15, 0x7A1B, 0x7A23, 0x7A27, 0x7A2D, 0x7A4B, 0x7A57, 0x7A59, 
+	0x7A5F, 0x7A65, 0x7A69, 0x7A7D, 0x7A93, 0x7A9B, 0x7A9F, 0x7AA1, 
+	0x7AA5, 0x7AED, 0x7AF5, 0x7AF9, 0x7B01, 0x7B17, 0x7B19, 0x7B1D, 
+	0x7B2B, 0x7B35, 0x7B37, 0x7B3B, 0x7B4F, 0x7B55, 0x7B5F, 0x7B71, 
+	0x7B77, 0x7B8B, 0x7B9B, 0x7BA1, 0x7BA9, 0x7BAF, 0x7BB3, 0x7BC7, 
+	0x7BD3, 0x7BE9, 0x7BEB, 0x7BEF, 0x7BF1, 0x7BFD, 0x7C07, 0x7C19, 
+	0x7C1B, 0x7C31, 0x7C37, 0x7C49, 0x7C67, 0x7C69, 0x7C73, 0x7C81, 
+	0x7C8B, 0x7C93, 0x7CA3, 0x7CD5, 0x7CDB, 0x7CE5, 0x7CED, 0x7CF7, 
+	0x7D03, 0x7D09, 0x7D1B, 0x7D1D, 0x7D33, 0x7D39, 0x7D3B, 0x7D3F, 
+	0x7D45, 0x7D4D, 0x7D53, 0x7D59, 0x7D63, 0x7D75, 0x7D77, 0x7D8D, 
+	0x7D8F, 0x7D9F, 0x7DAD, 0x7DB7, 0x7DBD, 0x7DBF, 0x7DCB, 0x7DD5, 
+	0x7DE9, 0x7DED, 0x7DFB, 0x7E01, 0x7E05, 0x7E29, 0x7E2B, 0x7E2F, 
+	0x7E35, 0x7E41, 0x7E43, 0x7E47, 0x7E55, 0x7E61, 0x7E67, 0x7E6B, 
+	0x7E71, 0x7E73, 0x7E79, 0x7E7D, 0x7E91, 0x7E9B, 0x7E9D, 0x7EA7, 
+	0x7EAD, 0x7EB9, 0x7EBB, 0x7ED3, 0x7EDF, 0x7EEB, 0x7EF1, 0x7EF7, 
+	0x7EFB, 0x7F13, 0x7F15, 0x7F19, 0x7F31, 0x7F33, 0x7F39, 0x7F3D, 
+	0x7F43, 0x7F4B, 0x7F5B, 0x7F61, 0x7F63, 0x7F6D, 0x7F79, 0x7F87, 
+	0x7F8D, 0x7FAF, 0x7FB5, 0x7FC3, 0x7FC9, 0x7FCD, 0x7FCF, 0x7FED, 
+	0x8003, 0x800B, 0x800F, 0x8015, 0x801D, 0x8021, 0x8023, 0x803F, 
+	0x8041, 0x8047, 0x804B, 0x8065, 0x8077, 0x808D, 0x808F, 0x8095, 
+	0x80A5, 0x80AB, 0x80AD, 0x80BD, 0x80C9, 0x80CB, 0x80D7, 0x80DB, 
+	0x80E1, 0x80E7, 0x80F5, 0x80FF, 0x8105, 0x810D, 0x8119, 0x811D, 
+	0x812F, 0x8131, 0x813B, 0x8143, 0x8153, 0x8159, 0x815F, 0x817D, 
+	0x817F, 0x8189, 0x819B, 0x819D, 0x81A7, 0x81AF, 0x81B3, 0x81BB, 
+	0x81C7, 0x81DF, 0x8207, 0x8209, 0x8215, 0x821F, 0x8225, 0x8231, 
+	0x8233, 0x823F, 0x8243, 0x8245, 0x8249, 0x824F, 0x8261, 0x826F, 
+	0x827B, 0x8281, 0x8285, 0x8293, 0x82B1, 0x82B5, 0x82BD, 0x82C7, 
+	0x82CF, 0x82D5, 0x82DF, 0x82F1, 0x82F9, 0x82FD, 0x830B, 0x831B, 
+	0x8321, 0x8329, 0x832D, 0x8333, 0x8335, 0x833F, 0x8341, 0x834D, 
+	0x8351, 0x8353, 0x8357, 0x835D, 0x8365, 0x8369, 0x836F, 0x838F, 
+	0x83A7, 0x83B1, 0x83B9, 0x83CB, 0x83D5, 0x83D7, 0x83DD, 0x83E7, 
+	0x83E9, 0x83ED, 0x83FF, 0x8405, 0x8411, 0x8413, 0x8423, 0x8425, 
+	0x843B, 0x8441, 0x8447, 0x844F, 0x8461, 0x8465, 0x8477, 0x8483, 
+	0x848B, 0x8491, 0x8495, 0x84A9, 0x84AF, 0x84CD, 0x84E3, 0x84EF, 
+	0x84F1, 0x84F7, 0x8509, 0x850D, 0x854B, 0x854F, 0x8551, 0x855D, 
+	0x8563, 0x856D, 0x856F, 0x857B, 0x8587, 0x85A3, 0x85A5, 0x85A9, 
+	0x85B7, 0x85CD, 0x85D3, 0x85D5, 0x85DB, 0x85E1, 0x85EB, 0x85F9, 
+	0x85FD, 0x85FF, 0x8609, 0x860F, 0x8617, 0x8621, 0x862F, 0x8639, 
+	0x863F, 0x8641, 0x864D, 0x8663, 0x8675, 0x867D, 0x8687, 0x8699, 
+	0x86A5, 0x86A7, 0x86B3, 0x86B7, 0x86C3, 0x86C5, 0x86CF, 0x86D1, 
+	0x86D7, 0x86E9, 0x86EF, 0x86F5, 0x8717, 0x871D, 0x871F, 0x872B, 
+	0x872F, 0x8735, 0x8747, 0x8759, 0x875B, 0x876B, 0x8771, 0x8777, 
+	0x877F, 0x8785, 0x878F, 0x87A1, 0x87A9, 0x87B3, 0x87BB, 0x87C5, 
+	0x87C7, 0x87CB, 0x87DD, 0x87F7, 0x8803, 0x8819, 0x881B, 0x881F, 
+	0x8821, 0x8837, 0x883D, 0x8843, 0x8851, 0x8861, 0x8867, 0x887B, 
+	0x8885, 0x8891, 0x8893, 0x88A5, 0x88CF, 0x88D3, 0x88EB, 0x88ED, 
+	0x88F3, 0x88FD, 0x8909, 0x890B, 0x8911, 0x891B, 0x8923, 0x8927, 
+	0x892D, 0x8939, 0x8945, 0x894D, 0x8951, 0x8957, 0x8963, 0x8981, 
+	0x8995, 0x899B, 0x89B3, 0x89B9, 0x89C3, 0x89CF, 0x89D1, 0x89DB, 
+	0x89EF, 0x89F5, 0x89FB, 0x89FF, 0x8A0B, 0x8A19, 0x8A23, 0x8A35, 
+	0x8A41, 0x8A49, 0x8A4F, 0x8A5B, 0x8A5F, 0x8A6D, 0x8A77, 0x8A79, 
+	0x8A85, 0x8AA3, 0x8AB3, 0x8AB5, 0x8AC1, 0x8AC7, 0x8ACB, 0x8ACD, 
+	0x8AD1, 0x8AD7, 0x8AF1, 0x8AF5, 0x8B07, 0x8B09, 0x8B0D, 0x8B13, 
+	0x8B21, 0x8B57, 0x8B5D, 0x8B91, 0x8B93, 0x8BA3, 0x8BA9, 0x8BAF, 
+	0x8BBB, 0x8BD5, 0x8BD9, 0x8BDB, 0x8BE1, 0x8BF7, 0x8BFD, 0x8BFF, 
+	0x8C0B, 0x8C17, 0x8C1D, 0x8C27, 0x8C39, 0x8C3B, 0x8C47, 0x8C53, 
+	0x8C5D, 0x8C6F, 0x8C7B, 0x8C81, 0x8C89, 0x8C8F, 0x8C99, 0x8C9F, 
+	0x8CA7, 0x8CAB, 0x8CAD, 0x8CB1, 0x8CC5, 0x8CDD, 0x8CE3, 0x8CE9, 
+	0x8CF3, 0x8D01, 0x8D0B, 0x8D0D, 0x8D23, 0x8D29, 0x8D37, 0x8D41, 
+	0x8D5B, 0x8D5F, 0x8D71, 0x8D79, 0x8D85, 0x8D91, 0x8D9B, 0x8DA7, 
+	0x8DAD, 0x8DB5, 0x8DC5, 0x8DCB, 0x8DD3, 0x8DD9, 0x8DDF, 0x8DF5, 
+	0x8DF7, 0x8E01, 0x8E15, 0x8E1F, 0x8E25, 0x8E51, 0x8E63, 0x8E69, 
+	0x8E73, 0x8E75, 0x8E79, 0x8E7F, 0x8E8D, 0x8E91, 0x8EAB, 0x8EAF, 
+	0x8EB1, 0x8EBD, 0x8EC7, 0x8ECF, 0x8ED3, 0x8EDB, 0x8EE7, 0x8EEB, 
+	0x8EF7, 0x8EFF, 0x8F15, 0x8F1D, 0x8F23, 0x8F2D, 0x8F3F, 0x8F45, 
+	0x8F4B, 0x8F53, 0x8F59, 0x8F65, 0x8F69, 0x8F71, 0x8F83, 0x8F8D, 
+	0x8F99, 0x8F9F, 0x8FAB, 0x8FAD, 0x8FB3, 0x8FB7, 0x8FB9, 0x8FC9, 
+	0x8FD5, 0x8FE1, 0x8FEF, 0x8FF9, 0x9007, 0x900D, 0x9017, 0x9023, 
+	0x9025, 0x9031, 0x9037, 0x903B, 0x9041, 0x9043, 0x904F, 0x9053, 
+	0x906D, 0x9073, 0x9085, 0x908B, 0x9095, 0x909B, 0x909D, 0x90AF, 
+	0x90B9, 0x90C1, 0x90C5, 0x90DF, 0x90E9, 0x90FD, 0x9103, 0x9113, 
+	0x9127, 0x9133, 0x913D, 0x9145, 0x914F, 0x9151, 0x9161, 0x9167, 
+	0x917B, 0x9185, 0x9199, 0x919D, 0x91BB, 0x91BD, 0x91C1, 0x91C9, 
+	0x91D9, 0x91DB, 0x91ED, 0x91F1, 0x91F3, 0x91F9, 0x9203, 0x9215, 
+	0x9221, 0x922F, 0x9241, 0x9247, 0x9257, 0x926B, 0x9271, 0x9275, 
+	0x927D, 0x9283, 0x9287, 0x928D, 0x9299, 0x92A1, 0x92AB, 0x92AD, 
+	0x92B9, 0x92BF, 0x92C3, 0x92C5, 0x92CB, 0x92D5, 0x92D7, 0x92E7, 
+	0x92F3, 0x9301, 0x930B, 0x9311, 0x9319, 0x931F, 0x933B, 0x933D, 
+	0x9343, 0x9355, 0x9373, 0x9395, 0x9397, 0x93A7, 0x93B3, 0x93B5, 
+	0x93C7, 0x93D7, 0x93DD, 0x93E5, 0x93EF, 0x93F7, 0x9401, 0x9409, 
+	0x9413, 0x943F, 0x9445, 0x944B, 0x944F, 0x9463, 0x9467, 0x9469, 
+	0x946D, 0x947B, 0x9497, 0x949F, 0x94A5, 0x94B5, 0x94C3, 0x94E1, 
+	0x94E7, 0x9505, 0x9509, 0x9517, 0x9521, 0x9527, 0x952D, 0x9535, 
+	0x9539, 0x954B, 0x9557, 0x955D, 0x955F, 0x9575, 0x9581, 0x9589, 
+	0x958F, 0x959B, 0x959F, 0x95AD, 0x95B1, 0x95B7, 0x95B9, 0x95BD, 
+	0x95CF, 0x95E3, 0x95E9, 0x95F9, 0x961F, 0x962F, 0x9631, 0x9635, 
+	0x963B, 0x963D, 0x9665, 0x968F, 0x969D, 0x96A1, 0x96A7, 0x96A9, 
+	0x96C1, 0x96CB, 0x96D1, 0x96D3, 0x96E5, 0x96EF, 0x96FB, 0x96FD, 
+	0x970D, 0x970F, 0x9715, 0x9725, 0x972B, 0x9733, 0x9737, 0x9739, 
+	0x9743, 0x9749, 0x9751, 0x975B, 0x975D, 0x976F, 0x977F, 0x9787, 
+	0x9793, 0x97A5, 0x97B1, 0x97B7, 0x97C3, 0x97CD, 0x97D3, 0x97D9, 
+	0x97EB, 0x97F7, 0x9805, 0x9809, 0x980B, 0x9815, 0x9829, 0x982F, 
+	0x983B, 0x9841, 0x9851, 0x986B, 0x986F, 0x9881, 0x9883, 0x9887, 
+	0x98A7, 0x98B1, 0x98B9, 0x98BF, 0x98C3, 0x98C9, 0x98CF, 0x98DD, 
+	0x98E3, 0x98F5, 0x98F9, 0x98FB, 0x990D, 0x9917, 0x991F, 0x9929, 
+	0x9931, 0x993B, 0x993D, 0x9941, 0x9947, 0x9949, 0x9953, 0x997D, 
+	0x9985, 0x9991, 0x9995, 0x999B, 0x99AD, 0x99AF, 0x99BF, 0x99C7, 
+	0x99CB, 0x99CD, 0x99D7, 0x99E5, 0x99F1, 0x99FB, 0x9A0F, 0x9A13, 
+	0x9A1B, 0x9A25, 0x9A4B, 0x9A4F, 0x9A55, 0x9A57, 0x9A61, 0x9A75, 
+	0x9A7F, 0x9A8B, 0x9A91, 0x9A9D, 0x9AB7, 0x9AC3, 0x9AC7, 0x9ACF, 
+	0x9AEB, 0x9AF3, 0x9AF7, 0x9AFF, 0x9B17, 0x9B1D, 0x9B27, 0x9B2F, 
+	0x9B35, 0x9B45, 0x9B51, 0x9B59, 0x9B63, 0x9B6F, 0x9B77, 0x9B8D, 
+	0x9B93, 0x9B95, 0x9B9F, 0x9BA1, 0x9BA7, 0x9BB1, 0x9BB7, 0x9BBD, 
+	0x9BC5, 0x9BCB, 0x9BCF, 0x9BDD, 0x9BF9, 0x9C01, 0x9C11, 0x9C23, 
+	0x9C2B, 0x9C2F, 0x9C35, 0x9C49, 0x9C4D, 0x9C5F, 0x9C65, 0x9C67, 
+	0x9C7F, 0x9C97, 0x9C9D, 0x9CA3, 0x9CAF, 0x9CBB, 0x9CBF, 0x9CC1, 
+	0x9CD7, 0x9CD9, 0x9CE3, 0x9CE9, 0x9CF1, 0x9CFD, 0x9D01, 0x9D15, 
+	0x9D27, 0x9D2D, 0x9D31, 0x9D3D, 0x9D55, 0x9D5B, 0x9D61, 0x9D97, 
+	0x9D9F, 0x9DA5, 0x9DA9, 0x9DC3, 0x9DE7, 0x9DEB, 0x9DED, 0x9DF1, 
+	0x9E0B, 0x9E17, 0x9E23, 0x9E27, 0x9E2D, 0x9E33, 0x9E3B, 0x9E47, 
+	0x9E51, 0x9E53, 0x9E5F, 0x9E6F, 0x9E81, 0x9E87, 0x9E8F, 0x9E95, 
+	0x9EA1, 0x9EB3, 0x9EBD, 0x9EBF, 0x9EF5, 0x9EF9, 0x9EFB, 0x9F05, 
+	0x9F23, 0x9F2F, 0x9F37, 0x9F3B, 0x9F43, 0x9F53, 0x9F61, 0x9F6D, 
+	0x9F73, 0x9F77, 0x9F7D, 0x9F89, 0x9F8F, 0x9F91, 0x9F95, 0x9FA3, 
+	0x9FAF, 0x9FB3, 0x9FC1, 0x9FC7, 0x9FDF, 0x9FE5, 0x9FEB, 0x9FF5, 
+	0xA001, 0xA00D, 0xA021, 0xA033, 0xA039, 0xA03F, 0xA04F, 0xA057, 
+	0xA05B, 0xA061, 0xA075, 0xA079, 0xA099, 0xA09D, 0xA0AB, 0xA0B5, 
+	0xA0B7, 0xA0BD, 0xA0C9, 0xA0D9, 0xA0DB, 0xA0DF, 0xA0E5, 0xA0F1, 
+	0xA0F3, 0xA0FD, 0xA105, 0xA10B, 0xA10F, 0xA111, 0xA11B, 0xA129, 
+	0xA12F, 0xA135, 0xA141, 0xA153, 0xA175, 0xA17D, 0xA187, 0xA18D, 
+	0xA1A5, 0xA1AB, 0xA1AD, 0xA1B7, 0xA1C3, 0xA1C5, 0xA1E3, 0xA1ED, 
+	0xA1FB, 0xA207, 0xA213, 0xA223, 0xA229, 0xA22F, 0xA231, 0xA243, 
+	0xA247, 0xA24D, 0xA26B, 0xA279, 0xA27D, 0xA283, 0xA289, 0xA28B, 
+	0xA291, 0xA295, 0xA29B, 0xA2A9, 0xA2AF, 0xA2B3, 0xA2BB, 0xA2C5, 
+	0xA2D1, 0xA2D7, 0xA2F7, 0xA301, 0xA309, 0xA31F, 0xA321, 0xA32B, 
+	0xA331, 0xA349, 0xA351, 0xA355, 0xA373, 0xA379, 0xA37B, 0xA387, 
+	0xA397, 0xA39F, 0xA3A5, 0xA3A9, 0xA3AF, 0xA3B7, 0xA3C7, 0xA3D5, 
+	0xA3DB, 0xA3E1, 0xA3E5, 0xA3E7, 0xA3F1, 0xA3FD, 0xA3FF, 0xA40F, 
+	0xA41D, 0xA421, 0xA423, 0xA427, 0xA43B, 0xA44D, 0xA457, 0xA459, 
+	0xA463, 0xA469, 0xA475, 0xA493, 0xA49B, 0xA4AD, 0xA4B9, 0xA4C3, 
+	0xA4C5, 0xA4CB, 0xA4D1, 0xA4D5, 0xA4E1, 0xA4ED, 0xA4EF, 0xA4F3, 
+	0xA4FF, 0xA511, 0xA529, 0xA52B, 0xA535, 0xA53B, 0xA543, 0xA553, 
+	0xA55B, 0xA561, 0xA56D, 0xA577, 0xA585, 0xA58B, 0xA597, 0xA59D, 
+	0xA5A3, 0xA5A7, 0xA5A9, 0xA5C1, 0xA5C5, 0xA5CB, 0xA5D3, 0xA5D9, 
+	0xA5DD, 0xA5DF, 0xA5E3, 0xA5E9, 0xA5F7, 0xA5FB, 0xA603, 0xA60D, 
+	0xA625, 0xA63D, 0xA649, 0xA64B, 0xA651, 0xA65D, 0xA673, 0xA691, 
+	0xA693, 0xA699, 0xA6AB, 0xA6B5, 0xA6BB, 0xA6C1, 0xA6C9, 0xA6CD, 
+	0xA6CF, 0xA6D5, 0xA6DF, 0xA6E7, 0xA6F1, 0xA6F7, 0xA6FF, 0xA70F, 
+	0xA715, 0xA723, 0xA729, 0xA72D, 0xA745, 0xA74D, 0xA757, 0xA759, 
+	0xA765, 0xA76B, 0xA76F, 0xA793, 0xA795, 0xA7AB, 0xA7B1, 0xA7B9, 
+	0xA7BF, 0xA7C9, 0xA7D1, 0xA7D7, 0xA7E3, 0xA7ED, 0xA7FB, 0xA805, 
+	0xA80B, 0xA81D, 0xA829, 0xA82B, 0xA837, 0xA83B, 0xA855, 0xA85F, 
+	0xA86D, 0xA87D, 0xA88F, 0xA897, 0xA8A9, 0xA8B5, 0xA8C1, 0xA8C7, 
+	0xA8D7, 0xA8E5, 0xA8FD, 0xA907, 0xA913, 0xA91B, 0xA931, 0xA937, 
+	0xA939, 0xA943, 0xA97F, 0xA985, 0xA987, 0xA98B, 0xA993, 0xA9A3, 
+	0xA9B1, 0xA9BB, 0xA9C1, 0xA9D9, 0xA9DF, 0xA9EB, 0xA9FD, 0xAA15, 
+	0xAA17, 0xAA35, 0xAA39, 0xAA3B, 0xAA47, 0xAA4D, 0xAA57, 0xAA59, 
+	0xAA5D, 0xAA6B, 0xAA71, 0xAA81, 0xAA83, 0xAA8D, 0xAA95, 0xAAAB, 
+	0xAABF, 0xAAC5, 0xAAC9, 0xAAE9, 0xAAEF, 0xAB01, 0xAB05, 0xAB07, 
+	0xAB0B, 0xAB0D, 0xAB11, 0xAB19, 0xAB4D, 0xAB5B, 0xAB71, 0xAB73, 
+	0xAB89, 0xAB9D, 0xABA7, 0xABAF, 0xABB9, 0xABBB, 0xABC1, 0xABC5, 
+	0xABD3, 0xABD7, 0xABDD, 0xABF1, 0xABF5, 0xABFB, 0xABFD, 0xAC09, 
+	0xAC15, 0xAC1B, 0xAC27, 0xAC37, 0xAC39, 0xAC45, 0xAC4F, 0xAC57, 
+	0xAC5B, 0xAC61, 0xAC63, 0xAC7F, 0xAC8B, 0xAC93, 0xAC9D, 0xACA9, 
+	0xACAB, 0xACAF, 0xACBD, 0xACD9, 0xACE1, 0xACE7, 0xACEB, 0xACED, 
+	0xACF1, 0xACF7, 0xACF9, 0xAD05, 0xAD3F, 0xAD45, 0xAD53, 0xAD5D, 
+	0xAD5F, 0xAD65, 0xAD81, 0xADA1, 0xADA5, 0xADC3, 0xADCB, 0xADD1, 
+	0xADD5, 0xADDB, 0xADE7, 0xADF3, 0xADF5, 0xADF9, 0xADFF, 0xAE05, 
+	0xAE13, 0xAE23, 0xAE2B, 0xAE49, 0xAE4D, 0xAE4F, 0xAE59, 0xAE61, 
+	0xAE67, 0xAE6B, 0xAE71, 0xAE8B, 0xAE8F, 0xAE9B, 0xAE9D, 0xAEA7, 
+	0xAEB9, 0xAEC5, 0xAED1, 0xAEE3, 0xAEE5, 0xAEE9, 0xAEF5, 0xAEFD, 
+	0xAF09, 0xAF13, 0xAF27, 0xAF2B, 0xAF33, 0xAF43, 0xAF4F, 0xAF57, 
+	0xAF5D, 0xAF6D, 0xAF75, 0xAF7F, 0xAF8B, 0xAF99, 0xAF9F, 0xAFA3, 
+	0xAFAB, 0xAFB7, 0xAFBB, 0xAFCF, 0xAFD5, 0xAFFD, 0xB005, 0xB015, 
+	0xB01B, 0xB03F, 0xB041, 0xB047, 0xB04B, 0xB051, 0xB053, 0xB069, 
+	0xB07B, 0xB07D, 0xB087, 0xB08D, 0xB0B1, 0xB0BF, 0xB0CB, 0xB0CF, 
+	0xB0E1, 0xB0E9, 0xB0ED, 0xB0FB, 0xB105, 0xB107, 0xB111, 0xB119, 
+	0xB11D, 0xB11F, 0xB131, 0xB141, 0xB14D, 0xB15B, 0xB165, 0xB173, 
+	0xB179, 0xB17F, 0xB1A9, 0xB1B3, 0xB1B9, 0xB1BF, 0xB1D3, 0xB1DD, 
+	0xB1E5, 0xB1F1, 0xB1F5, 0xB201, 0xB213, 0xB215, 0xB21F, 0xB22D, 
+	0xB23F, 0xB249, 0xB25B, 0xB263, 0xB269, 0xB26D, 0xB27B, 0xB281, 
+	0xB28B, 0xB2A9, 0xB2B7, 0xB2BD, 0xB2C3, 0xB2C7, 0xB2D3, 0xB2F9, 
+	0xB2FD, 0xB2FF, 0xB303, 0xB309, 0xB311, 0xB31D, 0xB327, 0xB32D, 
+	0xB33F, 0xB345, 0xB377, 0xB37D, 0xB381, 0xB387, 0xB393, 0xB39B, 
+	0xB3A5, 0xB3C5, 0xB3CB, 0xB3E1, 0xB3E3, 0xB3ED, 0xB3F9, 0xB40B, 
+	0xB40D, 0xB413, 0xB417, 0xB435, 0xB43D, 0xB443, 0xB449, 0xB45B, 
+	0xB465, 0xB467, 0xB46B, 0xB477, 0xB48B, 0xB495, 0xB49D, 0xB4B5, 
+	0xB4BF, 0xB4C1, 0xB4C7, 0xB4DD, 0xB4E3, 0xB4E5, 0xB4F7, 0xB501, 
+	0xB50D, 0xB50F, 0xB52D, 0xB53F, 0xB54B, 0xB567, 0xB569, 0xB56F, 
+	0xB573, 0xB579, 0xB587, 0xB58D, 0xB599, 0xB5A3, 0xB5AB, 0xB5AF, 
+	0xB5BB, 0xB5D5, 0xB5DF, 0xB5E7, 0xB5ED, 0xB5FD, 0xB5FF, 0xB609, 
+	0xB61B, 0xB629, 0xB62F, 0xB633, 0xB639, 0xB647, 0xB657, 0xB659, 
+	0xB65F, 0xB663, 0xB66F, 0xB683, 0xB687, 0xB69B, 0xB69F, 0xB6A5, 
+	0xB6B1, 0xB6B3, 0xB6D7, 0xB6DB, 0xB6E1, 0xB6E3, 0xB6ED, 0xB6EF, 
+	0xB705, 0xB70D, 0xB713, 0xB71D, 0xB729, 0xB735, 0xB747, 0xB755, 
+	0xB76D, 0xB791, 0xB795, 0xB7A9, 0xB7C1, 0xB7CB, 0xB7D1, 0xB7D3, 
+	0xB7EF, 0xB7F5, 0xB807, 0xB80F, 0xB813, 0xB819, 0xB821, 0xB827, 
+	0xB82B, 0xB82D, 0xB839, 0xB855, 0xB867, 0xB875, 0xB885, 0xB893, 
+	0xB8A5, 0xB8AF, 0xB8B7, 0xB8BD, 0xB8C1, 0xB8C7, 0xB8CD, 0xB8D5, 
+	0xB8EB, 0xB8F7, 0xB8F9, 0xB903, 0xB915, 0xB91B, 0xB91D, 0xB92F, 
+	0xB939, 0xB93B, 0xB947, 0xB951, 0xB963, 0xB983, 0xB989, 0xB98D, 
+	0xB993, 0xB999, 0xB9A1, 0xB9A7, 0xB9AD, 0xB9B7, 0xB9CB, 0xB9D1, 
+	0xB9DD, 0xB9E7, 0xB9EF, 0xB9F9, 0xBA07, 0xBA0D, 0xBA17, 0xBA25, 
+	0xBA29, 0xBA2B, 0xBA41, 0xBA53, 0xBA55, 0xBA5F, 0xBA61, 0xBA65, 
+	0xBA79, 0xBA7D, 0xBA7F, 0xBAA1, 0xBAA3, 0xBAAF, 0xBAB5, 0xBABF, 
+	0xBAC1, 0xBACB, 0xBADD, 0xBAE3, 0xBAF1, 0xBAFD, 0xBB09, 0xBB1F, 
+	0xBB27, 0xBB2D, 0xBB3D, 0xBB43, 0xBB4B, 0xBB4F, 0xBB5B, 0xBB61, 
+	0xBB69, 0xBB6D, 0xBB91, 0xBB97, 0xBB9D, 0xBBB1, 0xBBC9, 0xBBCF, 
+	0xBBDB, 0xBBED, 0xBBF7, 0xBBF9, 0xBC03, 0xBC1D, 0xBC23, 0xBC33, 
+	0xBC3B, 0xBC41, 0xBC45, 0xBC5D, 0xBC6F, 0xBC77, 0xBC83, 0xBC8F, 
+	0xBC99, 0xBCAB, 0xBCB7, 0xBCB9, 0xBCD1, 0xBCD5, 0xBCE1, 0xBCF3, 
+	0xBCFF, 0xBD0D, 0xBD17, 0xBD19, 0xBD1D, 0xBD35, 0xBD41, 0xBD4F, 
+	0xBD59, 0xBD5F, 0xBD61, 0xBD67, 0xBD6B, 0xBD71, 0xBD8B, 0xBD8F, 
+	0xBD95, 0xBD9B, 0xBD9D, 0xBDB3, 0xBDBB, 0xBDCD, 0xBDD1, 0xBDE3, 
+	0xBDEB, 0xBDEF, 0xBE07, 0xBE09, 0xBE15, 0xBE21, 0xBE25, 0xBE27, 
+	0xBE5B, 0xBE5D, 0xBE6F, 0xBE75, 0xBE79, 0xBE7F, 0xBE8B, 0xBE8D, 
+	0xBE93, 0xBE9F, 0xBEA9, 0xBEB1, 0xBEB5, 0xBEB7, 0xBECF, 0xBED9, 
+	0xBEDB, 0xBEE5, 0xBEE7, 0xBEF3, 0xBEF9, 0xBF0B, 0xBF33, 0xBF39, 
+	0xBF4D, 0xBF5D, 0xBF5F, 0xBF6B, 0xBF71, 0xBF7B, 0xBF87, 0xBF89, 
+	0xBF8D, 0xBF93, 0xBFA1, 0xBFAD, 0xBFB9, 0xBFCF, 0xBFD5, 0xBFDD, 
+	0xBFE1, 0xBFE3, 0xBFF3, 0xC005, 0xC011, 0xC013, 0xC019, 0xC029, 
+	0xC02F, 0xC031, 0xC037, 0xC03B, 0xC047, 0xC065, 0xC06D, 0xC07D, 
+	0xC07F, 0xC091, 0xC09B, 0xC0B3, 0xC0B5, 0xC0BB, 0xC0D3, 0xC0D7, 
+	0xC0D9, 0xC0EF, 0xC0F1, 0xC101, 0xC103, 0xC109, 0xC115, 0xC119, 
+	0xC12B, 0xC133, 0xC137, 0xC145, 0xC149, 0xC15B, 0xC173, 0xC179, 
+	0xC17B, 0xC181, 0xC18B, 0xC18D, 0xC197, 0xC1BD, 0xC1C3, 0xC1CD, 
+	0xC1DB, 0xC1E1, 0xC1E7, 0xC1FF, 0xC203, 0xC205, 0xC211, 0xC221, 
+	0xC22F, 0xC23F, 0xC24B, 0xC24D, 0xC253, 0xC25D, 0xC277, 0xC27B, 
+	0xC27D, 0xC289, 0xC28F, 0xC293, 0xC29F, 0xC2A7, 0xC2B3, 0xC2BD, 
+	0xC2CF, 0xC2D5, 0xC2E3, 0xC2FF, 0xC301, 0xC307, 0xC311, 0xC313, 
+	0xC317, 0xC325, 0xC347, 0xC349, 0xC34F, 0xC365, 0xC367, 0xC371, 
+	0xC37F, 0xC383, 0xC385, 0xC395, 0xC39D, 0xC3A7, 0xC3AD, 0xC3B5, 
+	0xC3BF, 0xC3C7, 0xC3CB, 0xC3D1, 0xC3D3, 0xC3E3, 0xC3E9, 0xC3EF, 
+	0xC401, 0xC41F, 0xC42D, 0xC433, 0xC437, 0xC455, 0xC457, 0xC461, 
+	0xC46F, 0xC473, 0xC487, 0xC491, 0xC499, 0xC49D, 0xC4A5, 0xC4B7, 
+	0xC4BB, 0xC4C9, 0xC4CF, 0xC4D3, 0xC4EB, 0xC4F1, 0xC4F7, 0xC509, 
+	0xC51B, 0xC51D, 0xC541, 0xC547, 0xC551, 0xC55F, 0xC56B, 0xC56F, 
+	0xC575, 0xC577, 0xC595, 0xC59B, 0xC59F, 0xC5A1, 0xC5A7, 0xC5C3, 
+	0xC5D7, 0xC5DB, 0xC5EF, 0xC5FB, 0xC613, 0xC623, 0xC635, 0xC641, 
+	0xC64F, 0xC655, 0xC659, 0xC665, 0xC685, 0xC691, 0xC697, 0xC6A1, 
+	0xC6A9, 0xC6B3, 0xC6B9, 0xC6CB, 0xC6CD, 0xC6DD, 0xC6EB, 0xC6F1, 
+	0xC707, 0xC70D, 0xC719, 0xC71B, 0xC72D, 0xC731, 0xC739, 0xC757, 
+	0xC763, 0xC767, 0xC773, 0xC775, 0xC77F, 0xC7A5, 0xC7BB, 0xC7BD, 
+	0xC7C1, 0xC7CF, 0xC7D5, 0xC7E1, 0xC7F9, 0xC7FD, 0xC7FF, 0xC803, 
+	0xC811, 0xC81D, 0xC827, 0xC829, 0xC839, 0xC83F, 0xC853, 0xC857, 
+	0xC86B, 0xC881, 0xC88D, 0xC88F, 0xC893, 0xC895, 0xC8A1, 0xC8B7, 
+	0xC8CF, 0xC8D5, 0xC8DB, 0xC8DD, 0xC8E3, 0xC8E7, 0xC8ED, 0xC8EF, 
+	0xC8F9, 0xC905, 0xC911, 0xC917, 0xC919, 0xC91F, 0xC92F, 0xC937, 
+	0xC93D, 0xC941, 0xC953, 0xC95F, 0xC96B, 0xC979, 0xC97D, 0xC989, 
+	0xC98F, 0xC997, 0xC99D, 0xC9AF, 0xC9B5, 0xC9BF, 0xC9CB, 0xC9D9, 
+	0xC9DF, 0xC9E3, 0xC9EB, 0xCA01, 0xCA07, 0xCA09, 0xCA25, 0xCA37, 
+	0xCA39, 0xCA4B, 0xCA55, 0xCA5B, 0xCA69, 0xCA73, 0xCA75, 0xCA7F, 
+	0xCA8D, 0xCA93, 0xCA9D, 0xCA9F, 0xCAB5, 0xCABB, 0xCAC3, 0xCAC9, 
+	0xCAD9, 0xCAE5, 0xCAED, 0xCB03, 0xCB05, 0xCB09, 0xCB17, 0xCB29, 
+	0xCB35, 0xCB3B, 0xCB53, 0xCB59, 0xCB63, 0xCB65, 0xCB71, 0xCB87, 
+	0xCB99, 0xCB9F, 0xCBB3, 0xCBB9, 0xCBC3, 0xCBD1, 0xCBD5, 0xCBD7, 
+	0xCBDD, 0xCBE9, 0xCBFF, 0xCC0D, 0xCC19, 0xCC1D, 0xCC23, 0xCC2B, 
+	0xCC41, 0xCC43, 0xCC4D, 0xCC59, 0xCC61, 0xCC89, 0xCC8B, 0xCC91, 
+	0xCC9B, 0xCCA3, 0xCCA7, 0xCCD1, 0xCCE5, 0xCCE9, 0xCD09, 0xCD15, 
+	0xCD1F, 0xCD25, 0xCD31, 0xCD3D, 0xCD3F, 0xCD49, 0xCD51, 0xCD57, 
+	0xCD5B, 0xCD63, 0xCD67, 0xCD81, 0xCD93, 0xCD97, 0xCD9F, 0xCDBB, 
+	0xCDC1, 0xCDD3, 0xCDD9, 0xCDE5, 0xCDE7, 0xCDF1, 0xCDF7, 0xCDFD, 
+	0xCE0B, 0xCE15, 0xCE21, 0xCE2F, 0xCE47, 0xCE4D, 0xCE51, 0xCE65, 
+	0xCE7B, 0xCE7D, 0xCE8F, 0xCE93, 0xCE99, 0xCEA5, 0xCEA7, 0xCEB7, 
+	0xCEC9, 0xCED7, 0xCEDD, 0xCEE3, 0xCEE7, 0xCEED, 0xCEF5, 0xCF07, 
+	0xCF0B, 0xCF19, 0xCF37, 0xCF3B, 0xCF4D, 0xCF55, 0xCF5F, 0xCF61, 
+	0xCF65, 0xCF6D, 0xCF79, 0xCF7D, 0xCF89, 0xCF9B, 0xCF9D, 0xCFA9, 
+	0xCFB3, 0xCFB5, 0xCFC5, 0xCFCD, 0xCFD1, 0xCFEF, 0xCFF1, 0xCFF7, 
+	0xD013, 0xD015, 0xD01F, 0xD021, 0xD033, 0xD03D, 0xD04B, 0xD04F, 
+	0xD069, 0xD06F, 0xD081, 0xD085, 0xD099, 0xD09F, 0xD0A3, 0xD0AB, 
+	0xD0BD, 0xD0C1, 0xD0CD, 0xD0E7, 0xD0FF, 0xD103, 0xD117, 0xD12D, 
+	0xD12F, 0xD141, 0xD157, 0xD159, 0xD15D, 0xD169, 0xD16B, 0xD171, 
+	0xD177, 0xD17D, 0xD181, 0xD187, 0xD195, 0xD199, 0xD1B1, 0xD1BD, 
+	0xD1C3, 0xD1D5, 0xD1D7, 0xD1E3, 0xD1FF, 0xD20D, 0xD211, 0xD217, 
+	0xD21F, 0xD235, 0xD23B, 0xD247, 0xD259, 0xD261, 0xD265, 0xD279, 
+	0xD27F, 0xD283, 0xD289, 0xD28B, 0xD29D, 0xD2A3, 0xD2A7, 0xD2B3, 
+	0xD2BF, 0xD2C7, 0xD2E3, 0xD2E9, 0xD2F1, 0xD2FB, 0xD2FD, 0xD315, 
+	0xD321, 0xD32B, 0xD343, 0xD34B, 0xD355, 0xD369, 0xD375, 0xD37B, 
+	0xD387, 0xD393, 0xD397, 0xD3A5, 0xD3B1, 0xD3C9, 0xD3EB, 0xD3FD, 
+	0xD405, 0xD40F, 0xD415, 0xD427, 0xD42F, 0xD433, 0xD43B, 0xD44B, 
+	0xD459, 0xD45F, 0xD463, 0xD469, 0xD481, 0xD483, 0xD489, 0xD48D, 
+	0xD493, 0xD495, 0xD4A5, 0xD4AB, 0xD4B1, 0xD4C5, 0xD4DD, 0xD4E1, 
+	0xD4E3, 0xD4E7, 0xD4F5, 0xD4F9, 0xD50B, 0xD50D, 0xD513, 0xD51F, 
+	0xD523, 0xD531, 0xD535, 0xD537, 0xD549, 0xD559, 0xD55F, 0xD565, 
+	0xD567, 0xD577, 0xD58B, 0xD591, 0xD597, 0xD5B5, 0xD5B9, 0xD5C1, 
+	0xD5C7, 0xD5DF, 0xD5EF, 0xD5F5, 0xD5FB, 0xD603, 0xD60F, 0xD62D, 
+	0xD631, 0xD643, 0xD655, 0xD65D, 0xD661, 0xD67B, 0xD685, 0xD687, 
+	0xD69D, 0xD6A5, 0xD6AF, 0xD6BD, 0xD6C3, 0xD6C7, 0xD6D9, 0xD6E1, 
+	0xD6ED, 0xD709, 0xD70B, 0xD711, 0xD715, 0xD721, 0xD727, 0xD73F, 
+	0xD745, 0xD74D, 0xD757, 0xD76B, 0xD77B, 0xD783, 0xD7A1, 0xD7A7, 
+	0xD7AD, 0xD7B1, 0xD7B3, 0xD7BD, 0xD7CB, 0xD7D1, 0xD7DB, 0xD7FB, 
+	0xD811, 0xD823, 0xD825, 0xD829, 0xD82B, 0xD82F, 0xD837, 0xD84D, 
+	0xD855, 0xD867, 0xD873, 0xD88F, 0xD891, 0xD8A1, 0xD8AD, 0xD8BF, 
+	0xD8CD, 0xD8D7, 0xD8E9, 0xD8F5, 0xD8FB, 0xD91B, 0xD925, 0xD933, 
+	0xD939, 0xD943, 0xD945, 0xD94F, 0xD951, 0xD957, 0xD96D, 0xD96F, 
+	0xD973, 0xD979, 0xD981, 0xD98B, 0xD991, 0xD99F, 0xD9A5, 0xD9A9, 
+	0xD9B5, 0xD9D3, 0xD9EB, 0xD9F1, 0xD9F7, 0xD9FF, 0xDA05, 0xDA09, 
+	0xDA0B, 0xDA0F, 0xDA15, 0xDA1D, 0xDA23, 0xDA29, 0xDA3F, 0xDA51, 
+	0xDA59, 0xDA5D, 0xDA5F, 0xDA71, 0xDA77, 0xDA7B, 0xDA7D, 0xDA8D, 
+	0xDA9F, 0xDAB3, 0xDABD, 0xDAC3, 0xDAC9, 0xDAE7, 0xDAE9, 0xDAF5, 
+	0xDB11, 0xDB17, 0xDB1D, 0xDB23, 0xDB25, 0xDB31, 0xDB3B, 0xDB43, 
+	0xDB55, 0xDB67, 0xDB6B, 0xDB73, 0xDB85, 0xDB8F, 0xDB91, 0xDBAD, 
+	0xDBAF, 0xDBB9, 0xDBC7, 0xDBCB, 0xDBCD, 0xDBEB, 0xDBF7, 0xDC0D, 
+	0xDC27, 0xDC31, 0xDC39, 0xDC3F, 0xDC49, 0xDC51, 0xDC61, 0xDC6F, 
+	0xDC75, 0xDC7B, 0xDC85, 0xDC93, 0xDC99, 0xDC9D, 0xDC9F, 0xDCA9, 
+	0xDCB5, 0xDCB7, 0xDCBD, 0xDCC7, 0xDCCF, 0xDCD3, 0xDCD5, 0xDCDF, 
+	0xDCF9, 0xDD0F, 0xDD15, 0xDD17, 0xDD23, 0xDD35, 0xDD39, 0xDD53, 
+	0xDD57, 0xDD5F, 0xDD69, 0xDD6F, 0xDD7D, 0xDD87, 0xDD89, 0xDD9B, 
+	0xDDA1, 0xDDAB, 0xDDBF, 0xDDC5, 0xDDCB, 0xDDCF, 0xDDE7, 0xDDE9, 
+	0xDDED, 0xDDF5, 0xDDFB, 0xDE0B, 0xDE19, 0xDE29, 0xDE3B, 0xDE3D, 
+	0xDE41, 0xDE4D, 0xDE4F, 0xDE59, 0xDE5B, 0xDE61, 0xDE6D, 0xDE77, 
+	0xDE7D, 0xDE83, 0xDE97, 0xDE9D, 0xDEA1, 0xDEA7, 0xDECD, 0xDED1, 
+	0xDED7, 0xDEE3, 0xDEF1, 0xDEF5, 0xDF01, 0xDF09, 0xDF13, 0xDF1F, 
+	0xDF2B, 0xDF33, 0xDF37, 0xDF3D, 0xDF4B, 0xDF55, 0xDF5B, 0xDF67, 
+	0xDF69, 0xDF73, 0xDF85, 0xDF87, 0xDF99, 0xDFA3, 0xDFAB, 0xDFB5, 
+	0xDFB7, 0xDFC3, 0xDFC7, 0xDFD5, 0xDFF1, 0xDFF3, 0xE003, 0xE005, 
+	0xE017, 0xE01D, 0xE027, 0xE02D, 0xE035, 0xE045, 0xE053, 0xE071, 
+	0xE07B, 0xE08F, 0xE095, 0xE09F, 0xE0B7, 0xE0B9, 0xE0D5, 0xE0D7, 
+	0xE0E3, 0xE0F3, 0xE0F9, 0xE101, 0xE125, 0xE129, 0xE131, 0xE135, 
+	0xE143, 0xE14F, 0xE159, 0xE161, 0xE16D, 0xE171, 0xE177, 0xE17F, 
+	0xE183, 0xE189, 0xE197, 0xE1AD, 0xE1B5, 0xE1BB, 0xE1BF, 0xE1C1, 
+	0xE1CB, 0xE1D1, 0xE1E5, 0xE1EF, 0xE1F7, 0xE1FD, 0xE203, 0xE219, 
+	0xE22B, 0xE22D, 0xE23D, 0xE243, 0xE257, 0xE25B, 0xE275, 0xE279, 
+	0xE287, 0xE29D, 0xE2AB, 0xE2AF, 0xE2BB, 0xE2C1, 0xE2C9, 0xE2CD, 
+	0xE2D3, 0xE2D9, 0xE2F3, 0xE2FD, 0xE2FF, 0xE311, 0xE323, 0xE327, 
+	0xE329, 0xE339, 0xE33B, 0xE34D, 0xE351, 0xE357, 0xE35F, 0xE363, 
+	0xE369, 0xE375, 0xE377, 0xE37D, 0xE383, 0xE39F, 0xE3C5, 0xE3C9, 
+	0xE3D1, 0xE3E1, 0xE3FB, 0xE3FF, 0xE401, 0xE40B, 0xE417, 0xE419, 
+	0xE423, 0xE42B, 0xE431, 0xE43B, 0xE447, 0xE449, 0xE453, 0xE455, 
+	0xE46D, 0xE471, 0xE48F, 0xE4A9, 0xE4AF, 0xE4B5, 0xE4C7, 0xE4CD, 
+	0xE4D3, 0xE4E9, 0xE4EB, 0xE4F5, 0xE507, 0xE521, 0xE525, 0xE537, 
+	0xE53F, 0xE545, 0xE54B, 0xE557, 0xE567, 0xE56D, 0xE575, 0xE585, 
+	0xE58B, 0xE593, 0xE5A3, 0xE5A5, 0xE5CF, 0xE609, 0xE611, 0xE615, 
+	0xE61B, 0xE61D, 0xE621, 0xE629, 0xE639, 0xE63F, 0xE653, 0xE657, 
+	0xE663, 0xE66F, 0xE675, 0xE681, 0xE683, 0xE68D, 0xE68F, 0xE695, 
+	0xE6AB, 0xE6AD, 0xE6B7, 0xE6BD, 0xE6C5, 0xE6CB, 0xE6D5, 0xE6E3, 
+	0xE6E9, 0xE6EF, 0xE6F3, 0xE705, 0xE70D, 0xE717, 0xE71F, 0xE72F, 
+	0xE73D, 0xE747, 0xE749, 0xE753, 0xE755, 0xE761, 0xE767, 0xE76B, 
+	0xE77F, 0xE789, 0xE791, 0xE7C5, 0xE7CD, 0xE7D7, 0xE7DD, 0xE7DF, 
+	0xE7E9, 0xE7F1, 0xE7FB, 0xE801, 0xE807, 0xE80F, 0xE819, 0xE81B, 
+	0xE831, 0xE833, 0xE837, 0xE83D, 0xE84B, 0xE84F, 0xE851, 0xE869, 
+	0xE875, 0xE879, 0xE893, 0xE8A5, 0xE8A9, 0xE8AF, 0xE8BD, 0xE8DB, 
+	0xE8E1, 0xE8E5, 0xE8EB, 0xE8ED, 0xE903, 0xE90B, 0xE90F, 0xE915, 
+	0xE917, 0xE92D, 0xE933, 0xE93B, 0xE94B, 0xE951, 0xE95F, 0xE963, 
+	0xE969, 0xE97B, 0xE983, 0xE98F, 0xE995, 0xE9A1, 0xE9B9, 0xE9D7, 
+	0xE9E7, 0xE9EF, 0xEA11, 0xEA19, 0xEA2F, 0xEA35, 0xEA43, 0xEA4D, 
+	0xEA5F, 0xEA6D, 0xEA71, 0xEA7D, 0xEA85, 0xEA89, 0xEAAD, 0xEAB3, 
+	0xEAB9, 0xEABB, 0xEAC5, 0xEAC7, 0xEACB, 0xEADF, 0xEAE5, 0xEAEB, 
+	0xEAF5, 0xEB01, 0xEB07, 0xEB09, 0xEB31, 0xEB39, 0xEB3F, 0xEB5B, 
+	0xEB61, 0xEB63, 0xEB6F, 0xEB81, 0xEB85, 0xEB9D, 0xEBAB, 0xEBB1, 
+	0xEBB7, 0xEBC1, 0xEBD5, 0xEBDF, 0xEBED, 0xEBFD, 0xEC0B, 0xEC1B, 
+	0xEC21, 0xEC29, 0xEC4D, 0xEC51, 0xEC5D, 0xEC69, 0xEC6F, 0xEC7B, 
+	0xECAD, 0xECB9, 0xECBF, 0xECC3, 0xECC9, 0xECCF, 0xECD7, 0xECDD, 
+	0xECE7, 0xECE9, 0xECF3, 0xECF5, 0xED07, 0xED11, 0xED1F, 0xED2F, 
+	0xED37, 0xED3D, 0xED41, 0xED55, 0xED59, 0xED5B, 0xED65, 0xED6B, 
+	0xED79, 0xED8B, 0xED95, 0xEDBB, 0xEDC5, 0xEDD7, 0xEDD9, 0xEDE3, 
+	0xEDE5, 0xEDF1, 0xEDF5, 0xEDF7, 0xEDFB, 0xEE09, 0xEE0F, 0xEE19, 
+	0xEE21, 0xEE49, 0xEE4F, 0xEE63, 0xEE67, 0xEE73, 0xEE7B, 0xEE81, 
+	0xEEA3, 0xEEAB, 0xEEC1, 0xEEC9, 0xEED5, 0xEEDF, 0xEEE1, 0xEEF1, 
+	0xEF1B, 0xEF27, 0xEF2F, 0xEF45, 0xEF4D, 0xEF63, 0xEF6B, 0xEF71, 
+	0xEF93, 0xEF95, 0xEF9B, 0xEF9F, 0xEFAD, 0xEFB3, 0xEFC3, 0xEFC5, 
+	0xEFDB, 0xEFE1, 0xEFE9, 0xF001, 0xF017, 0xF01D, 0xF01F, 0xF02B, 
+	0xF02F, 0xF035, 0xF043, 0xF047, 0xF04F, 0xF067, 0xF06B, 0xF071, 
+	0xF077, 0xF079, 0xF08F, 0xF0A3, 0xF0A9, 0xF0AD, 0xF0BB, 0xF0BF, 
+	0xF0C5, 0xF0CB, 0xF0D3, 0xF0D9, 0xF0E3, 0xF0E9, 0xF0F1, 0xF0F7, 
+	0xF107, 0xF115, 0xF11B, 0xF121, 0xF137, 0xF13D, 0xF155, 0xF175, 
+	0xF17B, 0xF18D, 0xF193, 0xF1A5, 0xF1AF, 0xF1B7, 0xF1D5, 0xF1E7, 
+	0xF1ED, 0xF1FD, 0xF209, 0xF20F, 0xF21B, 0xF21D, 0xF223, 0xF227, 
+	0xF233, 0xF23B, 0xF241, 0xF257, 0xF25F, 0xF265, 0xF269, 0xF277, 
+	0xF281, 0xF293, 0xF2A7, 0xF2B1, 0xF2B3, 0xF2B9, 0xF2BD, 0xF2BF, 
+	0xF2DB, 0xF2ED, 0xF2EF, 0xF2F9, 0xF2FF, 0xF305, 0xF30B, 0xF319, 
+	0xF341, 0xF359, 0xF35B, 0xF35F, 0xF367, 0xF373, 0xF377, 0xF38B, 
+	0xF38F, 0xF3AF, 0xF3C1, 0xF3D1, 0xF3D7, 0xF3FB, 0xF403, 0xF409, 
+	0xF40D, 0xF413, 0xF421, 0xF425, 0xF42B, 0xF445, 0xF44B, 0xF455, 
+	0xF463, 0xF475, 0xF47F, 0xF485, 0xF48B, 0xF499, 0xF4A3, 0xF4A9, 
+	0xF4AF, 0xF4BD, 0xF4C3, 0xF4DB, 0xF4DF, 0xF4ED, 0xF503, 0xF50B, 
+	0xF517, 0xF521, 0xF529, 0xF535, 0xF547, 0xF551, 0xF563, 0xF56B, 
+	0xF583, 0xF58D, 0xF595, 0xF599, 0xF5B1, 0xF5B7, 0xF5C9, 0xF5CF, 
+	0xF5D1, 0xF5DB, 0xF5F9, 0xF5FB, 0xF605, 0xF607, 0xF60B, 0xF60D, 
+	0xF635, 0xF637, 0xF653, 0xF65B, 0xF661, 0xF667, 0xF679, 0xF67F, 
+	0xF689, 0xF697, 0xF69B, 0xF6AD, 0xF6CB, 0xF6DD, 0xF6DF, 0xF6EB, 
+	0xF709, 0xF70F, 0xF72D, 0xF731, 0xF743, 0xF74F, 0xF751, 0xF755, 
+	0xF763, 0xF769, 0xF773, 0xF779, 0xF781, 0xF787, 0xF791, 0xF79D, 
+	0xF79F, 0xF7A5, 0xF7B1, 0xF7BB, 0xF7BD, 0xF7CF, 0xF7D3, 0xF7E7, 
+	0xF7EB, 0xF7F1, 0xF7FF, 0xF805, 0xF80B, 0xF821, 0xF827, 0xF82D, 
+	0xF835, 0xF847, 0xF859, 0xF863, 0xF865, 0xF86F, 0xF871, 0xF877, 
+	0xF87B, 0xF881, 0xF88D, 0xF89F, 0xF8A1, 0xF8AB, 0xF8B3, 0xF8B7, 
+	0xF8C9, 0xF8CB, 0xF8D1, 0xF8D7, 0xF8DD, 0xF8E7, 0xF8EF, 0xF8F9, 
+	0xF8FF, 0xF911, 0xF91D, 0xF925, 0xF931, 0xF937, 0xF93B, 0xF941, 
+	0xF94F, 0xF95F, 0xF961, 0xF96D, 0xF971, 0xF977, 0xF99D, 0xF9A3, 
+	0xF9A9, 0xF9B9, 0xF9CD, 0xF9E9, 0xF9FD, 0xFA07, 0xFA0D, 0xFA13, 
+	0xFA21, 0xFA25, 0xFA3F, 0xFA43, 0xFA51, 0xFA5B, 0xFA6D, 0xFA7B, 
+	0xFA97, 0xFA99, 0xFA9D, 0xFAAB, 0xFABB, 0xFABD, 0xFAD9, 0xFADF, 
+	0xFAE7, 0xFAED, 0xFB0F, 0xFB17, 0xFB1B, 0xFB2D, 0xFB2F, 0xFB3F, 
+	0xFB47, 0xFB4D, 0xFB75, 0xFB7D, 0xFB8F, 0xFB93, 0xFBB1, 0xFBB7, 
+	0xFBC3, 0xFBC5, 0xFBE3, 0xFBE9, 0xFBF3, 0xFC01, 0xFC29, 0xFC37, 
+	0xFC41, 0xFC43, 0xFC4F, 0xFC59, 0xFC61, 0xFC65, 0xFC6D, 0xFC73, 
+	0xFC79, 0xFC95, 0xFC97, 0xFC9B, 0xFCA7, 0xFCB5, 0xFCC5, 0xFCCD, 
+	0xFCEB, 0xFCFB, 0xFD0D, 0xFD0F, 0xFD19, 0xFD2B, 0xFD31, 0xFD51, 
+	0xFD55, 0xFD67, 0xFD6D, 0xFD6F, 0xFD7B, 0xFD85, 0xFD97, 0xFD99, 
+	0xFD9F, 0xFDA9, 0xFDB7, 0xFDC9, 0xFDE5, 0xFDEB, 0xFDF3, 0xFE03, 
+	0xFE05, 0xFE09, 0xFE1D, 0xFE27, 0xFE2F, 0xFE41, 0xFE4B, 0xFE4D, 
+	0xFE57, 0xFE5F, 0xFE63, 0xFE69, 0xFE75, 0xFE7B, 0xFE8F, 0xFE93, 
+	0xFE95, 0xFE9B, 0xFE9F, 0xFEB3, 0xFEBD, 0xFED7, 0xFEE9, 0xFEF3, 
+	0xFEF5, 0xFF07, 0xFF0D, 0xFF1D, 0xFF2B, 0xFF2F, 0xFF49, 0xFF4D, 
+	0xFF5B, 0xFF65, 0xFF71, 0xFF7F, 0xFF85, 0xFF8B, 0xFF8F, 0xFF9D, 
+	0xFFA7, 0xFFA9, 0xFFC7, 0xFFD9, 0xFFEF, 0xFFF1, 
+#endif
+};
+
diff --git a/security/nss/lib/freebl/mpi/stats b/security/nss/lib/freebl/mpi/stats
new file mode 100755
index 000000000..4e8c44357
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/stats
@@ -0,0 +1,74 @@
+#!/usr/bin/perl
+
+#
+# Treat each line as a sequence of comma and/or space delimited
+# floating point numbers, and compute basic statistics on them.
+# These are written to standard output
+
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+#
+# The Initial Developer of the Original Code is
+# Michael J. Fromberger <sting@linguist.dartmouth.edu>.
+# Portions created by the Initial Developer are Copyright (C) 1998, 2000
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+# $Id$
+#
+
+$min = 1.7976931348623157E+308;
+$max = 2.2250738585072014E-308;
+$sum = $num = 0;
+
+while(<>) {
+    chomp;
+
+    @nums = split(/[\s,]+/, $_);
+    next if($#nums < 0);
+
+    $num += scalar @nums;
+    foreach (@nums) {
+	$min = $_ if($_ < $min);
+	$max = $_ if($_ > $max);
+	$sum += $_;
+    }
+}
+
+if($num) {
+    $avg = $sum / $num;
+} else {
+    $min = $max = 0;
+}
+
+printf "%d\tmin=%.2f, avg=%.2f, max=%.2f, sum=%.2f\n",
+    $num, $min, $avg, $max, $sum;
+
+# end
diff --git a/security/nss/lib/freebl/mpi/target.mk b/security/nss/lib/freebl/mpi/target.mk
new file mode 100644
index 000000000..6f71e8053
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/target.mk
@@ -0,0 +1,249 @@
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+#
+# The Initial Developer of the Original Code is
+# Michael J. Fromberger <sting@linguist.dartmouth.edu>.
+# Portions created by the Initial Developer are Copyright (C) 1998
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#   Netscape Communications Corporation
+#   Richard C. Swift  (swift@netscape.com)
+#   Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+##
+## Define CFLAGS to contain any local options your compiler
+## setup requires.
+##
+## Conditional compilation options are no longer here; see
+## the file 'mpi-config.h' instead.
+##
+MPICMN = -I. -DMP_API_COMPATIBLE -DMP_IOFUNC
+CFLAGS= -O $(MPICMN)
+#CFLAGS=-ansi -fullwarn -woff 1521 -O3 $(MPICMN)
+#CFLAGS=-ansi -pedantic -Wall -O3 $(MPICMN)
+#CFLAGS=-ansi -pedantic -Wall -g -O2 -DMP_DEBUG=1 $(MPICMN)
+
+ifeq ($(TARGET),mipsIRIX)
+#IRIX
+#MPICMN += -DMP_MONT_USE_MP_MUL 
+MPICMN += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
+MPICMN += -DMP_USE_UINT_DIGIT
+#MPICMN += -DMP_NO_MP_WORD
+AS_OBJS = mpi_mips.o
+#ASFLAGS = -O -OPT:Olimit=4000 -dollar -fullwarn -xansi -n32 -mips3 -exceptions
+ASFLAGS = -O -OPT:Olimit=4000 -dollar -fullwarn -xansi -n32 -mips3 
+#CFLAGS=-ansi -n32 -O3 -fullwarn -woff 1429 -D_SGI_SOURCE $(MPICMN)
+CFLAGS=-ansi -n32 -O2 -fullwarn -woff 1429 -D_SGI_SOURCE $(MPICMN)
+#CFLAGS=-ansi -n32 -g -fullwarn -woff 1429 -D_SGI_SOURCE $(MPICMN)
+#CFLAGS=-ansi -64 -O2 -fullwarn -woff 1429 -D_SGI_SOURCE -DMP_NO_MP_WORD \
+ $(MPICMN)
+endif
+
+ifeq ($(TARGET),alphaOSF1)
+#Alpha/OSF1
+MPICMN += -DMP_ASSEMBLY_MULTIPLY
+AS_OBJS+= mpvalpha.o
+#CFLAGS= -O -Olimit 4000 -ieee_with_inexact -std1 -DOSF1 -D_REENTRANT $(MPICMN)
+CFLAGS= -O -Olimit 4000 -ieee_with_inexact -std1 -DOSF1 -D_REENTRANT \
+ -DMP_NO_MP_WORD $(MPICMN)
+endif
+
+ifeq ($(TARGET),v9SOLARIS)
+#Solaris 64
+SOLARIS_FPU_FLAGS = -fast -xO5 -xrestrict=%all -xchip=ultra -xarch=v9a -KPIC -mt
+#SOLARIS_FPU_FLAGS = -fast -xO5 -xrestrict=%all -xdepend -xchip=ultra -xarch=v9a -KPIC -mt
+SOLARIS_ASM_FLAGS = -xchip=ultra -xarch=v9a -KPIC -mt 
+AS_OBJS += montmulfv9.o 
+AS_OBJS += mpi_sparc.o mpv_sparcv9.o
+MPICMN += -DMP_USE_UINT_DIGIT 
+#MPICMN += -DMP_NO_MP_WORD 
+MPICMN += -DMP_ASSEMBLY_MULTIPLY 
+MPICMN += -DMP_USING_MONT_MULF
+CFLAGS= -O -KPIC -DSVR4 -DSYSV -D__svr4 -D__svr4__ -DSOLARIS -D_REENTRANT \
+ -DSOLARIS2_8 -xarch=v9 -DXP_UNIX $(MPICMN)
+#CFLAGS= -g -KPIC -DSVR4 -DSYSV -D__svr4 -D__svr4__ -DSOLARIS -D_REENTRANT \
+ -DSOLARIS2_8 -xarch=v9 -DXP_UNIX $(MPICMN)
+endif
+
+ifeq ($(TARGET),v8plusSOLARIS)
+#Solaris 32
+SOLARIS_FPU_FLAGS = -fast -xO5 -xrestrict=%all -xdepend -xchip=ultra -xarch=v8plusa -KPIC -mt
+SOLARIS_ASM_FLAGS = -xchip=ultra -xarch=v8plusa -KPIC -mt 
+AS_OBJS += montmulfv8.o 
+AS_OBJS += mpi_sparc.o mpv_sparcv8.o
+#AS_OBJS = montmulf.o
+MPICMN += -DMP_ASSEMBLY_MULTIPLY 
+MPICMN += -DMP_USING_MONT_MULF 
+MPICMN += -DMP_USE_UINT_DIGIT
+MPICMN += -DMP_NO_MP_WORD
+CFLAGS=-O -KPIC -DSVR4 -DSYSV -D__svr4 -D__svr4__ -DSOLARIS -D_REENTRANT \
+ -DSOLARIS2_6 -xarch=v8plus -DXP_UNIX $(MPICMN)
+endif
+
+ifeq ($(TARGET),v8SOLARIS)
+#Solaris 32
+#SOLARIS_FPU_FLAGS = -fast -xO5 -xrestrict=%all -xdepend -xchip=ultra -xarch=v8 -KPIC -mt
+#SOLARIS_ASM_FLAGS = -xchip=ultra -xarch=v8plusa -KPIC -mt 
+#AS_OBJS = montmulfv8.o mpi_sparc.o mpv_sparcv8.o
+#AS_OBJS = montmulf.o
+#MPICMN += -DMP_USING_MONT_MULF
+#MPICMN += -DMP_ASSEMBLY_MULTIPLY 
+MPICMN += -DMP_USE_LONG_LONG_MULTIPLY -DMP_USE_UINT_DIGIT
+MPICMN += -DMP_NO_MP_WORD
+CFLAGS=-O -KPIC -DSVR4 -DSYSV -D__svr4 -D__svr4__ -DSOLARIS -D_REENTRANT \
+ -DSOLARIS2_6 -xarch=v8 -DXP_UNIX $(MPICMN)
+endif
+
+ifeq ($(TARGET),ia64HPUX)
+#HPUX 32 on ia64  -- 64 bit digits SCREAM.
+# This one is for DD32 which is the 32-bit ABI with 64-bit registers.
+CFLAGS= +O3 -DHPUX10 -D_POSIX_C_SOURCE=199506L -Aa +Z -DHPUX -Dhppa \
+ -D_HPUX_SOURCE -Aa +e -z +p +DD32 -DHPUX11 -DXP_UNIX -Wl,+k $(MPICMN)
+#CFLAGS= -O -DHPUX10 -D_POSIX_C_SOURCE=199506L -Aa +Z -DHPUX -Dhppa \
+ -D_HPUX_SOURCE -Aa +e -z +p +DD32 -DHPUX11 -DXP_UNIX -Wl,+k $(MPICMN)
+#CFLAGS= -g -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \
+ -D_HPUX_SOURCE -Aa +e -z +p +DD32 -DHPUX11 -DXP_UNIX -Wl,+k $(MPICMN)
+endif
+
+ifeq ($(TARGET),ia64HPUX64)
+#HPUX 32 on ia64
+# This one is for DD64 which is the 64-bit ABI 
+CFLAGS= +O3 -DHPUX10 -D_POSIX_C_SOURCE=199506L -Aa +Z -DHPUX -Dhppa \
+ -D_HPUX_SOURCE -Aa +e -z +p +DD64 -DHPUX11 -DXP_UNIX -Wl,+k $(MPICMN)
+#CFLAGS= -g -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \
+ -D_HPUX_SOURCE -Aa +e -z +p +DD64 -DHPUX11 -DXP_UNIX -Wl,+k $(MPICMN)
+endif
+
+ifeq ($(TARGET),PA2.0WHPUX)
+#HPUX64 (HP PA 2.0 Wide) using MAXPY and 64-bit digits
+MPICMN += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
+AS_OBJS = mpi_hp.o hpma512.o hppa20.o 
+CFLAGS= -O -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \
+ -D_HPUX_SOURCE -Aa +e -z +DA2.0W +DS2.0 +O3 +DChpux -DHPUX11  -DXP_UNIX \
+ $(MPICMN)
+#CFLAGS= -g -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \
+ -D_HPUX_SOURCE -Aa +e -z +DA2.0W +DS2.0 +DChpux -DHPUX11  -DXP_UNIX \
+ $(MPICMN)
+AS = $(CC) $(CFLAGS) -c
+endif
+
+ifeq ($(TARGET),PA2.0NHPUX)
+#HPUX32 (HP PA 2.0 Narrow) hybrid model, using 32-bit digits
+# This one is for DA2.0 (N) which is the 32-bit ABI with 64-bit registers.
+MPICMN += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
+AS_OBJS = mpi_hp.o hpma512.o hppa20.o 
+CFLAGS= +O3 -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \
+ -D_HPUX_SOURCE -Aa +e -z +DA2.0 +DS2.0 +DChpux -DHPUX11  -DXP_UNIX \
+ -Wl,+k $(MPICMN)
+#CFLAGS= -g -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \
+ -D_HPUX_SOURCE -Aa +e -z +DA2.0 +DS2.0 +DChpux -DHPUX11  -DXP_UNIX \
+ -Wl,+k $(MPICMN)
+AS = $(CC) $(CFLAGS) -c
+endif
+
+ifeq ($(TARGET),PA1.1HPUX)
+#HPUX32 (HP PA 1.1) Pure 32 bit
+MPICMN += -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD
+#MPICMN += -DMP_USE_LONG_LONG_MULTIPLY
+CFLAGS= -O -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \
+ -D_HPUX_SOURCE +DAportable +DS1.1 -DHPUX11 -DXP_UNIX $(MPICMN)
+##CFLAGS= -g -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \
+# -D_HPUX_SOURCE +DAportable +DS1.1 -DHPUX11 -DXP_UNIX $(MPICMN)
+endif
+
+ifeq ($(TARGET),32AIX)
+#
+CC = xlC_r
+MPICMN += -DMP_USE_UINT_DIGIT
+MPICMN += -DMP_NO_DIV_WORD
+#MPICMN += -DMP_NO_MUL_WORD
+MPICMN += -DMP_NO_ADD_WORD
+MPICMN += -DMP_NO_SUB_WORD
+#MPICMN += -DMP_NO_MP_WORD
+#MPICMN += -DMP_USE_LONG_LONG_MULTIPLY
+CFLAGS = -O -DAIX -DSYSV -qarch=com -DAIX4_3 -DXP_UNIX -UDEBUG -DNDEBUG  $(MPICMN)
+#CFLAGS = -g -DAIX -DSYSV -qarch=com -DAIX4_3 -DXP_UNIX -UDEBUG -DNDEBUG  $(MPICMN)
+#CFLAGS += -pg
+endif
+
+ifeq ($(TARGET),64AIX)
+#
+CC = xlC_r
+MPICMN += -DMP_USE_UINT_DIGIT
+CFLAGS = -O -O2 -DAIX -DSYSV -qarch=com -DAIX_64BIT -DAIX4_3 -DXP_UNIX -UDEBUG -DNDEBUG $(MPICMN)
+OBJECT_MODE=64
+export OBJECT_MODE
+endif
+
+ifeq ($(TARGET),x86LINUX)
+#Linux
+AS_OBJS = mpi_x86.o
+MPICMN += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -DMP_ASSEMBLY_DIV_2DX1D
+MPICMN += -DMP_MONT_USE_MP_MUL -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN
+CFLAGS= -O2 -fPIC -DLINUX1_2 -Di386 -D_XOPEN_SOURCE -DLINUX2_1 -ansi -Wall \
+ -pipe -DLINUX -Dlinux -D_POSIX_SOURCE -D_BSD_SOURCE -DHAVE_STRERROR \
+ -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT $(MPICMN)
+#CFLAGS= -g -fPIC -DLINUX1_2 -Di386 -D_XOPEN_SOURCE -DLINUX2_1 -ansi -Wall \
+ -pipe -DLINUX -Dlinux -D_POSIX_SOURCE -D_BSD_SOURCE -DHAVE_STRERROR \
+ -DXP_UNIX -DDEBUG -UNDEBUG -D_REENTRANT $(MPICMN)
+#CFLAGS= -g -fPIC -DLINUX1_2 -Di386 -D_XOPEN_SOURCE -DLINUX2_1 -ansi -Wall \
+ -pipe -DLINUX -Dlinux -D_POSIX_SOURCE -D_BSD_SOURCE -DHAVE_STRERROR \
+ -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT $(MPICMN)
+endif
+
+ifeq ($(TARGET),AMD64SOLARIS)
+ASFLAGS += -xarch=generic64
+AS_OBJS = mpi_amd64.o mpi_amd64_sun.o
+MP_CONFIG = -DMP_ASSEMBLY_MULTIPLY -DMPI_AMD64
+MP_CONFIG += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN
+CFLAGS = -xarch=generic64 -xO4 -I. -DMP_API_COMPATIBLE -DMP_IOFUNC $(MP_CONFIG)
+MPICMN += $(MP_CONFIG)
+
+mpi_amd64_asm.o: mpi_amd64_sun.s
+	$(AS) -xarch=generic64 -P -D_ASM mpi_amd64_sun.s
+endif
+
+ifeq ($(TARGET),WIN32)
+AS_OBJS = mpi_x86.obj
+MPICMN += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -DMP_ASSEMBLY_DIV_2DX1D
+MPICMN += -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD -DMP_API_COMPATIBLE 
+MPICMN += -DMP_MONT_USE_MP_MUL 
+MPICMN += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN
+CFLAGS  = -Od -Z7 -MDd -W3 -nologo -DDEBUG -D_DEBUG -UNDEBUG -DDEBUG_$(USER)
+CFLAGS += -DWIN32 -D_WINDOWS -D_X86_ -DWIN95 -DXP_PC -DNSS_ENABLE_ECC 
+CFLAGS += $(MPICMN)
+
+$(AS_OBJS): %.obj : %.asm
+	ml -Cp -Sn -Zi -coff -nologo -c $<
+
+$(LIBOBJS): %.obj : %.c 
+	cl $(CFLAGS) -Fo$@ -c $<
+
+endif
diff --git a/security/nss/lib/freebl/mpi/test-arrays.txt b/security/nss/lib/freebl/mpi/test-arrays.txt
new file mode 100644
index 000000000..62c4c3d61
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/test-arrays.txt
@@ -0,0 +1,90 @@
+#
+# Test suite table for MPI library
+#
+# Format of entries:
+# suite-name:function-name:description
+#
+# suite-name	The name used to identify this test in mpi-test
+# function-name	The function called to perform this test in mpi-test.c
+# description   A brief description of what the suite tests
+
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+#
+# The Initial Developer of the Original Code is
+# Michael J. Fromberger <sting@linguist.dartmouth.edu>.
+# Portions created by the Initial Developer are Copyright (C) 1998
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+# $Id$
+#
+list:test_list:print out a list of the available test suites
+copy:test_copy:test assignment of mp-int structures
+exchange:test_exch:test exchange of mp-int structures
+zero:test_zero:test zeroing of an mp-int
+set:test_set:test setting an mp-int to a small constant
+absolute-value:test_abs:test the absolute value function
+negate:test_neg:test the arithmetic negation function
+add-digit:test_add_d:test digit addition
+add:test_add:test full addition
+subtract-digit:test_sub_d:test digit subtraction
+subtract:test_sub:test full subtraction
+multiply-digit:test_mul_d:test digit multiplication
+multiply:test_mul:test full multiplication
+square:test_sqr:test full squaring function
+divide-digit:test_div_d:test digit division
+divide-2:test_div_2:test division by two
+divide-2d:test_div_2d:test division & remainder by 2^d
+divide:test_div:test full division
+expt-digit:test_expt_d:test digit exponentiation
+expt:test_expt:test full exponentiation
+expt-2:test_2expt:test power-of-two exponentiation
+square-root:test_sqrt:test integer square root function
+modulo-digit:test_mod_d:test digit modular reduction
+modulo:test_mod:test full modular reduction
+mod-add:test_addmod:test modular addition
+mod-subtract:test_submod:test modular subtraction
+mod-multiply:test_mulmod:test modular multiplication
+mod-square:test_sqrmod:test modular squaring function
+mod-expt:test_exptmod:test full modular exponentiation
+mod-expt-digit:test_exptmod_d:test digit modular exponentiation
+mod-inverse:test_invmod:test modular inverse function
+compare-digit:test_cmp_d:test digit comparison function
+compare-zero:test_cmp_z:test zero comparison function
+compare:test_cmp:test general signed comparison
+compare-magnitude:test_cmp_mag:test general magnitude comparison
+parity:test_parity:test parity comparison functions
+gcd:test_gcd:test greatest common divisor functions
+lcm:test_lcm:test least common multiple function
+conversion:test_convert:test general radix conversion facilities
+binary:test_raw:test raw output format
+pprime:test_pprime:test probabilistic primality tester
+fermat:test_fermat:test Fermat pseudoprimality tester
diff --git a/security/nss/lib/freebl/mpi/test-info.c b/security/nss/lib/freebl/mpi/test-info.c
new file mode 100644
index 000000000..86682ecd5
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/test-info.c
@@ -0,0 +1,194 @@
+/*
+ *  test-info.c
+ *
+ *  Arbitrary precision integer arithmetic library
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+/* Table mapping test suite names to index numbers */
+const int   g_count = 42;
+const char *g_names[] = {
+   "list",              /* print out a list of the available test suites */
+   "copy",              /* test assignment of mp-int structures          */
+   "exchange",          /* test exchange of mp-int structures            */
+   "zero",              /* test zeroing of an mp-int                     */
+   "set",               /* test setting an mp-int to a small constant    */
+   "absolute-value",    /* test the absolute value function              */
+   "negate",            /* test the arithmetic negation function         */
+   "add-digit",         /* test digit addition                           */
+   "add",               /* test full addition                            */
+   "subtract-digit",    /* test digit subtraction                        */
+   "subtract",          /* test full subtraction                         */
+   "multiply-digit",    /* test digit multiplication                     */
+   "multiply",          /* test full multiplication                      */
+   "square",            /* test full squaring function                   */
+   "divide-digit",      /* test digit division                           */
+   "divide-2",          /* test division by two                          */
+   "divide-2d",         /* test division & remainder by 2^d              */
+   "divide",            /* test full division                            */
+   "expt-digit",        /* test digit exponentiation                     */
+   "expt",              /* test full exponentiation                      */
+   "expt-2",            /* test power-of-two exponentiation              */
+   "square-root",       /* test integer square root function             */
+   "modulo-digit",      /* test digit modular reduction                  */
+   "modulo",            /* test full modular reduction                   */
+   "mod-add",           /* test modular addition                         */
+   "mod-subtract",      /* test modular subtraction                      */
+   "mod-multiply",      /* test modular multiplication                   */
+   "mod-square",        /* test modular squaring function                */
+   "mod-expt",          /* test full modular exponentiation              */
+   "mod-expt-digit",    /* test digit modular exponentiation             */
+   "mod-inverse",       /* test modular inverse function                 */
+   "compare-digit",     /* test digit comparison function                */
+   "compare-zero",      /* test zero comparison function                 */
+   "compare",           /* test general signed comparison                */
+   "compare-magnitude", /* test general magnitude comparison             */
+   "parity",            /* test parity comparison functions              */
+   "gcd",               /* test greatest common divisor functions        */
+   "lcm",               /* test least common multiple function           */
+   "conversion",        /* test general radix conversion facilities      */
+   "binary",            /* test raw output format                        */
+   "pprime",            /* test probabilistic primality tester           */
+   "fermat"             /* test Fermat pseudoprimality tester            */
+};
+
+/* Test function prototypes */
+int  test_list(void);
+int  test_copy(void);
+int  test_exch(void);
+int  test_zero(void);
+int  test_set(void);
+int  test_abs(void);
+int  test_neg(void);
+int  test_add_d(void);
+int  test_add(void);
+int  test_sub_d(void);
+int  test_sub(void);
+int  test_mul_d(void);
+int  test_mul(void);
+int  test_sqr(void);
+int  test_div_d(void);
+int  test_div_2(void);
+int  test_div_2d(void);
+int  test_div(void);
+int  test_expt_d(void);
+int  test_expt(void);
+int  test_2expt(void);
+int  test_sqrt(void);
+int  test_mod_d(void);
+int  test_mod(void);
+int  test_addmod(void);
+int  test_submod(void);
+int  test_mulmod(void);
+int  test_sqrmod(void);
+int  test_exptmod(void);
+int  test_exptmod_d(void);
+int  test_invmod(void);
+int  test_cmp_d(void);
+int  test_cmp_z(void);
+int  test_cmp(void);
+int  test_cmp_mag(void);
+int  test_parity(void);
+int  test_gcd(void);
+int  test_lcm(void);
+int  test_convert(void);
+int  test_raw(void);
+int  test_pprime(void);
+int  test_fermat(void);
+
+/* Table mapping index numbers to functions */
+int (*g_tests[])(void)  = {
+   test_list,     test_copy,     test_exch,     test_zero,     
+   test_set,      test_abs,      test_neg,      test_add_d,    
+   test_add,      test_sub_d,    test_sub,      test_mul_d,    
+   test_mul,      test_sqr,      test_div_d,    test_div_2,    
+   test_div_2d,   test_div,      test_expt_d,   test_expt,     
+   test_2expt,    test_sqrt,     test_mod_d,    test_mod,      
+   test_addmod,   test_submod,   test_mulmod,   test_sqrmod,   
+   test_exptmod,  test_exptmod_d, test_invmod,   test_cmp_d,    
+   test_cmp_z,    test_cmp,      test_cmp_mag,  test_parity,   
+   test_gcd,      test_lcm,      test_convert,  test_raw,      
+   test_pprime,   test_fermat
+};
+
+/* Table mapping index numbers to descriptions */
+const char *g_descs[] = {
+   "print out a list of the available test suites",
+   "test assignment of mp-int structures",
+   "test exchange of mp-int structures",
+   "test zeroing of an mp-int",
+   "test setting an mp-int to a small constant",
+   "test the absolute value function",
+   "test the arithmetic negation function",
+   "test digit addition",
+   "test full addition",
+   "test digit subtraction",
+   "test full subtraction",
+   "test digit multiplication",
+   "test full multiplication",
+   "test full squaring function",
+   "test digit division",
+   "test division by two",
+   "test division & remainder by 2^d",
+   "test full division",
+   "test digit exponentiation",
+   "test full exponentiation",
+   "test power-of-two exponentiation",
+   "test integer square root function",
+   "test digit modular reduction",
+   "test full modular reduction",
+   "test modular addition",
+   "test modular subtraction",
+   "test modular multiplication",
+   "test modular squaring function",
+   "test full modular exponentiation",
+   "test digit modular exponentiation",
+   "test modular inverse function",
+   "test digit comparison function",
+   "test zero comparison function",
+   "test general signed comparison",
+   "test general magnitude comparison",
+   "test parity comparison functions",
+   "test greatest common divisor functions",
+   "test least common multiple function",
+   "test general radix conversion facilities",
+   "test raw output format",
+   "test probabilistic primality tester",
+   "test Fermat pseudoprimality tester"
+};
+
diff --git a/security/nss/lib/freebl/mpi/tests/LICENSE b/security/nss/lib/freebl/mpi/tests/LICENSE
new file mode 100644
index 000000000..c2c5d0190
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/tests/LICENSE
@@ -0,0 +1,6 @@
+Within this directory, each of the file listed below is licensed under 
+the terms given in the file LICENSE-MPL, also in this directory.
+
+pi1k.txt
+pi2k.txt
+pi5k.txt
diff --git a/security/nss/lib/freebl/mpi/tests/LICENSE-MPL b/security/nss/lib/freebl/mpi/tests/LICENSE-MPL
new file mode 100644
index 000000000..d1f78f522
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/tests/LICENSE-MPL
@@ -0,0 +1,35 @@
+***** BEGIN LICENSE BLOCK *****
+Version: MPL 1.1/GPL 2.0/LGPL 2.1
+
+The contents of this file are subject to the Mozilla Public License Version
+1.1 (the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+http://www.mozilla.org/MPL/
+
+Software distributed under the License is distributed on an "AS IS" basis,
+WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+for the specific language governing rights and limitations under the
+License.
+
+The Original Code is the Netscape security libraries.
+
+The Initial Developer of the Original Code is Netscape
+Communications Corporation.  Portions created by Netscape are 
+Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+Rights Reserved.
+
+Contributor(s):
+
+Alternatively, the contents of this file may be used under the terms of
+either the GNU General Public License Version 2 or later (the "GPL"), or
+the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+in which case the provisions of the GPL or the LGPL are applicable instead
+of those above. If you wish to allow use of your version of this file only
+under the terms of either the GPL or the LGPL, and not to allow others to
+use your version of this file under the terms of the MPL, indicate your
+decision by deleting the provisions above and replace them with the notice
+and other provisions required by the GPL or the LGPL. If you do not delete
+the provisions above, a recipient may use your version of this file under
+the terms of any one of the MPL, the GPL or the LGPL.
+
+***** END LICENSE BLOCK *****
diff --git a/security/nss/lib/freebl/mpi/tests/mptest-1.c b/security/nss/lib/freebl/mpi/tests/mptest-1.c
new file mode 100644
index 000000000..98a36cb06
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/tests/mptest-1.c
@@ -0,0 +1,75 @@
+/*
+ * Simple test driver for MPI library
+ *
+ * Test 1: Simple input test (drives single-digit multiply and add,
+ *         as well as I/O routines)
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <limits.h>
+
+#ifdef MAC_CW_SIOUX
+#include <console.h>
+#endif
+
+#include "mpi.h"
+
+int main(int argc, char *argv[])
+{
+  int    ix;
+  mp_int mp;
+
+#ifdef MAC_CW_SIOUX
+  argc = ccommand(&argv);
+#endif
+
+  mp_init(&mp);
+  
+  for(ix = 1; ix < argc; ix++) {
+    mp_read_radix(&mp, argv[ix], 10);
+    mp_print(&mp, stdout);
+    fputc('\n', stdout);
+  }
+
+  mp_clear(&mp);
+  return 0;
+}
diff --git a/security/nss/lib/freebl/mpi/tests/mptest-2.c b/security/nss/lib/freebl/mpi/tests/mptest-2.c
new file mode 100644
index 000000000..7c09e7d2d
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/tests/mptest-2.c
@@ -0,0 +1,86 @@
+/*
+ * Simple test driver for MPI library
+ *
+ * Test 2: Basic addition and subtraction test
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <limits.h>
+
+#include "mpi.h"
+
+int main(int argc, char *argv[])
+{
+  mp_int a, b, c;
+
+  if(argc < 3) {
+    fprintf(stderr, "Usage: %s <a> <b>\n", argv[0]);
+    return 1;
+  }
+
+  printf("Test 2: Basic addition and subtraction\n\n");
+
+  mp_init(&a);
+  mp_init(&b);
+
+  mp_read_radix(&a, argv[1], 10);
+  mp_read_radix(&b, argv[2], 10);
+  printf("a = "); mp_print(&a, stdout); fputc('\n', stdout);
+  printf("b = "); mp_print(&b, stdout); fputc('\n', stdout);
+  
+  mp_init(&c);
+  printf("c = a + b\n");
+
+  mp_add(&a, &b, &c);
+  printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+  
+  printf("c = a - b\n");
+  
+  mp_sub(&a, &b, &c);
+  printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);  
+
+  mp_clear(&c);
+  mp_clear(&b);
+  mp_clear(&a);
+
+  return 0;
+}
diff --git a/security/nss/lib/freebl/mpi/tests/mptest-3.c b/security/nss/lib/freebl/mpi/tests/mptest-3.c
new file mode 100644
index 000000000..43a287996
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/tests/mptest-3.c
@@ -0,0 +1,131 @@
+/*
+ * Simple test driver for MPI library
+ *
+ * Test 3: Multiplication, division, and exponentiation test
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <limits.h>
+
+#include <time.h>
+
+#include "mpi.h"
+
+#define  SQRT 1  /* define nonzero to get square-root test  */
+#define  EXPT 0  /* define nonzero to get exponentiate test */
+
+int main(int argc, char *argv[])
+{
+  int      ix;
+  mp_int   a, b, c, d;
+  mp_digit r;
+  mp_err   res;
+
+  if(argc < 3) {
+    fprintf(stderr, "Usage: %s <a> <b>\n", argv[0]);
+    return 1;
+  }
+
+  printf("Test 3: Multiplication and division\n\n");
+  srand(time(NULL));
+
+  mp_init(&a);
+  mp_init(&b);
+
+  mp_read_variable_radix(&a, argv[1], 10);
+  mp_read_variable_radix(&b, argv[2], 10);
+  printf("a = "); mp_print(&a, stdout); fputc('\n', stdout);
+  printf("b = "); mp_print(&b, stdout); fputc('\n', stdout);
+  
+  mp_init(&c);
+  printf("\nc = a * b\n");
+
+  mp_mul(&a, &b, &c);
+  printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+
+  printf("\nc = b * 32523\n");
+
+  mp_mul_d(&b, 32523, &c);
+  printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+  
+  mp_init(&d);
+  printf("\nc = a / b, d = a mod b\n");
+  
+  mp_div(&a, &b, &c, &d);
+  printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);  
+  printf("d = "); mp_print(&d, stdout); fputc('\n', stdout);  
+
+  ix = rand() % 256;
+  printf("\nc = a / %d, r = a mod %d\n", ix, ix);
+  mp_div_d(&a, (mp_digit)ix, &c, &r);
+  printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);  
+  printf("r = %04X\n", r);
+
+#if EXPT
+  printf("\nc = a ** b\n");
+  mp_expt(&a, &b, &c);
+  printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);  
+#endif
+
+  ix = rand() % 256;
+  printf("\nc = 2^%d\n", ix);
+  mp_2expt(&c, ix);
+  printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+
+#if SQRT
+  printf("\nc = sqrt(a)\n");
+  if((res = mp_sqrt(&a, &c)) != MP_OKAY) {
+    printf("mp_sqrt: %s\n", mp_strerror(res));
+  } else {
+    printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+    mp_sqr(&c, &c);
+    printf("c^2 = "); mp_print(&c, stdout); fputc('\n', stdout);
+  }
+#endif
+
+  mp_clear(&d);
+  mp_clear(&c);
+  mp_clear(&b);
+  mp_clear(&a);
+
+  return 0;
+}
diff --git a/security/nss/lib/freebl/mpi/tests/mptest-3a.c b/security/nss/lib/freebl/mpi/tests/mptest-3a.c
new file mode 100644
index 000000000..a4d246212
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/tests/mptest-3a.c
@@ -0,0 +1,144 @@
+/*
+ * Simple test driver for MPI library
+ *
+ * Test 3a: Multiplication vs. squaring timing test
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <limits.h>
+
+#include <time.h>
+
+#include "mpi.h"
+#include "mpprime.h"
+
+int main(int argc, char *argv[])
+{
+  int        ix, num, prec = 8;
+  double     d1, d2;
+  clock_t    start, finish;
+  time_t     seed;
+  mp_int     a, c, d;
+
+  seed = time(NULL);
+
+  if(argc < 2) {
+    fprintf(stderr, "Usage: %s <num-tests> [<precision>]\n", argv[0]);
+    return 1;
+  }
+
+  if((num = atoi(argv[1])) < 0)
+    num = -num;
+
+  if(!num) {
+    fprintf(stderr, "%s: must perform at least 1 test\n", argv[0]);
+    return 1;
+  }
+
+  if(argc > 2) {
+    if((prec = atoi(argv[2])) <= 0)
+      prec = 8;
+    else
+      prec = (prec + (DIGIT_BIT - 1)) / DIGIT_BIT;
+  }
+  
+  printf("Test 3a: Multiplication vs squaring timing test\n"
+	 "Precision:  %d digits (%u bits)\n"
+	 "# of tests: %d\n\n", prec, prec * DIGIT_BIT, num);
+
+  mp_init_size(&a, prec);
+
+  mp_init(&c); mp_init(&d);
+
+  printf("Verifying accuracy ... \n");
+  srand((unsigned int)seed);
+  for(ix = 0; ix < num; ix++) {
+    mpp_random_size(&a, prec);
+    mp_mul(&a, &a, &c);
+    mp_sqr(&a, &d);
+
+    if(mp_cmp(&c, &d) != 0) {
+      printf("Error!  Results not accurate:\n");
+      printf("a = "); mp_print(&a, stdout); fputc('\n', stdout);
+      printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+      printf("d = "); mp_print(&d, stdout); fputc('\n', stdout);
+      mp_sub(&c, &d, &d);
+      printf("dif "); mp_print(&d, stdout); fputc('\n', stdout);
+      mp_clear(&c); mp_clear(&d);
+      mp_clear(&a);
+      return 1;
+    }
+  }
+  printf("Accuracy is confirmed for the %d test samples\n", num);
+  mp_clear(&d);
+
+  printf("Testing squaring ... \n");
+  srand((unsigned int)seed);
+  start = clock();
+  for(ix = 0; ix < num; ix++) {
+    mpp_random_size(&a, prec);
+    mp_sqr(&a, &c);
+  }
+  finish = clock();
+
+  d2 = (double)(finish - start) / CLOCKS_PER_SEC;
+
+  printf("Testing multiplication ... \n");
+  srand((unsigned int)seed);
+  start = clock();
+  for(ix = 0; ix < num; ix++) {
+    mpp_random(&a);
+    mp_mul(&a, &a, &c);
+  }
+  finish = clock();
+
+  d1 = (double)(finish - start) / CLOCKS_PER_SEC;
+
+  printf("Multiplication time: %.3f sec (%.3f each)\n", d1, d1 / num);
+  printf("Squaring time:       %.3f sec (%.3f each)\n", d2, d2 / num);
+  printf("Improvement:         %.2f%%\n", (1.0 - (d2 / d1)) * 100.0);
+
+  mp_clear(&c);
+  mp_clear(&a);
+
+  return 0;
+}
diff --git a/security/nss/lib/freebl/mpi/tests/mptest-4.c b/security/nss/lib/freebl/mpi/tests/mptest-4.c
new file mode 100644
index 000000000..181cd4116
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/tests/mptest-4.c
@@ -0,0 +1,126 @@
+/*
+ * Simple test driver for MPI library
+ *
+ * Test 4: Modular arithmetic tests
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <limits.h>
+
+#include "mpi.h"
+
+int main(int argc, char *argv[])
+{
+  int      ix;
+  mp_int   a, b, c, m;
+  mp_digit r;
+
+  if(argc < 4) {
+    fprintf(stderr, "Usage: %s <a> <b> <m>\n", argv[0]);
+    return 1;
+  }
+
+  printf("Test 4: Modular arithmetic\n\n");
+
+  mp_init(&a);
+  mp_init(&b);
+  mp_init(&m);
+
+  mp_read_radix(&a, argv[1], 10);
+  mp_read_radix(&b, argv[2], 10);
+  mp_read_radix(&m, argv[3], 10);
+  printf("a = "); mp_print(&a, stdout); fputc('\n', stdout);
+  printf("b = "); mp_print(&b, stdout); fputc('\n', stdout);
+  printf("m = "); mp_print(&m, stdout); fputc('\n', stdout);
+  
+  mp_init(&c);
+  printf("\nc = a (mod m)\n");
+
+  mp_mod(&a, &m, &c);
+  printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+
+  printf("\nc = b (mod m)\n");
+
+  mp_mod(&b, &m, &c);
+  printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+
+  printf("\nc = b (mod 1853)\n");
+
+  mp_mod_d(&b, 1853, &r);
+  printf("c = %04X\n", r);
+
+  printf("\nc = (a + b) mod m\n");
+
+  mp_addmod(&a, &b, &m, &c);
+  printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+
+  printf("\nc = (a - b) mod m\n");
+
+  mp_submod(&a, &b, &m, &c);
+  printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+
+  printf("\nc = (a * b) mod m\n");
+
+  mp_mulmod(&a, &b, &m, &c);
+  printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+
+  printf("\nc = (a ** b) mod m\n");
+
+  mp_exptmod(&a, &b, &m, &c);
+  printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+
+  printf("\nIn-place modular squaring test:\n");
+  for(ix = 0; ix < 5; ix++) {
+    printf("a = (a * a) mod m   a = ");
+    mp_sqrmod(&a, &m, &a);
+    mp_print(&a, stdout);
+    fputc('\n', stdout);
+  }
+  
+
+  mp_clear(&c);
+  mp_clear(&m);
+  mp_clear(&b);
+  mp_clear(&a);
+
+  return 0;
+}
diff --git a/security/nss/lib/freebl/mpi/tests/mptest-4a.c b/security/nss/lib/freebl/mpi/tests/mptest-4a.c
new file mode 100644
index 000000000..87cb37547
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/tests/mptest-4a.c
@@ -0,0 +1,138 @@
+/* 
+ *  mptest4a - modular exponentiation speed test 
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <limits.h>
+#include <time.h>
+
+#include <sys/time.h>
+
+#include "mpi.h"
+#include "mpprime.h"
+
+typedef struct {
+  unsigned int  sec;
+  unsigned int  usec;
+} instant_t;
+
+instant_t now(void)
+{
+  struct timeval clk;
+  instant_t      res;
+
+  res.sec = res.usec = 0;
+
+  if(gettimeofday(&clk, NULL) != 0)
+    return res;
+
+  res.sec = clk.tv_sec;
+  res.usec = clk.tv_usec;
+
+  return res;
+}
+
+extern mp_err s_mp_pad();
+
+int main(int argc, char *argv[])
+{
+  int        ix, num, prec = 8;
+  unsigned   int d;
+  instant_t  start, finish;
+  time_t     seed;
+  mp_int     a, m, c;
+
+  seed = time(NULL);
+
+  if(argc < 2) {
+    fprintf(stderr, "Usage: %s <num-tests> [<precision>]\n", argv[0]);
+    return 1;
+  }
+
+  if((num = atoi(argv[1])) < 0)
+    num = -num;
+
+  if(!num) {
+    fprintf(stderr, "%s: must perform at least 1 test\n", argv[0]);
+    return 1;
+  }
+
+  if(argc > 2) {
+    if((prec = atoi(argv[2])) <= 0)
+      prec = 8;
+  }
+  
+  printf("Test 3a: Modular exponentiation timing test\n"
+	 "Precision:  %d digits (%d bits)\n"
+	 "# of tests: %d\n\n", prec, prec * DIGIT_BIT, num);
+
+  mp_init_size(&a, prec);
+  mp_init_size(&m, prec);
+  mp_init_size(&c, prec);
+  s_mp_pad(&a, prec);
+  s_mp_pad(&m, prec);
+  s_mp_pad(&c, prec);
+
+  printf("Testing modular exponentiation ... \n");
+  srand((unsigned int)seed);
+
+  start = now();
+  for(ix = 0; ix < num; ix++) {
+    mpp_random(&a);
+    mpp_random(&c);
+    mpp_random(&m);
+    mp_exptmod(&a, &c, &m, &c);
+  }
+  finish = now();
+
+  d = (finish.sec - start.sec) * 1000000;
+  d -= start.usec; d += finish.usec;
+
+  printf("Total time elapsed:        %u usec\n", d);
+  printf("Time per exponentiation:   %u usec (%.3f sec)\n", 
+	 (d / num), (double)(d / num) / 1000000);
+
+  mp_clear(&c);
+  mp_clear(&a);
+  mp_clear(&m);
+
+  return 0;
+}
diff --git a/security/nss/lib/freebl/mpi/tests/mptest-4b.c b/security/nss/lib/freebl/mpi/tests/mptest-4b.c
new file mode 100644
index 000000000..3b5f3b924
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/tests/mptest-4b.c
@@ -0,0 +1,135 @@
+/*
+ * mptest-4b.c
+ *
+ * Test speed of a large modular exponentiation of a primitive element
+ * modulo a prime.
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <limits.h>
+#include <time.h>
+
+#include <sys/time.h>
+
+#include "mpi.h"
+#include "mpprime.h"
+
+char *g_prime = 
+  "34BD53C07350E817CCD49721020F1754527959C421C1533244769D4CF060A8B1C3DA"
+  "25094BE723FB1E2369B55FEEBBE0FAC16425161BF82684062B5EC5D7D47D1B23C117"
+  "0FA19745E44A55E148314E582EB813AC9EE5126295E2E380CACC2F6D206B293E5ED9"
+  "23B54EE961A8C69CD625CE4EC38B70C649D7F014432AEF3A1C93";
+char *g_gen = "5";
+
+typedef struct {
+  unsigned int  sec;
+  unsigned int  usec;
+} instant_t;
+
+instant_t now(void)
+{
+  struct timeval clk;
+  instant_t      res;
+
+  res.sec = res.usec = 0;
+
+  if(gettimeofday(&clk, NULL) != 0)
+    return res;
+
+  res.sec = clk.tv_sec;
+  res.usec = clk.tv_usec;
+
+  return res;
+}
+
+extern mp_err s_mp_pad();
+
+int main(int argc, char *argv[])
+{
+  instant_t    start, finish;
+  mp_int       prime, gen, expt, res;
+  unsigned int ix, diff;
+  int          num;
+
+  srand(time(NULL));
+
+  if(argc < 2) {
+    fprintf(stderr, "Usage: %s <num-tests>\n", argv[0]);
+    return 1;
+  }
+
+  if((num = atoi(argv[1])) < 0)
+    num = -num;
+
+  if(num == 0)
+    ++num;
+
+  mp_init(&prime); mp_init(&gen); mp_init(&res);
+  mp_read_radix(&prime, g_prime, 16);
+  mp_read_radix(&gen, g_gen, 16);
+
+  mp_init_size(&expt, USED(&prime) - 1);
+  s_mp_pad(&expt, USED(&prime) - 1);
+
+  printf("Testing %d modular exponentations ... \n", num);
+
+  start = now();
+  for(ix = 0; ix < num; ix++) {
+    mpp_random(&expt);
+    mp_exptmod(&gen, &expt, &prime, &res);
+  }
+  finish = now();
+
+  diff = (finish.sec - start.sec) * 1000000;
+  diff += finish.usec; diff -= start.usec;
+
+  printf("%d operations took %u usec (%.3f sec)\n",
+	 num, diff, (double)diff / 1000000.0);
+  printf("That is %.3f sec per operation.\n",
+	 ((double)diff / 1000000.0) / num);
+
+  mp_clear(&expt);
+  mp_clear(&res);
+  mp_clear(&gen);
+  mp_clear(&prime);
+
+  return 0;
+}
diff --git a/security/nss/lib/freebl/mpi/tests/mptest-5.c b/security/nss/lib/freebl/mpi/tests/mptest-5.c
new file mode 100644
index 000000000..e77c5b0f2
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/tests/mptest-5.c
@@ -0,0 +1,103 @@
+/*
+ * Simple test driver for MPI library
+ *
+ * Test 5: Other number theoretic functions
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <limits.h>
+
+#include "mpi.h"
+
+int main(int argc, char *argv[])
+{
+  mp_int   a, b, c, x, y;
+
+  if(argc < 3) {
+    fprintf(stderr, "Usage: %s <a> <b>\n", argv[0]);
+    return 1;
+  }
+
+  printf("Test 5: Number theoretic functions\n\n");
+
+  mp_init(&a);
+  mp_init(&b);
+
+  mp_read_radix(&a, argv[1], 10);
+  mp_read_radix(&b, argv[2], 10);
+
+  printf("a = "); mp_print(&a, stdout); fputc('\n', stdout);
+  printf("b = "); mp_print(&b, stdout); fputc('\n', stdout);
+  
+  mp_init(&c);
+  printf("\nc = (a, b)\n");
+
+  mp_gcd(&a, &b, &c);
+  printf("Euclid: c = "); mp_print(&c, stdout); fputc('\n', stdout);
+/*
+  mp_bgcd(&a, &b, &c);
+  printf("Binary: c = "); mp_print(&c, stdout); fputc('\n', stdout);
+*/
+  mp_init(&x);
+  mp_init(&y);
+  printf("\nc = (a, b) = ax + by\n");
+
+  mp_xgcd(&a, &b, &c, &x, &y);
+  printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+  printf("x = "); mp_print(&x, stdout); fputc('\n', stdout);
+  printf("y = "); mp_print(&y, stdout); fputc('\n', stdout);
+
+  printf("\nc = a^-1 (mod b)\n");
+  if(mp_invmod(&a, &b, &c) == MP_UNDEF) {
+    printf("a has no inverse mod b\n");
+  } else {
+    printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+  }
+
+  mp_clear(&y);
+  mp_clear(&x);
+  mp_clear(&c);
+  mp_clear(&b);
+  mp_clear(&a);
+
+  return 0;
+}
diff --git a/security/nss/lib/freebl/mpi/tests/mptest-5a.c b/security/nss/lib/freebl/mpi/tests/mptest-5a.c
new file mode 100644
index 000000000..0cc2f0349
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/tests/mptest-5a.c
@@ -0,0 +1,165 @@
+/*
+ * Simple test driver for MPI library
+ *
+ * Test 5a: Greatest common divisor speed test, binary vs. Euclid
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <limits.h>
+#include <time.h>
+
+#include <sys/time.h>
+
+#include "mpi.h"
+#include "mpprime.h"
+
+typedef struct {
+  unsigned int  sec;
+  unsigned int  usec;
+} instant_t;
+
+instant_t now(void)
+{
+  struct timeval clk;
+  instant_t      res;
+
+  res.sec = res.usec = 0;
+
+  if(gettimeofday(&clk, NULL) != 0)
+    return res;
+
+  res.sec = clk.tv_sec;
+  res.usec = clk.tv_usec;
+
+  return res;
+}
+
+#define PRECISION 16
+
+int main(int argc, char *argv[])
+{
+  int          ix, num, prec = PRECISION;
+  mp_int       a, b, c, d;
+  instant_t    start, finish;
+  time_t       seed;
+  unsigned int d1, d2;
+
+  seed = time(NULL);
+
+  if(argc < 2) {
+    fprintf(stderr, "Usage: %s <num-tests>\n", argv[0]);
+    return 1;
+  }
+
+  if((num = atoi(argv[1])) < 0)
+    num = -num;
+
+  printf("Test 5a: Euclid vs. Binary, a GCD speed test\n\n"
+	 "Number of tests: %d\n"
+	 "Precision:       %d digits\n\n", num, prec);
+
+  mp_init_size(&a, prec);
+  mp_init_size(&b, prec);
+  mp_init(&c);
+  mp_init(&d);
+
+  printf("Verifying accuracy ... \n");
+  srand((unsigned int)seed);
+  for(ix = 0; ix < num; ix++) {
+    mpp_random_size(&a, prec);
+    mpp_random_size(&b, prec);
+
+    mp_gcd(&a, &b, &c);
+    mp_bgcd(&a, &b, &d);
+
+    if(mp_cmp(&c, &d) != 0) {
+      printf("Error!  Results not accurate:\n");
+      printf("a = "); mp_print(&a, stdout); fputc('\n', stdout);
+      printf("b = "); mp_print(&b, stdout); fputc('\n', stdout);
+      printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+      printf("d = "); mp_print(&d, stdout); fputc('\n', stdout);
+
+      mp_clear(&a); mp_clear(&b); mp_clear(&c); mp_clear(&d);
+      return 1;
+    }
+  }
+  mp_clear(&d);
+  printf("Accuracy confirmed for the %d test samples\n", num);
+
+  printf("Testing Euclid ... \n");
+  srand((unsigned int)seed);
+  start = now();
+  for(ix = 0; ix < num; ix++) {
+    mpp_random_size(&a, prec);
+    mpp_random_size(&b, prec);
+    mp_gcd(&a, &b, &c);
+
+  }
+  finish = now();
+
+  d1 = (finish.sec - start.sec) * 1000000;
+  d1 -= start.usec; d1 += finish.usec;
+
+  printf("Testing binary ... \n");
+  srand((unsigned int)seed);
+  start = now();
+  for(ix = 0; ix < num; ix++) {
+    mpp_random_size(&a, prec);
+    mpp_random_size(&b, prec);
+    mp_bgcd(&a, &b, &c);
+  }
+  finish = now();
+
+  d2 = (finish.sec - start.sec) * 1000000;
+  d2 -= start.usec; d2 += finish.usec;
+
+  printf("Euclidean algorithm time: %u usec\n", d1);
+  printf("Binary algorithm time:    %u usec\n", d2);
+  printf("Improvement:              %.2f%%\n",
+         (1.0 - ((double)d2 / (double)d1)) * 100.0);
+
+  mp_clear(&c);
+  mp_clear(&b);
+  mp_clear(&a);
+
+  return 0;
+}
diff --git a/security/nss/lib/freebl/mpi/tests/mptest-6.c b/security/nss/lib/freebl/mpi/tests/mptest-6.c
new file mode 100644
index 000000000..a587778c9
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/tests/mptest-6.c
@@ -0,0 +1,111 @@
+/*
+ *  Simple test driver for MPI library
+ *
+ *  Test 6: Output functions
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <limits.h>
+
+#include "mpi.h"
+
+void print_buf(FILE *ofp, char *buf, int len)
+{
+  int ix, brk = 0;
+
+  for(ix = 0; ix < len; ix++) {
+    fprintf(ofp, "%02X ", buf[ix]);
+
+    brk = (brk + 1) & 0xF;
+    if(!brk) 
+      fputc('\n', ofp);
+  }
+
+  if(brk)
+    fputc('\n', ofp);
+
+}
+
+int main(int argc, char *argv[])
+{
+  int       ix, size;
+  mp_int    a;
+  char     *buf;
+
+  if(argc < 2) {
+    fprintf(stderr, "Usage: %s <a>\n", argv[0]);
+    return 1;
+  }
+
+  printf("Test 6: Output functions\n\n");
+
+  mp_init(&a);
+
+  mp_read_radix(&a, argv[1], 10);
+
+  printf("\nConverting to a string:\n");
+
+  printf("Rx Size Representation\n");
+  for(ix = 2; ix <= MAX_RADIX; ix++) {
+    size = mp_radix_size(&a, ix);
+
+    buf = calloc(size, sizeof(char));
+    mp_toradix(&a, buf, ix);
+    printf("%2d: %3d: %s\n", ix, size, buf);
+    free(buf);
+
+  }
+
+  printf("\nRaw output:\n");
+  size = mp_raw_size(&a);
+  buf = calloc(size, sizeof(char));
+
+  printf("Size:  %d bytes\n", size);
+
+  mp_toraw(&a, buf);
+  print_buf(stdout, buf, size);
+  free(buf);
+  
+  mp_clear(&a);
+
+  return 0;
+}
diff --git a/security/nss/lib/freebl/mpi/tests/mptest-7.c b/security/nss/lib/freebl/mpi/tests/mptest-7.c
new file mode 100644
index 000000000..3153133cb
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/tests/mptest-7.c
@@ -0,0 +1,107 @@
+/*
+ *  Simple test driver for MPI library
+ *
+ *  Test 7: Random and divisibility tests
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <limits.h>
+#include <time.h>
+
+#define MP_IOFUNC 1
+#include "mpi.h"
+
+#include "mpprime.h"
+
+int main(int argc, char *argv[])
+{
+  mp_digit  num;
+  mp_int    a, b;
+
+  srand(time(NULL));
+
+  if(argc < 3) {
+    fprintf(stderr, "Usage: %s <a> <b>\n", argv[0]);
+    return 1;
+  }
+
+  printf("Test 7: Random & divisibility tests\n\n");
+
+  mp_init(&a);
+  mp_init(&b);
+
+  mp_read_radix(&a, argv[1], 10);
+  mp_read_radix(&b, argv[2], 10);
+
+  printf("a = "); mp_print(&a, stdout); fputc('\n', stdout);
+  printf("b = "); mp_print(&b, stdout); fputc('\n', stdout);
+
+  if(mpp_divis(&a, &b) == MP_YES)
+    printf("a is divisible by b\n");
+  else
+    printf("a is not divisible by b\n");
+
+  if(mpp_divis(&b, &a) == MP_YES)
+    printf("b is divisible by a\n");
+  else
+    printf("b is not divisible by a\n");
+
+  printf("\nb = mpp_random()\n");
+  mpp_random(&b);
+  printf("b = "); mp_print(&b, stdout); fputc('\n', stdout);
+  mpp_random(&b);
+  printf("b = "); mp_print(&b, stdout); fputc('\n', stdout);
+  mpp_random(&b);
+  printf("b = "); mp_print(&b, stdout); fputc('\n', stdout);
+
+  printf("\nTesting a for divisibility by first 170 primes\n");
+  num = 170;
+  if(mpp_divis_primes(&a, &num) == MP_YES)
+    printf("It is divisible by at least one of them\n");
+  else
+    printf("It is not divisible by any of them\n");
+
+  mp_clear(&b);
+  mp_clear(&a);
+
+  return 0;
+}
diff --git a/security/nss/lib/freebl/mpi/tests/mptest-8.c b/security/nss/lib/freebl/mpi/tests/mptest-8.c
new file mode 100644
index 000000000..8bff49b20
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/tests/mptest-8.c
@@ -0,0 +1,98 @@
+/*
+ *  Simple test driver for MPI library
+ *
+ *  Test 8: Probabilistic primality tester
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <limits.h>
+#include <time.h>
+
+#define MP_IOFUNC 1
+#include "mpi.h"
+
+#include "mpprime.h"
+
+int main(int argc, char *argv[])
+{
+  int       ix;
+  mp_digit  num;
+  mp_int    a;
+
+  srand(time(NULL));
+
+  if(argc < 2) {
+    fprintf(stderr, "Usage: %s <a>\n", argv[0]);
+    return 1;
+  }
+
+  printf("Test 8: Probabilistic primality testing\n\n");
+
+  mp_init(&a);
+
+  mp_read_radix(&a, argv[1], 10);
+
+  printf("a = "); mp_print(&a, stdout); fputc('\n', stdout);
+
+  printf("\nChecking for divisibility by small primes ... \n");
+  num = 170;
+  if(mpp_divis_primes(&a, &num) == MP_YES) {
+    printf("it is not prime\n");
+    goto CLEANUP;
+  }
+  printf("Passed that test (not divisible by any small primes).\n");
+
+  for(ix = 0; ix < 10; ix++) {
+    printf("\nPerforming Rabin-Miller test, iteration %d\n", ix + 1);
+
+    if(mpp_pprime(&a, 5) == MP_NO) {
+      printf("it is not prime\n");
+      goto CLEANUP;
+    }
+  }
+  printf("All tests passed; a is probably prime\n");
+
+CLEANUP:
+  mp_clear(&a);
+
+  return 0;
+}
diff --git a/security/nss/lib/freebl/mpi/tests/mptest-9.c b/security/nss/lib/freebl/mpi/tests/mptest-9.c
new file mode 100644
index 000000000..03444cba1
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/tests/mptest-9.c
@@ -0,0 +1,116 @@
+/*
+ *    mptest-9.c
+ *
+ *   Test logical functions
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <limits.h>
+#include <time.h>
+
+#include "mpi.h"
+#include "mplogic.h"
+
+int main(int argc, char *argv[])
+{
+  mp_int    a, b, c;
+  int       pco;
+  mp_err    res;
+
+  printf("Test 9: Logical functions\n\n");
+
+  if(argc < 3) {
+    fprintf(stderr, "Usage: %s <a> <b>\n", argv[0]);
+    return 1;
+  }
+
+  mp_init(&a); mp_init(&b); mp_init(&c);
+  mp_read_radix(&a, argv[1], 16);
+  mp_read_radix(&b, argv[2], 16);
+
+  printf("a       = "); mp_print(&a, stdout); fputc('\n', stdout);
+  printf("b       = "); mp_print(&b, stdout); fputc('\n', stdout);
+
+  mpl_not(&a, &c);
+  printf("~a      = "); mp_print(&c, stdout); fputc('\n', stdout);
+
+  mpl_and(&a, &b, &c);
+  printf("a & b   = "); mp_print(&c, stdout); fputc('\n', stdout);
+
+  mpl_or(&a, &b, &c);
+  printf("a | b   = "); mp_print(&c, stdout); fputc('\n', stdout);
+
+  mpl_xor(&a, &b, &c);
+  printf("a ^ b   = "); mp_print(&c, stdout); fputc('\n', stdout);
+
+  mpl_rsh(&a, &c, 1);
+  printf("a >>  1 = "); mp_print(&c, stdout); fputc('\n', stdout);
+  mpl_rsh(&a, &c, 5);
+  printf("a >>  5 = "); mp_print(&c, stdout); fputc('\n', stdout);
+  mpl_rsh(&a, &c, 16);
+  printf("a >> 16 = "); mp_print(&c, stdout); fputc('\n', stdout);
+
+  mpl_lsh(&a, &c, 1);
+  printf("a <<  1 = "); mp_print(&c, stdout); fputc('\n', stdout);
+  mpl_lsh(&a, &c, 5);
+  printf("a <<  5 = "); mp_print(&c, stdout); fputc('\n', stdout);
+  mpl_lsh(&a, &c, 16);
+  printf("a << 16 = "); mp_print(&c, stdout); fputc('\n', stdout);
+
+  mpl_num_set(&a, &pco);
+  printf("population(a) = %d\n", pco);
+  mpl_num_set(&b, &pco);
+  printf("population(b) = %d\n", pco);
+
+  res = mpl_parity(&a);
+  if(res == MP_EVEN)
+    printf("a has even parity\n");
+  else
+    printf("a has odd parity\n");
+  
+  mp_clear(&c);
+  mp_clear(&b);
+  mp_clear(&a);
+
+  return 0;
+}
+
diff --git a/security/nss/lib/freebl/mpi/tests/mptest-b.c b/security/nss/lib/freebl/mpi/tests/mptest-b.c
new file mode 100644
index 000000000..6da6b136a
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/tests/mptest-b.c
@@ -0,0 +1,220 @@
+/*
+ * Simple test driver for MPI library
+ *
+ * Test GF2m: Binary Polynomial Arithmetic
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Multi-precision Binary Polynomial Arithmetic Library.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 2001
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Sheueling Chang Shantz <sheueling.chang@sun.com> and
+ *   Douglas Stebila <douglas@stebila.ca> of Sun Laboratories.
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <limits.h>
+
+#include "mp_gf2m.h"
+
+int main(int argc, char *argv[])
+{
+    int      ix;
+    mp_int   pp, a, b, x, y, order;
+    mp_int   c, d, e;
+    mp_digit r;
+    mp_err   res;
+    unsigned int p[] = {163,7,6,3,0};
+    unsigned int ptemp[10];
+
+    printf("Test b: Binary Polynomial Arithmetic\n\n");
+
+    mp_init(&pp);
+    mp_init(&a);
+    mp_init(&b);
+    mp_init(&x);
+    mp_init(&y);
+    mp_init(&order);
+
+    mp_read_radix(&pp, "0800000000000000000000000000000000000000C9", 16);
+    mp_read_radix(&a, "1", 16);
+    mp_read_radix(&b, "020A601907B8C953CA1481EB10512F78744A3205FD", 16);
+    mp_read_radix(&x, "03F0EBA16286A2D57EA0991168D4994637E8343E36", 16);
+    mp_read_radix(&y, "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", 16);
+    mp_read_radix(&order, "040000000000000000000292FE77E70C12A4234C33", 16);
+    printf("pp = "); mp_print(&pp, stdout); fputc('\n', stdout);
+    printf("a = "); mp_print(&a, stdout); fputc('\n', stdout);
+    printf("b = "); mp_print(&b, stdout); fputc('\n', stdout);
+    printf("x = "); mp_print(&x, stdout); fputc('\n', stdout);
+    printf("y = "); mp_print(&y, stdout); fputc('\n', stdout);
+    printf("order = "); mp_print(&order, stdout); fputc('\n', stdout);
+
+    mp_init(&c);
+    mp_init(&d);
+    mp_init(&e);
+
+    /* Test polynomial conversion */
+    ix = mp_bpoly2arr(&pp, ptemp, 10);
+    if (
+	(ix != 5) ||
+	(ptemp[0] != p[0]) ||
+	(ptemp[1] != p[1]) ||
+	(ptemp[2] != p[2]) ||
+	(ptemp[3] != p[3]) ||
+	(ptemp[4] != p[4])
+    ) {
+	printf("Polynomial to array conversion not correct\n"); 
+	return -1;
+    }
+
+    printf("Polynomial conversion test #1 successful.\n");
+    MP_CHECKOK( mp_barr2poly(p, &c) );
+    if (mp_cmp(&pp, &c) != 0) {
+        printf("Array to polynomial conversion not correct\n"); 
+        return -1;
+    }
+    printf("Polynomial conversion test #2 successful.\n");
+
+    /* Test addition */
+    MP_CHECKOK( mp_badd(&a, &a, &c) );
+    if (mp_cmp_z(&c) != 0) {
+        printf("a+a should equal zero\n"); 
+        return -1;
+    }
+    printf("Addition test #1 successful.\n");
+    MP_CHECKOK( mp_badd(&a, &b, &c) );
+    MP_CHECKOK( mp_badd(&b, &c, &c) );
+    if (mp_cmp(&c, &a) != 0) {
+        printf("c = (a + b) + b should equal a\n"); 
+        printf("a = "); mp_print(&a, stdout); fputc('\n', stdout);
+        printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+        return -1;
+    }
+    printf("Addition test #2 successful.\n");
+    
+    /* Test multiplication */
+    mp_set(&c, 2);
+    MP_CHECKOK( mp_bmul(&b, &c, &c) );
+    MP_CHECKOK( mp_badd(&b, &c, &c) );
+    mp_set(&d, 3);
+    MP_CHECKOK( mp_bmul(&b, &d, &d) );
+    if (mp_cmp(&c, &d) != 0) {
+        printf("c = (2 * b) + b should equal c = 3 * b\n"); 
+        printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+        printf("d = "); mp_print(&d, stdout); fputc('\n', stdout);
+        return -1;
+    }
+    printf("Multiplication test #1 successful.\n");
+
+    /* Test modular reduction */
+    MP_CHECKOK( mp_bmod(&b, p, &c) );
+    if (mp_cmp(&b, &c) != 0) {
+        printf("c = b mod p should equal b\n"); 
+        printf("b = "); mp_print(&b, stdout); fputc('\n', stdout);
+        printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+        return -1;
+    }
+    printf("Modular reduction test #1 successful.\n");
+    MP_CHECKOK( mp_badd(&b, &pp, &c) );
+    MP_CHECKOK( mp_bmod(&c, p, &c) );
+    if (mp_cmp(&b, &c) != 0) {
+        printf("c = (b + p) mod p should equal b\n"); 
+        printf("b = "); mp_print(&b, stdout); fputc('\n', stdout);
+        printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+        return -1;
+    }
+    printf("Modular reduction test #2 successful.\n");
+    MP_CHECKOK( mp_bmul(&b, &pp, &c) );
+    MP_CHECKOK( mp_bmod(&c, p, &c) );
+    if (mp_cmp_z(&c) != 0) {
+        printf("c = (b * p) mod p should equal 0\n"); 
+        printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+        return -1;
+    }
+    printf("Modular reduction test #3 successful.\n");
+
+    /* Test modular multiplication */
+    MP_CHECKOK( mp_bmulmod(&b, &pp, p, &c) );
+    if (mp_cmp_z(&c) != 0) {
+        printf("c = (b * p) mod p should equal 0\n"); 
+        printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+        return -1;
+    }
+    printf("Modular multiplication test #1 successful.\n");
+    mp_set(&c, 1);
+    MP_CHECKOK( mp_badd(&pp, &c, &c) );
+    MP_CHECKOK( mp_bmulmod(&b, &c, p, &c) );
+    if (mp_cmp(&b, &c) != 0) {
+        printf("c = (b * (p + 1)) mod p should equal b\n"); 
+        printf("b = "); mp_print(&b, stdout); fputc('\n', stdout);
+        printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+        return -1;
+    }
+    printf("Modular multiplication test #2 successful.\n");
+
+    /* Test modular squaring */
+    MP_CHECKOK( mp_copy(&b, &c) );
+    MP_CHECKOK( mp_bmulmod(&b, &c, p, &c) );
+    MP_CHECKOK( mp_bsqrmod(&b, p, &d) );
+    if (mp_cmp(&c, &d) != 0) {
+        printf("c = (b * b) mod p should equal d = b^2 mod p\n"); 
+        printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+        printf("d = "); mp_print(&d, stdout); fputc('\n', stdout);
+        return -1;
+    }
+    printf("Modular squaring test #1 successful.\n");
+    
+    /* Test modular division */
+    MP_CHECKOK( mp_bdivmod(&b, &x, &pp, p, &c) );
+    MP_CHECKOK( mp_bmulmod(&c, &x, p, &c) );
+    if (mp_cmp(&b, &c) != 0) {
+        printf("c = (b / x) * x mod p should equal b\n"); 
+        printf("b = "); mp_print(&b, stdout); fputc('\n', stdout);
+        printf("c = "); mp_print(&c, stdout); fputc('\n', stdout);
+        return -1;
+    }
+    printf("Modular division test #1 successful.\n");
+
+CLEANUP:
+
+    mp_clear(&order);
+    mp_clear(&y);
+    mp_clear(&x);
+    mp_clear(&b);
+    mp_clear(&a);
+    mp_clear(&pp);
+
+    return 0;
+}
diff --git a/security/nss/lib/freebl/mpi/tests/pi1k.txt b/security/nss/lib/freebl/mpi/tests/pi1k.txt
new file mode 100644
index 000000000..5ff6209ff
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/tests/pi1k.txt
@@ -0,0 +1 @@
+31415926535897932384626433832795028841971693993751058209749445923078164062862089986280348253421170679821480865132823066470938446095505822317253594081284811174502841027019385211055596446229489549303819644288109756659334461284756482337867831652712019091456485669234603486104543266482133936072602491412737245870066063155881748815209209628292540917153643678925903600113305305488204665213841469519415116094330572703657595919530921861173819326117931051185480744623799627495673518857527248912279381830119491298336733624406566430860213949463952247371907021798609437027705392171762931767523846748184676694051320005681271452635608277857713427577896091736371787214684409012249534301465495853710507922796892589235420199561121290219608640344181598136297747713099605187072113499999983729780499510597317328160963185950244594553469083026425223082533446850352619311881710100031378387528865875332083814206171776691473035982534904287554687311595628638823537875937519577818577805321712268066130019278766111959092164201989
diff --git a/security/nss/lib/freebl/mpi/tests/pi2k.txt b/security/nss/lib/freebl/mpi/tests/pi2k.txt
new file mode 100644
index 000000000..9ce82acd1
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/tests/pi2k.txt
@@ -0,0 +1 @@
+314159265358979323846264338327950288419716939937510582097494459230781640628620899862803482534211706798214808651328230664709384460955058223172535940812848111745028410270193852110555964462294895493038196442881097566593344612847564823378678316527120190914564856692346034861045432664821339360726024914127372458700660631558817488152092096282925409171536436789259036001133053054882046652138414695194151160943305727036575959195309218611738193261179310511854807446237996274956735188575272489122793818301194912983367336244065664308602139494639522473719070217986094370277053921717629317675238467481846766940513200056812714526356082778577134275778960917363717872146844090122495343014654958537105079227968925892354201995611212902196086403441815981362977477130996051870721134999999837297804995105973173281609631859502445945534690830264252230825334468503526193118817101000313783875288658753320838142061717766914730359825349042875546873115956286388235378759375195778185778053217122680661300192787661119590921642019893809525720106548586327886593615338182796823030195203530185296899577362259941389124972177528347913151557485724245415069595082953311686172785588907509838175463746493931925506040092770167113900984882401285836160356370766010471018194295559619894676783744944825537977472684710404753464620804668425906949129331367702898915210475216205696602405803815019351125338243003558764024749647326391419927260426992279678235478163600934172164121992458631503028618297455570674983850549458858692699569092721079750930295532116534498720275596023648066549911988183479775356636980742654252786255181841757467289097777279380008164706001614524919217321721477235014144197356854816136115735255213347574184946843852332390739414333454776241686251898356948556209921922218427255025425688767179049460165346680498862723279178608578438382796797668145410095388378636095068006422512520511739298489608412848862694560424196528502221066118630674427862203919494504712371378696095636437191728746776465757396241389086583264599581339047802759010
diff --git a/security/nss/lib/freebl/mpi/tests/pi5k.txt b/security/nss/lib/freebl/mpi/tests/pi5k.txt
new file mode 100644
index 000000000..901fac2ea
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/tests/pi5k.txt
@@ -0,0 +1 @@
+314159265358979323846264338327950288419716939937510582097494459230781640628620899862803482534211706798214808651328230664709384460955058223172535940812848111745028410270193852110555964462294895493038196442881097566593344612847564823378678316527120190914564856692346034861045432664821339360726024914127372458700660631558817488152092096282925409171536436789259036001133053054882046652138414695194151160943305727036575959195309218611738193261179310511854807446237996274956735188575272489122793818301194912983367336244065664308602139494639522473719070217986094370277053921717629317675238467481846766940513200056812714526356082778577134275778960917363717872146844090122495343014654958537105079227968925892354201995611212902196086403441815981362977477130996051870721134999999837297804995105973173281609631859502445945534690830264252230825334468503526193118817101000313783875288658753320838142061717766914730359825349042875546873115956286388235378759375195778185778053217122680661300192787661119590921642019893809525720106548586327886593615338182796823030195203530185296899577362259941389124972177528347913151557485724245415069595082953311686172785588907509838175463746493931925506040092770167113900984882401285836160356370766010471018194295559619894676783744944825537977472684710404753464620804668425906949129331367702898915210475216205696602405803815019351125338243003558764024749647326391419927260426992279678235478163600934172164121992458631503028618297455570674983850549458858692699569092721079750930295532116534498720275596023648066549911988183479775356636980742654252786255181841757467289097777279380008164706001614524919217321721477235014144197356854816136115735255213347574184946843852332390739414333454776241686251898356948556209921922218427255025425688767179049460165346680498862723279178608578438382796797668145410095388378636095068006422512520511739298489608412848862694560424196528502221066118630674427862203919494504712371378696095636437191728746776465757396241389086583264599581339047802759009946576407895126946839835259570982582262052248940772671947826848260147699090264013639443745530506820349625245174939965143142980919065925093722169646151570985838741059788595977297549893016175392846813826868386894277415599185592524595395943104997252468084598727364469584865383673622262609912460805124388439045124413654976278079771569143599770012961608944169486855584840635342207222582848864815845602850601684273945226746767889525213852254995466672782398645659611635488623057745649803559363456817432411251507606947945109659609402522887971089314566913686722874894056010150330861792868092087476091782493858900971490967598526136554978189312978482168299894872265880485756401427047755513237964145152374623436454285844479526586782105114135473573952311342716610213596953623144295248493718711014576540359027993440374200731057853906219838744780847848968332144571386875194350643021845319104848100537061468067491927819119793995206141966342875444064374512371819217999839101591956181467514269123974894090718649423196156794520809514655022523160388193014209376213785595663893778708303906979207734672218256259966150142150306803844773454920260541466592520149744285073251866600213243408819071048633173464965145390579626856100550810665879699816357473638405257145910289706414011097120628043903975951567715770042033786993600723055876317635942187312514712053292819182618612586732157919841484882916447060957527069572209175671167229109816909152801735067127485832228718352093539657251210835791513698820914442100675103346711031412671113699086585163983150197016515116851714376576183515565088490998985998238734552833163550764791853589322618548963213293308985706420467525907091548141654985946163718027098199430992448895757128289059232332609729971208443357326548938239119325974636673058360414281388303203824903758985243744170291327656180937734440307074692112019130203303801976211011004492932151608424448596376698389522868478312355265821314495768572624334418930396864262434107732269780280731891544110104468232527162010526522721116603966655730925471105578537634668206531098965269186205647693125705863566201855810072936065987648611791045334885034611365768675324944166803962657978771855608455296541266540853061434443185867697514566140680070023787765913440171274947042056223053899456131407112700040785473326993908145466464588079727082668306343285878569830523580893306575740679545716377525420211495576158140025012622859413021647155097925923099079654737612551765675135751782966645477917450112996148903046399471329621073404375189573596145890193897131117904297828564750320319869151402870808599048010941214722131794764777262241425485454033215718530614228813758504306332175182979866223717215916077166925474873898665494945011465406284336639379003976926567214638530673609657120918076383271664162748888007869256029022847210403172118608204190004229661711963779213375751149595015660496318629472654736425230817703675159067350235072835405670403867435136222247715891504953098444893330963408780769325993978054193414473774418426312986080998886874132604721
diff --git a/security/nss/lib/freebl/mpi/timetest b/security/nss/lib/freebl/mpi/timetest
new file mode 100755
index 000000000..ee896d54a
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/timetest
@@ -0,0 +1,136 @@
+#!/bin/sh
+
+# Simple timing test for the MPI library.  Basically, we use prime
+# generation as a timing test, since it exercises most of the pathways
+# of the library fairly heavily.  The 'primegen' tool outputs a line
+# summarizing timing results.  We gather these and process them for
+# statistical information, which is collected into a file.
+
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+#
+# The Initial Developer of the Original Code is
+# Michael J. Fromberger <sting@linguist.dartmouth.edu>.
+# Portions created by the Initial Developer are Copyright (C) 2000
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#   Netscape Communications Corporation
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+# 
+# $Id$
+#
+
+# Avoid using built-in shell echoes
+ECHO=/bin/echo
+MAKE=gmake
+PERL=perl
+
+# Use a fixed seed so timings will be more consistent
+# This one is the 11th-18th decimal digits of 'e'
+#export SEED=45904523
+SEED=45904523; export SEED
+
+#------------------------------------------------------------------------
+
+$ECHO "\n** Running timing tests for MPI library\n"
+
+$ECHO "Bringing 'metime' up to date ... "
+if $MAKE metime ; then
+    :
+else 
+    $ECHO "\nMake failed to build metime.\n"
+    exit 1
+fi
+
+if [ ! -x ./metime ] ; then 
+    $ECHO "\nCannot find 'metime' program, testing cannot continue.\n"
+    exit 1
+fi
+
+#------------------------------------------------------------------------
+
+$ECHO "Bringing 'primegen' up to date ... "
+if $MAKE primegen ; then
+    :
+else
+    $ECHO "\nMake failed to build primegen.\n"
+    exit 1
+fi
+
+if [ ! -x ./primegen ] ; then
+    $ECHO "\nCannot find 'primegen' program, testing cannot continue.\n"
+    exit 1
+fi
+
+#------------------------------------------------------------------------
+
+rm -f timing-results.txt
+touch timing-results.txt
+
+sizes="256 512 1024 2048"
+ntests=10
+
+trap 'echo "oop!";rm -f tt*.tmp timing-results.txt;exit 0' INT HUP
+
+$ECHO "\n-- Modular exponentiation\n"
+$ECHO "Modular exponentiation:" >> timing-results.txt
+
+$ECHO "Running $ntests modular exponentiations per test:"
+for size in $sizes ; do
+    $ECHO "- Gathering statistics for $size bits ... "
+    secs=`./metime $ntests $size | tail -1 | awk '{print $2}'`
+    $ECHO "$size: " $secs " seconds per op" >> timing-results.txt
+    tail -1 timing-results.txt
+done
+
+$ECHO "<done>";
+
+sizes="256 512 1024"
+ntests=1
+
+$ECHO "\n-- Prime generation\n"
+$ECHO "Prime generation:" >> timing-results.txt
+
+$ECHO "Generating $ntests prime values per test:"
+for size in $sizes ; do
+    $ECHO "- Gathering statistics for $size bits ... "
+    ./primegen $size $ntests | grep ticks | awk '{print $7}' | tr -d '(' > tt$$.tmp
+    $ECHO "$size:" >> timing-results.txt
+    $PERL stats tt$$.tmp >> timing-results.txt
+    tail -1 timing-results.txt
+    rm -f tt$$.tmp
+done
+
+$ECHO "<done>"
+
+trap 'rm -f tt*.tmp timing-results.txt' INT HUP
+
+exit 0
+
diff --git a/security/nss/lib/freebl/mpi/types.pl b/security/nss/lib/freebl/mpi/types.pl
new file mode 100755
index 000000000..6933d0dfe
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/types.pl
@@ -0,0 +1,162 @@
+#!/usr/bin/perl
+
+#
+# types.pl - find recommended type definitions for digits and words
+#
+# This script scans the Makefile for the C compiler and compilation
+# flags currently in use, and using this combination, attempts to
+# compile a simple test program that outputs the sizes of the various
+# unsigned integer types, in bytes.  Armed with these, it finds all
+# the "viable" type combinations for mp_digit and mp_word, where
+# viability is defined by the requirement that mp_word be at least two
+# times the precision of mp_digit.
+#
+# Of these, the one with the largest digit size is chosen, and
+# appropriate typedef statements are written to standard output.
+
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+#
+# The Initial Developer of the Original Code is
+# Michael J. Fromberger <sting@linguist.dartmouth.edu>.
+# Portions created by the Initial Developer are Copyright (C) 2000
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+# $Id$
+#
+
+@_=split(/\//,$0);chomp($prog=pop(@_));
+
+# The array of integer types to be considered...
+@TYPES = ( 
+	   "unsigned char", 
+	   "unsigned short", 
+	   "unsigned int", 
+	   "unsigned long"
+);
+
+# Macro names for the maximum unsigned value of each type
+%TMAX = ( 
+	  "unsigned char"   => "UCHAR_MAX",
+	  "unsigned short"  => "USHRT_MAX",
+	  "unsigned int"    => "UINT_MAX",
+	  "unsigned long"   => "ULONG_MAX"
+);
+
+# Read the Makefile to find out which C compiler to use
+open(MFP, "<Makefile") or die "$prog: Makefile: $!\n";
+while(<MFP>) {
+    chomp;
+    if(/^CC=(.*)$/) {
+	$cc = $1;
+	last if $cflags;
+    } elsif(/^CFLAGS=(.*)$/) {
+	$cflags = $1;
+	last if $cc;
+    }
+}
+close(MFP);
+
+# If we couldn't find that, use 'cc' by default
+$cc = "cc" unless $cc;
+
+printf STDERR "Using '%s' as the C compiler.\n", $cc;
+
+print STDERR "Determining type sizes ... \n";
+open(OFP, ">tc$$.c") or die "$prog: tc$$.c: $!\n";
+print OFP "#include <stdio.h>\n\nint main(void)\n{\n";
+foreach $type (@TYPES) {
+    printf OFP "\tprintf(\"%%d\\n\", (int)sizeof(%s));\n", $type;
+}
+print OFP "\n\treturn 0;\n}\n";
+close(OFP);
+
+system("$cc $cflags -o tc$$ tc$$.c");
+
+die "$prog: unable to build test program\n" unless(-x "tc$$");
+
+open(IFP, "./tc$$|") or die "$prog: can't execute test program\n";
+$ix = 0;
+while(<IFP>) {
+    chomp;
+    $size{$TYPES[$ix++]} = $_;
+}
+close(IFP);
+
+unlink("tc$$");
+unlink("tc$$.c");
+
+print STDERR "Selecting viable combinations ... \n";
+while(($type, $size) = each(%size)) {
+    push(@ts, [ $size, $type ]);
+}
+
+# Sort them ascending by size 
+@ts = sort { $a->[0] <=> $b->[0] } @ts;
+
+# Try all possible combinations, finding pairs in which the word size
+# is twice the digit size.  The number of possible pairs is too small
+# to bother doing this more efficiently than by brute force
+for($ix = 0; $ix <= $#ts; $ix++) {
+    $w = $ts[$ix];
+
+    for($jx = 0; $jx <= $#ts; $jx++) {
+	$d = $ts[$jx];
+
+	if($w->[0] == 2 * $d->[0]) {
+	    push(@valid, [ $d, $w ]);
+	}
+    }
+}
+
+# Sort descending by digit size
+@valid = sort { $b->[0]->[0] <=> $a->[0]->[0] } @valid;
+
+# Select the maximum as the recommended combination
+$rec = shift(@valid);
+
+printf("typedef %-18s mp_sign;\n", "char");
+printf("typedef %-18s mp_digit;  /* %d byte type */\n", 
+       $rec->[0]->[1], $rec->[0]->[0]);
+printf("typedef %-18s mp_word;   /* %d byte type */\n", 
+       $rec->[1]->[1], $rec->[1]->[0]);
+printf("typedef %-18s mp_size;\n", "unsigned int");
+printf("typedef %-18s mp_err;\n\n", "int");
+
+printf("#define %-18s (CHAR_BIT*sizeof(mp_digit))\n", "DIGIT_BIT");
+printf("#define %-18s %s\n", "DIGIT_MAX", $TMAX{$rec->[0]->[1]});
+printf("#define %-18s (CHAR_BIT*sizeof(mp_word))\n", "MP_WORD_BIT");
+printf("#define %-18s %s\n\n", "MP_WORD_MAX", $TMAX{$rec->[1]->[1]});
+printf("#define %-18s (DIGIT_MAX+1)\n\n", "RADIX");
+
+printf("#define %-18s \"%%0%dX\"\n", "DIGIT_FMT", (2 * $rec->[0]->[0]));
+
+exit 0;
diff --git a/security/nss/lib/freebl/mpi/utils/LICENSE b/security/nss/lib/freebl/mpi/utils/LICENSE
new file mode 100644
index 000000000..5f96df7ab
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/utils/LICENSE
@@ -0,0 +1,4 @@
+Within this directory, each of the file listed below is licensed under 
+the terms given in the file LICENSE-MPL, also in this directory.
+
+PRIMES
diff --git a/security/nss/lib/freebl/mpi/utils/LICENSE-MPL b/security/nss/lib/freebl/mpi/utils/LICENSE-MPL
new file mode 100644
index 000000000..d1f78f522
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/utils/LICENSE-MPL
@@ -0,0 +1,35 @@
+***** BEGIN LICENSE BLOCK *****
+Version: MPL 1.1/GPL 2.0/LGPL 2.1
+
+The contents of this file are subject to the Mozilla Public License Version
+1.1 (the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+http://www.mozilla.org/MPL/
+
+Software distributed under the License is distributed on an "AS IS" basis,
+WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+for the specific language governing rights and limitations under the
+License.
+
+The Original Code is the Netscape security libraries.
+
+The Initial Developer of the Original Code is Netscape
+Communications Corporation.  Portions created by Netscape are 
+Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+Rights Reserved.
+
+Contributor(s):
+
+Alternatively, the contents of this file may be used under the terms of
+either the GNU General Public License Version 2 or later (the "GPL"), or
+the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+in which case the provisions of the GPL or the LGPL are applicable instead
+of those above. If you wish to allow use of your version of this file only
+under the terms of either the GPL or the LGPL, and not to allow others to
+use your version of this file under the terms of the MPL, indicate your
+decision by deleting the provisions above and replace them with the notice
+and other provisions required by the GPL or the LGPL. If you do not delete
+the provisions above, a recipient may use your version of this file under
+the terms of any one of the MPL, the GPL or the LGPL.
+
+***** END LICENSE BLOCK *****
diff --git a/security/nss/lib/freebl/mpi/utils/PRIMES b/security/nss/lib/freebl/mpi/utils/PRIMES
new file mode 100644
index 000000000..ed65703ff
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/utils/PRIMES
@@ -0,0 +1,41 @@
+Probable primes (sorted by number of significant bits)
+
+ 128: 81386202757205669562183851789305348631
+
+ 128: 180241813863264101444573802809858694397
+
+ 128: 245274683055224433281596312431122059021
+
+ 128: 187522309397665259809392608791686659539
+
+ 256: 83252422946206411852330647237287722547866360773229941071371588246436\
+      513990159
+
+ 256: 79132571131322331023736933767063051273085304521895229780914612117520\
+      058517909
+
+ 256: 72081815425552909748220041100909735706208853818662000557743644603407\
+      965465527
+
+ 256: 87504602391905701494845474079163412737334477797316409702279059573654\
+      274811271
+
+ 512: 12233064210800062190450937494718705259777386009095453001870729392786\
+      63450255179083524798507997690270500580265258111668148238355016411719\
+      9168737693316468563
+
+ 512: 12003639081420725322369909586347545220275253633035565716386136197501\
+      88208318984400479275215620499883521216480724155582768193682335576385\
+      2069481074929084063
+
+1024: 16467877625718912296741904171202513097057724053648819680815842057593\
+      20371835940722471475475803725455063836431454757000451907612224427007\
+      63984592414360595161051906727075047683803534852982766542661204179549\
+      77327573530800542562611753617736693359790119074768292178493884576587\
+      0230450429880021317876149636714743053
+
+1024: 16602953991090311275234291158294516471009930684624948451178742895360\
+      86073703307475884280944414508444679430090561246728195735962931545473\
+      40743240318558456247740186704660778277799687988031119436541068736925\
+      20563780233711166724859277827382391527748470939542560819625727876091\
+      5372193745283891895989104479029844957
diff --git a/security/nss/lib/freebl/mpi/utils/README b/security/nss/lib/freebl/mpi/utils/README
new file mode 100644
index 000000000..90da5fee5
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/utils/README
@@ -0,0 +1,241 @@
+***** BEGIN LICENSE BLOCK *****
+Version: MPL 1.1/GPL 2.0/LGPL 2.1
+
+The contents of this file are subject to the Mozilla Public License Version
+1.1 (the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+http://www.mozilla.org/MPL/
+
+Software distributed under the License is distributed on an "AS IS" basis,
+WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+for the specific language governing rights and limitations under the
+License.
+
+The Original Code is the MPI Arbitrary Precision Integer Arithmetic
+library.
+
+The Initial Developer of the Original Code is
+Michael J. Fromberger <sting@linguist.dartmouth.edu>
+Portions created by the Initial Developer are Copyright (C) 1998, 2000
+the Initial Developer. All Rights Reserved.
+
+Contributor(s):
+
+Alternatively, the contents of this file may be used under the terms of
+either the GNU General Public License Version 2 or later (the "GPL"), or
+the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+in which case the provisions of the GPL or the LGPL are applicable instead
+of those above. If you wish to allow use of your version of this file only
+under the terms of either the GPL or the LGPL, and not to allow others to
+use your version of this file under the terms of the MPL, indicate your
+decision by deleting the provisions above and replace them with the notice
+and other provisions required by the GPL or the LGPL. If you do not delete
+the provisions above, a recipient may use your version of this file under
+the terms of any one of the MPL, the GPL or the LGPL.
+
+***** END LICENSE BLOCK *****
+
+Additional MPI utilities
+------------------------
+
+The files 'mpprime.h' and 'mpprime.c' define some useful extensions to
+the MPI library for dealing with prime numbers (in particular, testing
+for divisbility, and the Rabin-Miller probabilistic primality test).
+
+The files 'mplogic.h' and 'mplogic.c' define extensions to the MPI
+library for doing bitwise logical operations and shifting.
+
+This document assumes you have read the help file for the MPI library
+and understand its conventions.
+
+Divisibility (mpprime.h)
+------------
+
+To test a number for divisibility by another number:
+
+mpp_divis(a, b)		- test if b|a
+mpp_divis_d(a, d)	- test if d|a
+
+Each of these functions returns MP_YES if its initial argument is
+divisible by its second, or MP_NO if it is not.  Other errors may be
+returned as appropriate (such as MP_RANGE if you try to test for
+divisibility by zero).
+
+Randomness (mpprime.h)
+----------
+
+To generate random data:
+
+mpp_random(a)		- fill a with random data
+mpp_random_size(a, p)   - fill a with p digits of random data
+
+The mpp_random_size() function increases the precision of a to at
+least p, then fills all those digits randomly.  The mp_random()
+function fills a to its current precision (as determined by the number
+of significant digits, USED(a))
+
+Note that these functions simply use the C library's rand() function
+to fill a with random digits up to its precision.  This should be
+adequate for primality testing, but should not be used for
+cryptographic applications where truly random values are required for
+security.  
+
+You should call srand() in your driver program in order to seed the
+random generator; this function doesn't call it.
+
+Primality Testing (mpprime.h)
+-----------------
+
+mpp_divis_vector(a, v, s, w)   - is a divisible by any of the s values
+                                 in v, and if so, w = which.
+mpp_divis_primes(a, np)   - is a divisible by any of the first np primes?
+mpp_fermat(a, w)          - is a pseudoprime with respect to witness w?
+mpp_pprime(a, nt)	  - run nt iterations of Rabin-Miller on a.
+
+The mpp_divis_vector() function tests a for divisibility by each
+member of an array of digits.  The array is v, the size of that array
+is s.  Returns MP_YES if a is divisible, and stores the index of the
+offending digit in w.  Returns MP_NO if a is not divisible by any of
+the digits in the array.
+
+A small table of primes is compiled into the library (typically the
+first 128 primes, although you can change this by editing the file
+'primes.c' before you build).  The global variable prime_tab_size
+contains the number of primes in the table, and the values themselves
+are in the array prime_tab[], which is an array of mp_digit.
+
+The mpp_divis_primes() function is basically just a wrapper around
+mpp_divis_vector() that uses prime_tab[] as the test vector.  The np
+parameter is a pointer to an mp_digit -- on input, it should specify
+the number of primes to be tested against.  If a is divisible by any
+of the primes, MP_YES is returned and np is given the prime value that
+divided a (you can use this if you're factoring, for example).
+Otherwise, MP_NO is returned and np is untouched.
+
+The function mpp_fermat() performs Fermat's test, using w as a
+witness.  This test basically relies on the fact that if a is prime,
+and w is relatively prime to a, then:
+
+	w^a = w (mod a)
+
+That is,
+
+	w^(a - 1) = 1 (mod a)
+
+The function returns MP_YES if the test passes, MP_NO if it fails.  If
+w is relatively prime to a, and the test fails, a is definitely
+composite.  If w is relatively prime to a and the test passes, then a
+is either prime, or w is a false witness (the probability of this
+happening depends on the choice of w and of a ... consult a number
+theory textbook for more information about this).  
+
+Note:  If (w, a) != 1, the output of this test is meaningless.
+----
+
+The function mpp_pprime() performs the Rabin-Miller probabilistic
+primality test for nt rounds.  If all the tests pass, MP_YES is
+returned, and a is probably prime.  The probability that an answer of
+MP_YES is incorrect is no greater than 1 in 4^nt, and in fact is
+usually much less than that (this is a pessimistic estimate).  If any
+test fails, MP_NO is returned, and a is definitely composite.
+
+Bruce Schneier recommends at least 5 iterations of this test for most
+cryptographic applications; Knuth suggests that 25 are reasonable.
+Run it as many times as you feel are necessary.
+
+See the programs 'makeprime.c' and 'isprime.c' for reasonable examples
+of how to use these functions for primality testing.
+
+
+Bitwise Logic (mplogic.c)
+-------------
+
+The four commonest logical operations are implemented as:
+
+mpl_not(a, b)		- Compute bitwise (one's) complement, b = ~a
+
+mpl_and(a, b, c)	- Compute bitwise AND, c = a & b
+
+mpl_or(a, b, c)		- Compute bitwise OR, c = a | b
+
+mpl_xor(a, b, c)	- Compute bitwise XOR, c = a ^ b
+
+Left and right shifts are available as well.  These take a number to
+shift, a destination, and a shift amount.  The shift amount must be a
+digit value between 0 and DIGIT_BIT inclusive; if it is not, MP_RANGE
+will be returned and the shift will not happen.
+
+mpl_rsh(a, b, d)	- Compute logical right shift, b = a >> d
+
+mpl_lsh(a, b, d)	- Compute logical left shift, b = a << d
+
+Since these are logical shifts, they fill with zeroes (the library
+uses a signed magnitude representation, so there are no sign bits to
+extend anyway).
+
+
+Command-line Utilities
+----------------------
+
+A handful of interesting command-line utilities are provided.  These
+are:
+
+lap.c		- Find the order of a mod m.  Usage is 'lap <a> <m>'.
+                  This uses a dumb algorithm, so don't use it for 
+                  a really big modulus.
+
+invmod.c	- Find the inverse of a mod m, if it exists.  Usage
+		  is 'invmod <a> <m>'
+
+sieve.c		- A simple bitmap-based implementation of the Sieve
+		  of Eratosthenes.  Used to generate the table of 
+		  primes in primes.c.  Usage is 'sieve <nbits>'
+
+prng.c          - Uses the routines in bbs_rand.{h,c} to generate
+                  one or more 32-bit pseudo-random integers.  This
+                  is mainly an example, not intended for use in a
+                  cryptographic application (the system time is 
+                  the only source of entropy used)
+
+dec2hex.c       - Convert decimal to hexadecimal
+
+hex2dec.c       - Convert hexadecimal to decimal
+
+basecvt.c       - General radix conversion tool (supports 2-64)
+
+isprime.c       - Probabilistically test an integer for primality
+                  using the Rabin-Miller pseudoprime test combined
+                  with division by small primes.
+
+primegen.c      - Generate primes at random.
+
+exptmod.c       - Perform modular exponentiation
+
+ptab.pl		- A Perl script to munge the output of the sieve
+		  program into a compilable C structure.
+
+
+Other Files
+-----------
+
+PRIMES		- Some randomly generated numbers which are prime with
+		  extremely high probability.
+
+README		- You're reading me already.
+
+
+About the Author
+----------------
+
+This software was written by Michael J. Fromberger.  You can contact
+the author as follows:
+
+E-mail:	  <sting@linguist.dartmouth.edu>
+
+Postal:	  8000 Cummings Hall, Thayer School of Engineering
+	  Dartmouth College, Hanover, New Hampshire, USA
+
+PGP key:  http://linguist.dartmouth.edu/~sting/keys/mjf.html
+          9736 188B 5AFA 23D6 D6AA  BE0D 5856 4525 289D 9907
+
+Last updated:  $Id$
diff --git a/security/nss/lib/freebl/mpi/utils/basecvt.c b/security/nss/lib/freebl/mpi/utils/basecvt.c
new file mode 100644
index 000000000..cf6d61196
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/utils/basecvt.c
@@ -0,0 +1,100 @@
+/*
+ *  basecvt.c
+ *
+ *  Convert integer values specified on the command line from one input
+ *  base to another.  Accepts input and output bases between 2 and 36
+ *  inclusive.
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "mpi.h"
+
+#define IBASE     10
+#define OBASE     16
+#define USAGE     "Usage: %s ibase obase [value]\n"
+#define MAXBASE   64
+#define MINBASE   2
+
+int main(int argc, char *argv[])
+{
+  int    ix, ibase = IBASE, obase = OBASE;
+  mp_int val;
+
+  ix = 1;
+  if(ix < argc) {
+    ibase = atoi(argv[ix++]);
+    
+    if(ibase < MINBASE || ibase > MAXBASE) {
+      fprintf(stderr, "%s: input radix must be between %d and %d inclusive\n",
+	      argv[0], MINBASE, MAXBASE);
+      return 1;
+    }
+  }
+  if(ix < argc) {
+    obase = atoi(argv[ix++]);
+
+    if(obase < MINBASE || obase > MAXBASE) {
+      fprintf(stderr, "%s: output radix must be between %d and %d inclusive\n",
+	      argv[0], MINBASE, MAXBASE);
+      return 1;
+    }
+  }
+
+  mp_init(&val);
+  while(ix < argc) {
+    char  *out;
+    int    outlen;
+
+    mp_read_radix(&val, argv[ix++], ibase);
+
+    outlen = mp_radix_size(&val, obase);
+    out = calloc(outlen, sizeof(char));
+    mp_toradix(&val, out, obase);
+
+    printf("%s\n", out);
+    free(out);
+  }
+
+  mp_clear(&val);
+
+  return 0;
+}
diff --git a/security/nss/lib/freebl/mpi/utils/bbs_rand.c b/security/nss/lib/freebl/mpi/utils/bbs_rand.c
new file mode 100644
index 000000000..8ec867d14
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/utils/bbs_rand.c
@@ -0,0 +1,96 @@
+/*
+ *  Blum, Blum & Shub PRNG using the MPI library
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include "bbs_rand.h"
+
+#define SEED     1
+#define MODULUS  2
+
+/* This modulus is the product of two randomly generated 512-bit
+   prime integers, each of which is congruent to 3 (mod 4).          */
+static char *bbs_modulus = 
+"75A2A6E1D27393B86562B9CE7279A8403CB4258A637DAB5233465373E37837383EDC"
+"332282B8575927BC4172CE8C147B4894050EE9D2BDEED355C121037270CA2570D127"
+"7D2390CD1002263326635CC6B259148DE3A1A03201980A925E395E646A5E9164B0EC"
+"28559EBA58C87447245ADD0651EDA507056A1129E3A3E16E903D64B437";
+
+static int    bbs_init = 0;  /* flag set when library is initialized */
+static mp_int bbs_state;     /* the current state of the generator   */
+
+/* Suggested size of random seed data */
+int           bbs_seed_size = (sizeof(bbs_modulus) / 2);
+
+void         bbs_srand(unsigned char *data, int len)
+{
+  if((bbs_init & SEED) == 0) {
+    mp_init(&bbs_state);
+    bbs_init |= SEED;
+  }
+
+  mp_read_raw(&bbs_state, (char *)data, len);
+
+} /* end bbs_srand() */
+
+unsigned int bbs_rand(void)
+{
+  static mp_int   modulus;
+  unsigned int    result = 0, ix;
+
+  if((bbs_init & MODULUS) == 0) {
+    mp_init(&modulus);
+    mp_read_radix(&modulus, bbs_modulus, 16);
+    bbs_init |= MODULUS;
+  }
+
+  for(ix = 0; ix < sizeof(unsigned int); ix++) {
+    mp_digit   d;
+
+    mp_sqrmod(&bbs_state, &modulus, &bbs_state);
+    d = DIGIT(&bbs_state, 0);
+
+    result = (result << CHAR_BIT) | (d & UCHAR_MAX);
+  }
+
+  return result;
+
+} /* end bbs_rand() */
+
+/*------------------------------------------------------------------------*/
+/* HERE THERE BE DRAGONS                                                  */
diff --git a/security/nss/lib/freebl/mpi/utils/bbs_rand.h b/security/nss/lib/freebl/mpi/utils/bbs_rand.h
new file mode 100644
index 000000000..3bfe2d7fe
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/utils/bbs_rand.h
@@ -0,0 +1,57 @@
+/*
+ *  bbs_rand.h
+ *
+ *  Blum, Blum & Shub PRNG using the MPI library
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#ifndef _H_BBSRAND_
+#define _H_BBSRAND_
+
+#include <limits.h>
+#include "mpi.h"
+
+#define  BBS_RAND_MAX    UINT_MAX
+
+/* Suggested length of seed data */
+extern int bbs_seed_size;
+
+void         bbs_srand(unsigned char *data, int len);
+unsigned int bbs_rand(void);
+
+#endif /* end _H_BBSRAND_ */
diff --git a/security/nss/lib/freebl/mpi/utils/bbsrand.c b/security/nss/lib/freebl/mpi/utils/bbsrand.c
new file mode 100644
index 000000000..317058d69
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/utils/bbsrand.c
@@ -0,0 +1,67 @@
+/*
+ *  bbsrand.c
+ *
+ *  Test driver for routines in bbs_rand.h
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <limits.h>
+
+#include "bbs_rand.h"
+
+#define NUM_TESTS   100
+
+int main(void)
+{
+  unsigned int   seed, result, ix;
+
+  seed = time(NULL);
+  bbs_srand((unsigned char *)&seed, sizeof(seed));
+
+  for(ix = 0; ix < NUM_TESTS; ix++) {
+    result = bbs_rand();
+    
+    printf("Test %3u: %08X\n", ix + 1, result);
+  }
+
+  return 0;
+}
diff --git a/security/nss/lib/freebl/mpi/utils/dec2hex.c b/security/nss/lib/freebl/mpi/utils/dec2hex.c
new file mode 100644
index 000000000..a1658b54b
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/utils/dec2hex.c
@@ -0,0 +1,71 @@
+/*
+ *  dec2hex.c
+ *
+ *  Convert decimal integers into hexadecimal
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "mpi.h"
+
+int main(int argc, char *argv[])
+{
+  mp_int  a;
+  char   *buf;
+  int     len;
+
+  if(argc < 2) {
+    fprintf(stderr, "Usage: %s <a>\n", argv[0]);
+    return 1;
+  }
+
+  mp_init(&a); mp_read_radix(&a, argv[1], 10);
+  len = mp_radix_size(&a, 16);
+  buf = malloc(len);
+  mp_toradix(&a, buf, 16);
+
+  printf("%s\n", buf);
+
+  free(buf);
+  mp_clear(&a);
+
+  return 0;
+}
diff --git a/security/nss/lib/freebl/mpi/utils/exptmod.c b/security/nss/lib/freebl/mpi/utils/exptmod.c
new file mode 100644
index 000000000..e1a87fa50
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/utils/exptmod.c
@@ -0,0 +1,83 @@
+/*
+ *  exptmod.c
+ *
+ * Command line tool to perform modular exponentiation on arbitrary
+ * precision integers.
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "mpi.h"
+
+int main(int argc, char *argv[])
+{
+  mp_int  a, b, m;
+  mp_err  res;
+  char   *str;
+  int     len, rval = 0;
+
+  if(argc < 3) {
+    fprintf(stderr, "Usage: %s <a> <b> <m>\n", argv[0]);
+    return 1;
+  }
+
+  mp_init(&a); mp_init(&b); mp_init(&m);
+  mp_read_radix(&a, argv[1], 10);
+  mp_read_radix(&b, argv[2], 10);
+  mp_read_radix(&m, argv[3], 10);
+
+  if((res = mp_exptmod(&a, &b, &m, &a)) != MP_OKAY) {
+    fprintf(stderr, "%s: error: %s\n", argv[0], mp_strerror(res));
+    rval = 1;
+  } else {
+    len = mp_radix_size(&a, 10);
+    str = calloc(len, sizeof(char));
+    mp_toradix(&a, str, 10);
+
+    printf("%s\n", str);
+
+    free(str);
+  }
+
+  mp_clear(&a); mp_clear(&b); mp_clear(&m);
+
+  return rval;
+}
diff --git a/security/nss/lib/freebl/mpi/utils/fact.c b/security/nss/lib/freebl/mpi/utils/fact.c
new file mode 100644
index 000000000..d549cfa74
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/utils/fact.c
@@ -0,0 +1,115 @@
+/*
+ * fact.c
+ *
+ * Compute factorial of input integer
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "mpi.h"
+
+mp_err mp_fact(mp_int *a, mp_int *b);
+
+int main(int argc, char *argv[])
+{
+  mp_int  a;
+  mp_err  res;
+
+  if(argc < 2) {
+    fprintf(stderr, "Usage: %s <number>\n", argv[0]);
+    return 1;
+  }
+
+  mp_init(&a);
+  mp_read_radix(&a, argv[1], 10);
+
+  if((res = mp_fact(&a, &a)) != MP_OKAY) {
+    fprintf(stderr, "%s: error: %s\n", argv[0],
+	    mp_strerror(res));
+    mp_clear(&a);
+    return 1;
+  }
+
+  {
+    char  *buf;
+    int    len;
+
+    len = mp_radix_size(&a, 10);
+    buf = malloc(len);
+    mp_todecimal(&a, buf);
+
+    puts(buf);
+
+    free(buf);
+  }
+
+  mp_clear(&a);
+  return 0;
+}
+
+mp_err mp_fact(mp_int *a, mp_int *b)
+{
+  mp_int    ix, s;
+  mp_err    res = MP_OKAY;
+
+  if(mp_cmp_z(a) < 0)
+    return MP_UNDEF;
+
+  mp_init(&s);
+  mp_add_d(&s, 1, &s);   /* s = 1  */
+  mp_init(&ix);
+  mp_add_d(&ix, 1, &ix); /* ix = 1 */
+
+  for(/*  */; mp_cmp(&ix, a) <= 0; mp_add_d(&ix, 1, &ix)) {
+    if((res = mp_mul(&s, &ix, &s)) != MP_OKAY)
+      break;
+  }
+
+  mp_clear(&ix);
+
+  /* Copy out results if we got them */
+  if(res == MP_OKAY)
+    mp_copy(&s, b);
+
+  mp_clear(&s);
+
+  return res;
+}
diff --git a/security/nss/lib/freebl/mpi/utils/gcd.c b/security/nss/lib/freebl/mpi/utils/gcd.c
new file mode 100644
index 000000000..11980b86e
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/utils/gcd.c
@@ -0,0 +1,119 @@
+/*
+ *  gcd.c
+ *
+ *  Greatest common divisor
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "mpi.h"
+
+char     *g_prog = NULL;
+
+void print_mp_int(mp_int *mp, FILE *ofp);
+
+int main(int argc, char *argv[]) 
+{
+  mp_int   a, b, x, y;
+  mp_err   res;
+  int      ext = 0;
+
+  g_prog = argv[0];
+
+  if(argc < 3) {
+    fprintf(stderr, "Usage: %s <a> <b>\n", g_prog);
+    return 1;
+  }
+
+  mp_init(&a); mp_read_radix(&a, argv[1], 10);
+  mp_init(&b); mp_read_radix(&b, argv[2], 10);
+
+  /* If we were called 'xgcd', compute x, y so that g = ax + by */
+  if(strcmp(g_prog, "xgcd") == 0) {
+    ext = 1;
+    mp_init(&x); mp_init(&y);
+  }
+
+  if(ext) {
+    if((res = mp_xgcd(&a, &b, &a, &x, &y)) != MP_OKAY) {
+      fprintf(stderr, "%s: error: %s\n", g_prog, mp_strerror(res));
+      mp_clear(&a); mp_clear(&b);
+      mp_clear(&x); mp_clear(&y);
+      return 1;
+    }
+  } else {
+    if((res = mp_gcd(&a, &b, &a)) != MP_OKAY) {
+      fprintf(stderr, "%s: error: %s\n", g_prog,
+	      mp_strerror(res));
+      mp_clear(&a); mp_clear(&b);
+      return 1;
+    }
+  }
+
+  print_mp_int(&a, stdout); 
+  if(ext) {
+    fputs("x = ", stdout); print_mp_int(&x, stdout); 
+    fputs("y = ", stdout); print_mp_int(&y, stdout); 
+  }
+
+  mp_clear(&a); mp_clear(&b);
+
+  if(ext) {
+    mp_clear(&x);
+    mp_clear(&y);
+  }
+
+  return 0;
+
+}
+
+void print_mp_int(mp_int *mp, FILE *ofp)
+{
+  char  *buf;
+  int    len;
+
+  len = mp_radix_size(mp, 10);
+  buf = calloc(len, sizeof(char));
+  mp_todecimal(mp, buf);
+  fprintf(ofp, "%s\n", buf);
+  free(buf);
+
+}
diff --git a/security/nss/lib/freebl/mpi/utils/hex2dec.c b/security/nss/lib/freebl/mpi/utils/hex2dec.c
new file mode 100644
index 000000000..6d7d54d7f
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/utils/hex2dec.c
@@ -0,0 +1,71 @@
+/*
+ *  hex2dec.c
+ *
+ *  Convert decimal integers into hexadecimal
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "mpi.h"
+
+int main(int argc, char *argv[])
+{
+  mp_int  a;
+  char   *buf;
+  int     len;
+
+  if(argc < 2) {
+    fprintf(stderr, "Usage: %s <a>\n", argv[0]);
+    return 1;
+  }
+
+  mp_init(&a); mp_read_radix(&a, argv[1], 16);
+  len = mp_radix_size(&a, 10);
+  buf = malloc(len);
+  mp_toradix(&a, buf, 10);
+
+  printf("%s\n", buf);
+
+  free(buf);
+  mp_clear(&a);
+
+  return 0;
+}
diff --git a/security/nss/lib/freebl/mpi/utils/identest.c b/security/nss/lib/freebl/mpi/utils/identest.c
new file mode 100644
index 000000000..a75d2b352
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/utils/identest.c
@@ -0,0 +1,79 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include "mpi.h"
+#include "mpprime.h"
+#include <sys/types.h>
+#include <time.h>
+
+#define MAX_PREC (4096 / MP_DIGIT_BIT)
+
+mp_err identity_test(void)
+{
+  mp_size       preca, precb;
+  mp_err        res;
+  mp_int        a, b;
+  mp_int        t1, t2, t3, t4, t5;
+
+  preca = (rand() % MAX_PREC) + 1;
+  precb = (rand() % MAX_PREC) + 1;
+
+  MP_DIGITS(&a) = 0;
+  MP_DIGITS(&b) = 0;
+  MP_DIGITS(&t1) = 0;
+  MP_DIGITS(&t2) = 0;
+  MP_DIGITS(&t3) = 0;
+  MP_DIGITS(&t4) = 0;
+  MP_DIGITS(&t5) = 0;
+
+  MP_CHECKOK( mp_init(&a)  );
+  MP_CHECKOK( mp_init(&b)  );
+  MP_CHECKOK( mp_init(&t1) );
+  MP_CHECKOK( mp_init(&t2) );
+  MP_CHECKOK( mp_init(&t3) );
+  MP_CHECKOK( mp_init(&t4) );
+  MP_CHECKOK( mp_init(&t5) );
+
+  MP_CHECKOK( mpp_random_size(&a, preca) );
+  MP_CHECKOK( mpp_random_size(&b, precb) );
+
+  if (mp_cmp(&a, &b) < 0)
+    mp_exch(&a, &b);
+
+  MP_CHECKOK( mp_mod(&a, &b, &t1) );       /* t1 = a%b */
+  MP_CHECKOK( mp_div(&a, &b, &t2, NULL) ); /* t2 = a/b */
+  MP_CHECKOK( mp_mul(&b, &t2, &t3) );      /* t3 = (a/b)*b */
+  MP_CHECKOK( mp_add(&t1, &t3, &t4) );     /* t4 = a%b + (a/b)*b */
+  MP_CHECKOK( mp_sub(&t4, &a, &t5) );      /* t5 = a%b + (a/b)*b - a */
+  if (mp_cmp_z(&t5) != 0) {
+    res = MP_UNDEF;
+    goto CLEANUP;
+  }
+
+CLEANUP:
+  mp_clear(&t5);
+  mp_clear(&t4);
+  mp_clear(&t3);
+  mp_clear(&t2);
+  mp_clear(&t1);
+  mp_clear(&b);
+  mp_clear(&a);
+  return res;
+}
+
+int
+main(void)
+{
+  unsigned int  seed = (unsigned int)time(NULL);
+  unsigned long count = 0;
+  mp_err        res;
+
+  srand(seed);
+
+  while (MP_OKAY == (res = identity_test())) {
+     if ((++count % 100) == 0)
+       fputc('.', stderr);
+  }
+
+  fprintf(stderr, "\ntest failed, err %d\n", res);
+  return res;
+}
diff --git a/security/nss/lib/freebl/mpi/utils/invmod.c b/security/nss/lib/freebl/mpi/utils/invmod.c
new file mode 100644
index 000000000..c1d488c5a
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/utils/invmod.c
@@ -0,0 +1,92 @@
+/*
+ *  invmod.c
+ *
+ *  Compute modular inverses
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1997
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "mpi.h"
+
+int main(int argc, char *argv[])
+{
+  mp_int    a, m;
+  mp_err    res;
+  char     *buf;
+  int       len, out = 0;
+
+  if(argc < 3) {
+    fprintf(stderr, "Usage: %s <a> <m>\n", argv[0]);
+    return 1;
+  }
+
+  mp_init(&a); mp_init(&m);
+  mp_read_radix(&a, argv[1], 10);
+  mp_read_radix(&m, argv[2], 10);
+
+  if(mp_cmp(&a, &m) > 0)
+    mp_mod(&a, &m, &a);
+
+  switch((res = mp_invmod(&a, &m, &a))) {
+  case MP_OKAY:
+    len = mp_radix_size(&a, 10);
+    buf = malloc(len);
+
+    mp_toradix(&a, buf, 10);
+    printf("%s\n", buf);
+    free(buf);
+    break;
+
+  case MP_UNDEF:
+    printf("No inverse\n");
+    out = 1;
+    break;
+
+  default:
+    printf("error: %s (%d)\n", mp_strerror(res), res);
+    out = 2;
+    break;
+  }
+
+  mp_clear(&a);
+  mp_clear(&m);
+
+  return out;
+}
diff --git a/security/nss/lib/freebl/mpi/utils/isprime.c b/security/nss/lib/freebl/mpi/utils/isprime.c
new file mode 100644
index 000000000..b413f826f
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/utils/isprime.c
@@ -0,0 +1,121 @@
+/*
+ *  isprime.c
+ *
+ *  Probabilistic primality tester command-line tool
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "mpi.h"
+#include "mpprime.h"
+
+#define  RM_TESTS       15   /* how many iterations of Rabin-Miller? */
+#define  MINIMUM        1024 /* don't bother us with a < this        */
+
+int      g_tests = RM_TESTS;
+char    *g_prog = NULL;
+
+int main(int argc, char *argv[])
+{
+  mp_int   a;
+  mp_digit np = prime_tab_size; /* from mpprime.h */
+  int      res = 0;
+
+  g_prog = argv[0];
+
+  if(argc < 2) {
+    fprintf(stderr, "Usage: %s <a>, where <a> is a decimal integer\n"
+	    "Use '0x' prefix for a hexadecimal value\n", g_prog);
+    return 1;
+  }
+
+  /* Read number of tests from environment, if present */
+  {
+    char *tmp;
+
+    if((tmp = getenv("RM_TESTS")) != NULL) {
+      if((g_tests = atoi(tmp)) <= 0)
+	g_tests = RM_TESTS;
+    }
+  }
+
+  mp_init(&a);
+  if(argv[1][0] == '0' && argv[1][1] == 'x')
+    mp_read_radix(&a, argv[1] + 2, 16);
+  else
+    mp_read_radix(&a, argv[1], 10);
+
+  if(mp_cmp_d(&a, MINIMUM) <= 0) {
+    fprintf(stderr, "%s: please use a value greater than %d\n", 
+	    g_prog, MINIMUM);
+    mp_clear(&a);
+    return 1;
+  }
+
+  /* Test for divisibility by small primes */
+  if(mpp_divis_primes(&a, &np) != MP_NO) {
+    printf("Not prime (divisible by small prime %d)\n", np);
+    res = 2;
+    goto CLEANUP;
+  }
+
+  /* Test with Fermat's test, using 2 as a witness */
+  if(mpp_fermat(&a, 2) != MP_YES) {
+    printf("Not prime (failed Fermat test)\n");
+    res = 2;
+    goto CLEANUP;
+  }
+ 
+  /* Test with Rabin-Miller probabilistic test */
+  if(mpp_pprime(&a, g_tests) == MP_NO) {
+      printf("Not prime (failed pseudoprime test)\n");
+      res = 2;
+      goto CLEANUP;
+  }
+
+  printf("Probably prime, 1 in 4^%d chance of false positive\n", g_tests);
+
+CLEANUP:
+  mp_clear(&a);
+  
+  return res;
+
+}
diff --git a/security/nss/lib/freebl/mpi/utils/lap.c b/security/nss/lib/freebl/mpi/utils/lap.c
new file mode 100644
index 000000000..5697c941d
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/utils/lap.c
@@ -0,0 +1,121 @@
+/*
+ *  lap.c
+ *
+ *  Find least annihilating power of a mod m
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+
+#include "mpi.h"
+
+void sig_catch(int ign);
+
+int g_quit = 0;
+
+int main(int argc, char *argv[])
+{
+  mp_int   a, m, p, k;
+
+  if(argc < 3) {
+    fprintf(stderr, "Usage: %s <a> <m>\n", argv[0]);
+    return 1;
+  }
+
+  mp_init(&a);
+  mp_init(&m);
+  mp_init(&p);
+  mp_add_d(&p, 1, &p);
+
+  mp_read_radix(&a, argv[1], 10);
+  mp_read_radix(&m, argv[2], 10);
+
+  mp_init_copy(&k, &a);
+
+  signal(SIGINT, sig_catch);
+#ifndef __OS2__
+  signal(SIGHUP, sig_catch);
+#endif
+  signal(SIGTERM, sig_catch);
+
+  while(mp_cmp(&p, &m) < 0) {
+    if(g_quit) {
+	int  len;
+	char *buf;
+
+	len = mp_radix_size(&p, 10);
+	buf = malloc(len);
+	mp_toradix(&p, buf, 10);
+	
+	fprintf(stderr, "Terminated at: %s\n", buf);
+	free(buf);
+	return 1;
+    }
+    if(mp_cmp_d(&k, 1) == 0) {
+      int    len;
+      char  *buf;
+
+      len = mp_radix_size(&p, 10);
+      buf = malloc(len);
+      mp_toradix(&p, buf, 10);
+
+      printf("%s\n", buf);
+
+      free(buf);
+      break;
+    }
+
+    mp_mulmod(&k, &a, &m, &k);
+    mp_add_d(&p, 1, &p);
+  }
+
+  if(mp_cmp(&p, &m) >= 0) 
+    printf("No annihilating power.\n");
+
+  mp_clear(&p);
+  mp_clear(&m);
+  mp_clear(&a);
+  return 0;
+}
+
+void sig_catch(int ign)
+{
+  g_quit = 1;
+}
diff --git a/security/nss/lib/freebl/mpi/utils/makeprime.c b/security/nss/lib/freebl/mpi/utils/makeprime.c
new file mode 100644
index 000000000..f081c7e56
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/utils/makeprime.c
@@ -0,0 +1,147 @@
+/*
+ * makeprime.c
+ *
+ * A simple prime generator function (and test driver).  Prints out the
+ * first prime it finds greater than or equal to the starting value.
+ *
+ * Usage: makeprime <start>
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+
+/* These two must be included for make_prime() to work */
+
+#include "mpi.h"
+#include "mpprime.h"
+
+/*
+  make_prime(p, nr)
+
+  Find the smallest prime integer greater than or equal to p, where
+  primality is verified by 'nr' iterations of the Rabin-Miller
+  probabilistic primality test.  The caller is responsible for
+  generating the initial value of p.
+
+  Returns MP_OKAY if a prime has been generated, otherwise the error
+  code indicates some other problem.  The value of p is clobbered; the
+  caller should keep a copy if the value is needed.  
+ */
+mp_err   make_prime(mp_int *p, int nr);
+
+/* The main() is not required -- it's just a test driver */
+int main(int argc, char *argv[])
+{
+  mp_int    start;
+  mp_err    res;
+
+  if(argc < 2) {
+    fprintf(stderr, "Usage: %s <start-value>\n", argv[0]);
+    return 1;
+  }
+	    
+  mp_init(&start);
+  if(argv[1][0] == '0' && tolower(argv[1][1]) == 'x') {
+    mp_read_radix(&start, argv[1] + 2, 16);
+  } else {
+    mp_read_radix(&start, argv[1], 10);
+  }
+  mp_abs(&start, &start);
+
+  if((res = make_prime(&start, 5)) != MP_OKAY) {
+    fprintf(stderr, "%s: error: %s\n", argv[0], mp_strerror(res));
+    mp_clear(&start);
+
+    return 1;
+
+  } else {
+    char  *buf = malloc(mp_radix_size(&start, 10));
+
+    mp_todecimal(&start, buf);
+    printf("%s\n", buf);
+    free(buf);
+    
+    mp_clear(&start);
+
+    return 0;
+  }
+  
+} /* end main() */
+
+/*------------------------------------------------------------------------*/
+
+mp_err   make_prime(mp_int *p, int nr)
+{
+  mp_err  res;
+
+  if(mp_iseven(p)) {
+    mp_add_d(p, 1, p);
+  }
+
+  do {
+    mp_digit   which = prime_tab_size;
+
+    /*  First test for divisibility by a few small primes */
+    if((res = mpp_divis_primes(p, &which)) == MP_YES)
+      continue;
+    else if(res != MP_NO)
+      goto CLEANUP;
+
+    /* If that passes, try one iteration of Fermat's test */
+    if((res = mpp_fermat(p, 2)) == MP_NO)
+      continue;
+    else if(res != MP_YES)
+      goto CLEANUP;
+
+    /* If that passes, run Rabin-Miller as often as requested */
+    if((res = mpp_pprime(p, nr)) == MP_YES)
+      break;
+    else if(res != MP_NO)
+      goto CLEANUP;
+      
+  } while((res = mp_add_d(p, 2, p)) == MP_OKAY);
+
+ CLEANUP:
+  return res;
+
+} /* end make_prime() */
+
+/*------------------------------------------------------------------------*/
+/* HERE THERE BE DRAGONS                                                  */
diff --git a/security/nss/lib/freebl/mpi/utils/metime.c b/security/nss/lib/freebl/mpi/utils/metime.c
new file mode 100644
index 000000000..29ee59050
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/utils/metime.c
@@ -0,0 +1,136 @@
+/* 
+ *  metime.c
+ *
+ * Modular exponentiation timing test
+ *
+ * $Id$
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Netscape Communications Corporation
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <limits.h>
+#include <time.h>
+
+#include "mpi.h"
+#include "mpprime.h"
+
+double clk_to_sec(clock_t start, clock_t stop);
+
+int main(int argc, char *argv[])
+{
+  int          ix, num, prec = 8;
+  unsigned int seed;
+  clock_t      start, stop;
+  double       sec;
+
+  mp_int     a, m, c;
+
+  if(getenv("SEED") != NULL)
+    seed = abs(atoi(getenv("SEED")));
+  else 
+    seed = (unsigned int)time(NULL);
+
+  if(argc < 2) {
+    fprintf(stderr, "Usage: %s <num-tests> [<nbits>]\n", argv[0]);
+    return 1;
+  }
+
+  if((num = atoi(argv[1])) < 0)
+    num = -num;
+
+  if(!num) {
+    fprintf(stderr, "%s: must perform at least 1 test\n", argv[0]);
+    return 1;
+  }
+
+  if(argc > 2) {
+    if((prec = atoi(argv[2])) <= 0)
+      prec = 8;
+    else 
+      prec = (prec + (DIGIT_BIT - 1)) / DIGIT_BIT;
+
+  }
+  
+  printf("Modular exponentiation timing test\n"
+	 "Precision:  %d digits (%d bits)\n"
+	 "# of tests: %d\n\n", prec, prec * DIGIT_BIT, num);
+
+  mp_init_size(&a, prec);
+  mp_init_size(&m, prec);
+  mp_init_size(&c, prec);
+
+  srand(seed);
+
+  start = clock();
+  for(ix = 0; ix < num; ix++) {
+
+    mpp_random_size(&a, prec);
+    mpp_random_size(&c, prec);
+    mpp_random_size(&m, prec);
+    /* set msb and lsb of m */
+    DIGIT(&m,0) |= 1;
+    DIGIT(&m, USED(&m)-1) |= (mp_digit)1 << (DIGIT_BIT - 1);
+    if (mp_cmp(&a, &m) > 0)
+      mp_sub(&a, &m, &a);
+
+    mp_exptmod(&a, &c, &m, &c);
+  }
+  stop = clock();
+
+  sec = clk_to_sec(start, stop);
+
+  printf("Total:      %.3f seconds\n", sec);
+  printf("Individual: %.3f seconds\n", sec / num);
+
+  mp_clear(&c);
+  mp_clear(&a);
+  mp_clear(&m);
+
+  return 0;
+}
+
+double clk_to_sec(clock_t start, clock_t stop)
+{
+  return (double)(stop - start) / CLOCKS_PER_SEC;
+}
+
+/*------------------------------------------------------------------------*/
+/* HERE THERE BE DRAGONS                                                  */
diff --git a/security/nss/lib/freebl/mpi/utils/pi.c b/security/nss/lib/freebl/mpi/utils/pi.c
new file mode 100644
index 000000000..1ca17669e
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/utils/pi.c
@@ -0,0 +1,197 @@
+/*
+ * pi.c
+ *
+ * Compute pi to an arbitrary number of digits.  Uses Machin's formula,
+ * like everyone else on the planet:
+ * 
+ *    pi = 16 * arctan(1/5) - 4 * arctan(1/239)
+ *
+ * This is pretty effective for up to a few thousand digits, but it
+ * gets pretty slow after that.
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1999
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <limits.h>
+#include <time.h>
+
+#include "mpi.h"
+
+mp_err arctan(mp_digit mul, mp_digit x, mp_digit prec, mp_int *sum);
+
+int main(int argc, char *argv[])
+{
+  mp_err       res;
+  mp_digit     ndigits;
+  mp_int       sum1, sum2;
+  clock_t      start, stop;
+  int          out = 0;
+
+  /* Make the user specify precision on the command line */
+  if(argc < 2) {
+    fprintf(stderr, "Usage: %s <num-digits>\n", argv[0]);
+    return 1;
+  }
+
+  if((ndigits = abs(atoi(argv[1]))) == 0) {
+    fprintf(stderr, "%s: you must request at least 1 digit\n", argv[0]);
+    return 1;
+  }
+
+  start = clock();
+  mp_init(&sum1); mp_init(&sum2);
+
+  /* sum1 = 16 * arctan(1/5)  */
+  if((res = arctan(16, 5, ndigits, &sum1)) != MP_OKAY) {
+    fprintf(stderr, "%s: arctan: %s\n", argv[0], mp_strerror(res));
+    out = 1; goto CLEANUP;
+  }
+
+  /* sum2 = 4 * arctan(1/239) */
+  if((res = arctan(4, 239, ndigits, &sum2)) != MP_OKAY) {
+    fprintf(stderr, "%s: arctan: %s\n", argv[0], mp_strerror(res));
+    out = 1; goto CLEANUP;
+  }
+
+  /* pi = sum1 - sum2         */
+  if((res = mp_sub(&sum1, &sum2, &sum1)) != MP_OKAY) {
+    fprintf(stderr, "%s: mp_sub: %s\n", argv[0], mp_strerror(res));
+    out = 1; goto CLEANUP;
+  }
+  stop = clock();
+
+  /* Write the output in decimal */
+  {
+    char  *buf = malloc(mp_radix_size(&sum1, 10));
+
+    if(buf == NULL) {
+      fprintf(stderr, "%s: out of memory\n", argv[0]);
+      out = 1; goto CLEANUP;
+    }
+    mp_todecimal(&sum1, buf);
+    printf("%s\n", buf);
+    free(buf);
+  }
+
+  fprintf(stderr, "Computation took %.2f sec.\n", 
+	  (double)(stop - start) / CLOCKS_PER_SEC);
+
+ CLEANUP:
+  mp_clear(&sum1);
+  mp_clear(&sum2);
+
+  return out;
+
+}
+
+/* Compute sum := mul * arctan(1/x), to 'prec' digits of precision */
+mp_err arctan(mp_digit mul, mp_digit x, mp_digit prec, mp_int *sum)
+{
+  mp_int   t, v;
+  mp_digit q = 1, rd;
+  mp_err   res;
+  int      sign = 1;
+
+  prec += 3;  /* push inaccuracies off the end */
+
+  mp_init(&t); mp_set(&t, 10);
+  mp_init(&v); 
+  if((res = mp_expt_d(&t, prec, &t)) != MP_OKAY ||  /* get 10^prec    */
+     (res = mp_mul_d(&t, mul, &t)) != MP_OKAY ||    /* ... times mul  */
+     (res = mp_mul_d(&t, x, &t)) != MP_OKAY)        /* ... times x    */
+    goto CLEANUP;
+
+  /*
+    The extra multiplication by x in the above takes care of what
+    would otherwise have to be a special case for 1 / x^1 during the
+    first loop iteration.  A little sneaky, but effective.
+
+    We compute arctan(1/x) by the formula:
+
+         1     1       1       1
+	 - - ----- + ----- - ----- + ...
+	 x   3 x^3   5 x^5   7 x^7
+
+    We multiply through by 'mul' beforehand, which gives us a couple
+    more iterations and more precision
+   */
+
+  x *= x; /* works as long as x < sqrt(RADIX), which it is here */
+
+  mp_zero(sum);
+
+  do {
+    if((res = mp_div_d(&t, x, &t, &rd)) != MP_OKAY)
+      goto CLEANUP;
+
+    if(sign < 0 && rd != 0)
+      mp_add_d(&t, 1, &t);
+
+    if((res = mp_div_d(&t, q, &v, &rd)) != MP_OKAY)
+      goto CLEANUP;
+
+    if(sign < 0 && rd != 0)
+      mp_add_d(&v, 1, &v);
+
+    if(sign > 0)
+      res = mp_add(sum, &v, sum);
+    else
+      res = mp_sub(sum, &v, sum);
+
+    if(res != MP_OKAY)
+      goto CLEANUP;
+
+    sign *= -1;
+    q += 2;
+
+  } while(mp_cmp_z(&t) != 0);
+
+  /* Chop off inaccurate low-order digits */
+  mp_div_d(sum, 1000, sum, NULL);
+
+ CLEANUP:
+  mp_clear(&v);
+  mp_clear(&t);
+
+  return res;
+}
+
+/*------------------------------------------------------------------------*/
+/* HERE THERE BE DRAGONS                                                  */
diff --git a/security/nss/lib/freebl/mpi/utils/primegen.c b/security/nss/lib/freebl/mpi/utils/primegen.c
new file mode 100644
index 000000000..1cd5c9f5b
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/utils/primegen.c
@@ -0,0 +1,201 @@
+/*
+ *  primegen.c
+ *
+ * Generates random integers which are prime with a high degree of
+ * probability using the Miller-Rabin probabilistic primality testing
+ * algorithm.
+ *
+ * Usage:
+ *    primegen <bits> [<num>]
+ *
+ *    <bits>   - number of significant bits each prime should have
+ *    <num>    - number of primes to generate
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <limits.h>
+#include <time.h>
+
+#include "mpi.h"
+#include "mplogic.h"
+#include "mpprime.h"
+
+#undef MACOS		/* define if running on a Macintosh */
+
+#ifdef MACOS
+#include <console.h>
+#endif
+
+#define NUM_TESTS 5  /* Number of Rabin-Miller iterations to test with */
+
+#ifdef DEBUG
+#define FPUTC(x,y) fputc(x,y)
+#else
+#define FPUTC(x,y) 
+#endif
+
+int main(int argc, char *argv[])
+{
+  unsigned char *raw;
+  char          *out;
+  unsigned long nTries;
+  int		rawlen, bits, outlen, ngen, ix, jx;
+  int           g_strong = 0;
+  mp_int	testval;
+  mp_err	res;
+  clock_t	start, end;
+
+#ifdef MACOS
+  argc = ccommand(&argv);
+#endif
+
+  /* We'll just use the C library's rand() for now, although this
+     won't be good enough for cryptographic purposes */
+  if((out = getenv("SEED")) == NULL) {
+    srand((unsigned int)time(NULL));
+  } else {
+    srand((unsigned int)atoi(out));
+  }
+
+  if(argc < 2) {
+    fprintf(stderr, "Usage: %s <bits> [<count> [strong]]\n", argv[0]);
+    return 1;
+  }
+	
+  if((bits = abs(atoi(argv[1]))) < CHAR_BIT) {
+    fprintf(stderr, "%s: please request at least %d bits.\n",
+	    argv[0], CHAR_BIT);
+    return 1;
+  }
+
+  /* If optional third argument is given, use that as the number of
+     primes to generate; otherwise generate one prime only.
+   */
+  if(argc < 3) {
+    ngen = 1;
+  } else {
+    ngen = abs(atoi(argv[2]));
+  }
+
+  /* If fourth argument is given, and is the word "strong", we'll 
+     generate strong (Sophie Germain) primes. 
+   */
+  if(argc > 3 && strcmp(argv[3], "strong") == 0)
+    g_strong = 1;
+
+  /* testval - candidate being tested; nTries - number tried so far */
+  if ((res = mp_init(&testval)) != MP_OKAY) {
+    fprintf(stderr, "%s: error: %s\n", argv[0], mp_strerror(res));
+    return 1;
+  }
+  
+  if(g_strong) {
+    printf("Requested %d strong prime value(s) of %d bits.\n", 
+	   ngen, bits);
+  } else {
+    printf("Requested %d prime value(s) of %d bits.\n", ngen, bits);
+  }
+
+  rawlen = (bits / CHAR_BIT) + ((bits % CHAR_BIT) ? 1 : 0) + 1;
+
+  if((raw = calloc(rawlen, sizeof(unsigned char))) == NULL) {
+    fprintf(stderr, "%s: out of memory, sorry.\n", argv[0]);
+    return 1;
+  }
+
+  /* This loop is one for each prime we need to generate */
+  for(jx = 0; jx < ngen; jx++) {
+
+    raw[0] = 0;  /* sign is positive */
+
+    /*	Pack the initializer with random bytes	*/
+    for(ix = 1; ix < rawlen; ix++) 
+      raw[ix] = (rand() * rand()) & UCHAR_MAX;
+
+    raw[1] |= 0x80;             /* set high-order bit of test value     */
+    raw[rawlen - 1] |= 1;       /* set low-order bit of test value      */
+
+    /* Make an mp_int out of the initializer */
+    mp_read_raw(&testval, (char *)raw, rawlen);
+
+    /* Initialize candidate counter */
+    nTries = 0;
+
+    start = clock(); /* time generation for this prime */
+    do {
+      res = mpp_make_prime(&testval, bits, g_strong, &nTries);
+      if (res != MP_NO)
+	break;
+      /* This code works whether digits are 16 or 32 bits */
+      res = mp_add_d(&testval, 32 * 1024, &testval);
+      res = mp_add_d(&testval, 32 * 1024, &testval);
+      FPUTC(',', stderr);
+    } while (1);
+    end = clock();
+
+    if (res != MP_YES) {
+      break;
+    }
+    FPUTC('\n', stderr);
+    puts("The following value is probably prime:");
+    outlen = mp_radix_size(&testval, 10);
+    out = calloc(outlen, sizeof(unsigned char));
+    mp_toradix(&testval, (char *)out, 10);
+    printf("10: %s\n", out);
+    mp_toradix(&testval, (char *)out, 16);
+    printf("16: %s\n\n", out);
+    free(out);
+    
+    printf("Number of candidates tried: %lu\n", nTries);
+    printf("This computation took %ld clock ticks (%.2f seconds)\n",
+	   (end - start), ((double)(end - start) / CLOCKS_PER_SEC));
+    
+    FPUTC('\n', stderr);
+  } /* end of loop to generate all requested primes */
+  
+  if(res != MP_OKAY) 
+    fprintf(stderr, "%s: error: %s\n", argv[0], mp_strerror(res));
+
+  free(raw);
+  mp_clear(&testval);	
+  
+  return 0;
+}
diff --git a/security/nss/lib/freebl/mpi/utils/prng.c b/security/nss/lib/freebl/mpi/utils/prng.c
new file mode 100644
index 000000000..320d12828
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/utils/prng.c
@@ -0,0 +1,90 @@
+/*
+ *  prng.c
+ *
+ *  Command-line pseudo-random number generator
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <limits.h>
+#include <time.h>
+
+#ifdef __OS2__
+#include <types.h>
+#include <process.h>
+#else
+#include <unistd.h>
+#endif
+
+#include "bbs_rand.h"
+
+int main(int argc, char *argv[])
+{
+  unsigned char *seed;
+  unsigned int   ix, num = 1;
+  pid_t          pid;
+  
+  if(argc > 1) {
+    num = atoi(argv[1]);
+    if(num <= 0) 
+      num = 1;
+  }
+
+  pid = getpid();
+  srand(time(NULL) * (unsigned int)pid);
+
+  /* Not a perfect seed, but not bad */
+  seed = malloc(bbs_seed_size);
+  for(ix = 0; ix < bbs_seed_size; ix++) {
+    seed[ix] = rand() % UCHAR_MAX;
+  }
+
+  bbs_srand(seed, bbs_seed_size);
+  memset(seed, 0, bbs_seed_size);
+  free(seed);
+
+  while(num-- > 0) {
+    ix = bbs_rand();
+
+    printf("%u\n", ix);
+  }
+
+  return 0;
+
+}
diff --git a/security/nss/lib/freebl/mpi/utils/ptab.pl b/security/nss/lib/freebl/mpi/utils/ptab.pl
new file mode 100755
index 000000000..a1d9c3046
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/utils/ptab.pl
@@ -0,0 +1,61 @@
+#!/usr/linguist/bin/perl
+
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+#
+# The Initial Developer of the Original Code is
+# Michael J. Fromberger <sting@linguist.dartmouth.edu>.
+# Portions created by the Initial Developer are Copyright (C) 1998
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+# $Id$
+#
+
+while(<>) {
+    chomp;
+    push(@primes, $_);
+}
+
+printf("mp_size   prime_tab_size = %d;\n", ($#primes + 1));
+print "mp_digit  prime_tab[] = {\n";
+
+print "\t";
+$last = pop(@primes);
+foreach $prime (sort {$a<=>$b} @primes) {
+    printf("0x%04X, ", $prime);
+    $brk = ($brk + 1) % 8;
+    print "\n\t" if(!$brk);
+}
+printf("0x%04X", $last);
+print "\n" if($brk);
+print "};\n\n";
+
+exit 0;
diff --git a/security/nss/lib/freebl/mpi/utils/sieve.c b/security/nss/lib/freebl/mpi/utils/sieve.c
new file mode 100644
index 000000000..b699bec1a
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/utils/sieve.c
@@ -0,0 +1,268 @@
+/*
+ * sieve.c
+ *
+ * Finds prime numbers using the Sieve of Eratosthenes
+ *
+ * This implementation uses a bitmap to represent all odd integers in a
+ * given range.  We iterate over this bitmap, crossing off the
+ * multiples of each prime we find.  At the end, all the remaining set
+ * bits correspond to prime integers.
+ *
+ * Here, we make two passes -- once we have generated a sieve-ful of
+ * primes, we copy them out, reset the sieve using the highest
+ * generated prime from the first pass as a base.  Then we cross out
+ * all the multiples of all the primes we found the first time through,
+ * and re-sieve.  In this way, we get double use of the memory we
+ * allocated for the sieve the first time though.  Since we also
+ * implicitly ignore multiples of 2, this amounts to 4 times the
+ * values.
+ *
+ * This could (and probably will) be generalized to re-use the sieve a
+ * few more times.
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the MPI Arbitrary Precision Integer Arithmetic library.
+ *
+ * The Initial Developer of the Original Code is
+ * Michael J. Fromberger.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <limits.h>
+
+typedef unsigned char  byte;
+
+typedef struct {
+  int   size;
+  byte *bits;
+  long  base;
+  int   next;
+  int   nbits;
+} sieve;
+
+void sieve_init(sieve *sp, long base, int nbits);
+void sieve_grow(sieve *sp, int nbits);
+long sieve_next(sieve *sp);
+void sieve_reset(sieve *sp, long base);
+void sieve_cross(sieve *sp, long val);
+void sieve_clear(sieve *sp);
+
+#define S_ISSET(S, B)  (((S)->bits[(B)/CHAR_BIT]>>((B)%CHAR_BIT))&1)
+#define S_SET(S, B)    ((S)->bits[(B)/CHAR_BIT]|=(1<<((B)%CHAR_BIT)))
+#define S_CLR(S, B)    ((S)->bits[(B)/CHAR_BIT]&=~(1<<((B)%CHAR_BIT)))
+#define S_VAL(S, B)    ((S)->base+(2*(B)))
+#define S_BIT(S, V)    (((V)-((S)->base))/2)
+
+int main(int argc, char *argv[])
+{
+  sieve   s;
+  long    pr, *p;
+  int     c, ix, cur = 0;
+
+  if(argc < 2) {
+    fprintf(stderr, "Usage: %s <width>\n", argv[0]);
+    return 1;
+  }
+
+  c = atoi(argv[1]);
+  if(c < 0) c = -c;
+
+  fprintf(stderr, "%s: sieving to %d positions\n", argv[0], c);
+
+  sieve_init(&s, 3, c);
+
+  c = 0;
+  while((pr = sieve_next(&s)) > 0) {
+    ++c;
+  }
+
+  p = calloc(c, sizeof(long));
+  if(!p) {
+    fprintf(stderr, "%s: out of memory after first half\n", argv[0]);
+    sieve_clear(&s);
+    exit(1);
+  }
+
+  fprintf(stderr, "%s: half done ... \n", argv[0]);
+
+  for(ix = 0; ix < s.nbits; ix++) {
+    if(S_ISSET(&s, ix)) {
+      p[cur] = S_VAL(&s, ix);
+      printf("%ld\n", p[cur]);
+      ++cur;
+    }
+  }
+
+  sieve_reset(&s, p[cur - 1]);
+  fprintf(stderr, "%s: crossing off %d found primes ... \n", argv[0], cur);
+  for(ix = 0; ix < cur; ix++) {
+    sieve_cross(&s, p[ix]);
+    if(!(ix % 1000))
+      fputc('.', stderr);
+  }
+  fputc('\n', stderr);
+
+  free(p);
+
+  fprintf(stderr, "%s: sieving again from %ld ... \n", argv[0], p[cur - 1]);
+  c = 0;
+  while((pr = sieve_next(&s)) > 0) {
+    ++c;
+  }
+  
+  fprintf(stderr, "%s: done!\n", argv[0]);
+  for(ix = 0; ix < s.nbits; ix++) {
+    if(S_ISSET(&s, ix)) {
+      printf("%ld\n", S_VAL(&s, ix));
+    }
+  }
+
+  sieve_clear(&s);
+
+  return 0;
+}
+
+void sieve_init(sieve *sp, long base, int nbits)
+{
+  sp->size = (nbits / CHAR_BIT);
+
+  if(nbits % CHAR_BIT)
+    ++sp->size;
+
+  sp->bits = calloc(sp->size, sizeof(byte));
+  memset(sp->bits, UCHAR_MAX, sp->size);
+  if(!(base & 1))
+    ++base;
+  sp->base = base;
+  
+  sp->next = 0;
+  sp->nbits = sp->size * CHAR_BIT;
+}
+
+void sieve_grow(sieve *sp, int nbits)
+{
+  int  ns = (nbits / CHAR_BIT);
+
+  if(nbits % CHAR_BIT)
+    ++ns;
+
+  if(ns > sp->size) {
+    byte   *tmp;
+    int     ix;
+
+    tmp = calloc(ns, sizeof(byte));
+    if(tmp == NULL) {
+      fprintf(stderr, "Error: out of memory in sieve_grow\n");
+      return;
+    }
+
+    memcpy(tmp, sp->bits, sp->size);
+    for(ix = sp->size; ix < ns; ix++) {
+      tmp[ix] = UCHAR_MAX;
+    }
+
+    free(sp->bits);
+    sp->bits = tmp;
+    sp->size = ns;
+
+    sp->nbits = sp->size * CHAR_BIT;
+  }
+}
+
+long sieve_next(sieve *sp)
+{
+  long out;
+  int  ix = 0;
+  long val;
+
+  if(sp->next > sp->nbits)
+    return -1;
+
+  out = S_VAL(sp, sp->next);
+#ifdef DEBUG
+  fprintf(stderr, "Sieving %ld\n", out);
+#endif
+
+  /* Sieve out all multiples of the current prime */
+  val = out;
+  while(ix < sp->nbits) {
+    val += out;
+    ix = S_BIT(sp, val);
+    if((val & 1) && ix < sp->nbits) { /* && S_ISSET(sp, ix)) { */
+      S_CLR(sp, ix);
+#ifdef DEBUG
+      fprintf(stderr, "Crossing out %ld (bit %d)\n", val, ix);
+#endif
+    }
+  }
+
+  /* Scan ahead to the next prime */
+  ++sp->next;
+  while(sp->next < sp->nbits && !S_ISSET(sp, sp->next))
+    ++sp->next;
+
+  return out;
+}
+
+void sieve_cross(sieve *sp, long val)
+{
+  int  ix = 0;
+  long cur = val;
+
+  while(cur < sp->base)
+    cur += val;
+
+  ix = S_BIT(sp, cur);
+  while(ix < sp->nbits) {
+    if(cur & 1) 
+      S_CLR(sp, ix);
+    cur += val;
+    ix = S_BIT(sp, cur);
+  }
+}
+
+void sieve_reset(sieve *sp, long base)
+{
+  memset(sp->bits, UCHAR_MAX, sp->size);
+  sp->base = base;
+  sp->next = 0;
+}
+
+void sieve_clear(sieve *sp)
+{
+  if(sp->bits) 
+    free(sp->bits);
+
+  sp->bits = NULL;
+}
diff --git a/security/nss/lib/freebl/mpi/vis_32.il b/security/nss/lib/freebl/mpi/vis_32.il
new file mode 100644
index 000000000..8a57fbde3
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/vis_32.il
@@ -0,0 +1,1324 @@
+! 
+! ***** BEGIN LICENSE BLOCK *****
+! Version: MPL 1.1/GPL 2.0/LGPL 2.1
+!
+! The contents of this file are subject to the Mozilla Public License Version
+! 1.1 (the "License"); you may not use this file except in compliance with
+! the License. You may obtain a copy of the License at
+! http://www.mozilla.org/MPL/
+!
+! Software distributed under the License is distributed on an "AS IS" basis,
+! WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+! for the specific language governing rights and limitations under the
+! License.
+!
+! The Original Code is vis inline macros (32 bit).  (vis_32.il 3.3).
+!
+! The Initial Developer of the Original Code is
+! Sun Microsystems Inc.
+! Portions created by the Initial Developer are Copyright (C) 1995-2000
+! the Initial Developer. All Rights Reserved.
+!
+! Contributor(s):
+!
+! Alternatively, the contents of this file may be used under the terms of
+! either the GNU General Public License Version 2 or later (the "GPL"), or
+! the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+! in which case the provisions of the GPL or the LGPL are applicable instead
+! of those above. If you wish to allow use of your version of this file only
+! under the terms of either the GPL or the LGPL, and not to allow others to
+! use your version of this file under the terms of the MPL, indicate your
+! decision by deleting the provisions above and replace them with the notice
+! and other provisions required by the GPL or the LGPL. If you do not delete
+! the provisions above, a recipient may use your version of this file under
+! the terms of any one of the MPL, the GPL or the LGPL.
+!
+! ***** END LICENSE BLOCK *****
+! $Id$
+
+! The interface to the VIS instructions as declared below (and in the VIS
+! User's Manual) will not change, but the macro implementation might change
+! in the future.
+
+!--------------------------------------------------------------------
+! Pure edge handling instructions
+!
+! int vis_edge8(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge8,8
+	edge8	%o0,%o1,%o0
+	.end
+!
+! int vis_edge8l(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge8l,8
+	edge8l	%o0,%o1,%o0
+	.end
+!
+! int vis_edge16(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge16,8
+	edge16	%o0,%o1,%o0
+	.end
+!
+! int vis_edge16l(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge16l,8
+	edge16l	%o0,%o1,%o0
+	.end
+!
+! int vis_edge32(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge32,8
+	edge32	%o0,%o1,%o0
+	.end
+!
+! int vis_edge32l(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge32l,8
+	edge32l	%o0,%o1,%o0
+	.end
+
+!--------------------------------------------------------------------
+! Edge handling instructions with negative return values if cc set
+!
+! int vis_edge8cc(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge8cc,8
+	edge8	%o0,%o1,%o0
+	mov     0,%o1
+	movgu   %icc,-1024,%o1
+	or      %o1,%o0,%o0
+	.end
+!
+! int vis_edge8lcc(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge8lcc,8
+	edge8l	%o0,%o1,%o0
+	mov     0,%o1
+	movgu   %icc,-1024,%o1
+	or      %o1,%o0,%o0
+	.end
+!
+! int vis_edge16cc(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge16cc,8
+	edge16	%o0,%o1,%o0
+	mov     0,%o1
+	movgu   %icc,-1024,%o1
+	or      %o1,%o0,%o0
+	.end
+!
+! int vis_edge16lcc(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge16lcc,8
+	edge16l	%o0,%o1,%o0
+	mov     0,%o1
+	movgu   %icc,-1024,%o1
+	or      %o1,%o0,%o0
+	.end
+!
+! int vis_edge32cc(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge32cc,8
+	edge32	%o0,%o1,%o0
+	mov     0,%o1
+	movgu   %icc,-1024,%o1
+	or      %o1,%o0,%o0
+	.end
+!
+! int vis_edge32lcc(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge32lcc,8
+	edge32l	%o0,%o1,%o0
+	mov     0,%o1
+	movgu   %icc,-1024,%o1
+	or      %o1,%o0,%o0
+	.end
+
+!--------------------------------------------------------------------
+! Alignment instructions
+!
+! void *vis_alignaddr(void */*rs1*/, int /*rs2*/);
+!
+	.inline vis_alignaddr,8
+	alignaddr	%o0,%o1,%o0
+	.end
+!
+! void *vis_alignaddrl(void */*rs1*/, int /*rs2*/);
+!
+	.inline vis_alignaddrl,8
+	alignaddrl	%o0,%o1,%o0
+	.end
+!
+! double vis_faligndata(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_faligndata,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	faligndata	%f4,%f10,%f0
+	.end
+
+!--------------------------------------------------------------------
+! Partitioned comparison instructions
+!
+! int vis_fcmple16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmple16,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fcmple16	%f4,%f10,%o0
+	.end
+!
+! int vis_fcmpne16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmpne16,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fcmpne16	%f4,%f10,%o0
+	.end
+!
+! int vis_fcmple32(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmple32,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fcmple32	%f4,%f10,%o0
+	.end
+!
+! int vis_fcmpne32(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmpne32,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fcmpne32	%f4,%f10,%o0
+	.end
+!
+! int vis_fcmpgt16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmpgt16,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fcmpgt16	%f4,%f10,%o0
+	.end
+!
+! int vis_fcmpeq16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmpeq16,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fcmpeq16	%f4,%f10,%o0
+	.end
+!
+! int vis_fcmpgt32(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmpgt32,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fcmpgt32	%f4,%f10,%o0
+	.end
+!
+! int vis_fcmpeq32(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmpeq32,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fcmpeq32	%f4,%f10,%o0
+	.end
+
+!--------------------------------------------------------------------
+! Partitioned arithmetic
+!
+! double vis_fmul8x16(float /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fmul8x16,12
+	st	%o0,[%sp+0x44]
+	ld	[%sp+0x44],%f4
+	st	%o1,[%sp+0x48]
+	st	%o2,[%sp+0x4c]
+	ldd	[%sp+0x48],%f10
+	fmul8x16	%f4,%f10,%f0
+	.end
+!
+! double vis_fmul8x16_dummy(float /*frs1*/, int /*dummy*/, double /*frs2*/);
+!
+	.inline vis_fmul8x16_dummy,16
+	st	%o0,[%sp+0x44]
+	ld	[%sp+0x44],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fmul8x16	%f4,%f10,%f0
+	.end
+!
+! double vis_fmul8x16au(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fmul8x16au,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fmul8x16au	%f4,%f10,%f0
+	.end
+!
+! double vis_fmul8x16al(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fmul8x16al,8
+	st	%o0,[%sp+0x44]
+	ld	[%sp+0x44],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fmul8x16al	%f4,%f10,%f0
+	.end
+!
+! double vis_fmul8sux16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fmul8sux16,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fmul8sux16	%f4,%f10,%f0
+	.end
+!
+! double vis_fmul8ulx16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fmul8ulx16,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fmul8ulx16	%f4,%f10,%f0
+	.end
+!
+! double vis_fmuld8sux16(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fmuld8sux16,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fmuld8sux16	%f4,%f10,%f0
+	.end
+!
+! double vis_fmuld8ulx16(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fmuld8ulx16,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fmuld8ulx16	%f4,%f10,%f0
+	.end
+!
+! double vis_fpadd16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fpadd16,16
+	std	%o0,[%sp+0x40]
+	ldd	[%sp+0x40],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fpadd16	%f4,%f10,%f0
+	.end
+!
+! float vis_fpadd16s(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fpadd16s,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fpadd16s	%f4,%f10,%f0
+	.end
+!
+! double vis_fpadd32(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fpadd32,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fpadd32	%f4,%f10,%f0
+	.end
+!
+! float vis_fpadd32s(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fpadd32s,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fpadd32s	%f4,%f10,%f0
+	.end
+!
+! double vis_fpsub16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fpsub16,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fpsub16	%f4,%f10,%f0
+	.end
+!
+! float vis_fpsub16s(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fpsub16s,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fpsub16s	%f4,%f10,%f0
+	.end
+!
+! double vis_fpsub32(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fpsub32,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fpsub32	%f4,%f10,%f0
+	.end
+!
+! float vis_fpsub32s(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fpsub32s,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fpsub32s	%f4,%f10,%f0
+	.end
+
+!--------------------------------------------------------------------
+! Pixel packing
+!
+! float vis_fpack16(double /*frs2*/);
+!
+	.inline vis_fpack16,8
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	fpack16	%f4,%f0
+	.end
+
+!
+! double vis_fpack16_pair(double /*frs2*/, double /*frs2*/);
+!
+	.inline vis_fpack16_pair,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fpack16	%f4,%f0
+	fpack16	%f10,%f1
+	.end
+!
+! void vis_st2_fpack16(double, double, double *)
+!
+	.inline vis_st2_fpack16,20
+ 	std	%o0,[%sp+0x48]
+ 	ldd	[%sp+0x48],%f4
+ 	std	%o2,[%sp+0x48]
+ 	ldd	[%sp+0x48],%f10
+ 	fpack16	%f4,%f0
+ 	fpack16	%f10,%f1
+ 	st	%f0,[%o4+0]
+ 	st	%f1,[%o4+4]
+ 	.end
+!
+! void vis_std_fpack16(double, double, double *)
+!
+	.inline vis_std_fpack16,20
+	std     %o0,[%sp+0x48]
+	ldd     [%sp+0x48],%f4
+	std     %o2,[%sp+0x48]
+	ldd     [%sp+0x48],%f10
+	fpack16 %f4,%f0
+	fpack16 %f10,%f1
+	std     %f0,[%o4]
+	.end
+!
+! void vis_st2_fpackfix(double, double, double *)
+!
+	.inline vis_st2_fpackfix,20
+ 	std	%o0,[%sp+0x48]
+ 	ldd	[%sp+0x48],%f4
+ 	std	%o2,[%sp+0x48]
+ 	ldd	[%sp+0x48],%f10
+ 	fpackfix %f4,%f0
+ 	fpackfix %f10,%f1
+ 	st	%f0,[%o4+0]
+ 	st	%f1,[%o4+4]
+ 	.end
+!
+! double vis_fpack16_to_hi(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fpack16_to_hi,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f0
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	fpack16	%f4,%f0
+	.end
+
+! double vis_fpack16_to_lo(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fpack16_to_lo,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f0
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	fpack16	%f4,%f3
+	fmovs	%f3,%f1		/* without this, optimizer goes wrong */
+	.end
+
+!
+! double vis_fpack32(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fpack32,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fpack32	%f4,%f10,%f0
+	.end
+!
+! float vis_fpackfix(double /*frs2*/);
+!
+	.inline vis_fpackfix,8
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	fpackfix	%f4,%f0
+	.end
+!
+! double vis_fpackfix_pair(double /*frs2*/, double /*frs2*/);
+!
+	.inline vis_fpackfix_pair,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f6
+	fpackfix	%f4,%f0
+	fpackfix	%f6,%f1
+	.end
+
+!--------------------------------------------------------------------
+! Motion estimation
+!
+! double vis_pdist(double /*frs1*/, double /*frs2*/, double /*frd*/);
+!
+	.inline vis_pdist,24
+	std	%o4,[%sp+0x48]
+	ldd	[%sp+0x48],%f0
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	pdist	%f4,%f10,%f0
+	.end
+
+!--------------------------------------------------------------------
+! Channel merging
+!
+! double vis_fpmerge(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fpmerge,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fpmerge	%f4,%f10,%f0
+	.end
+
+!--------------------------------------------------------------------
+! Pixel expansion
+!
+! double vis_fexpand(float /*frs2*/);
+!
+	.inline vis_fexpand,4
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	fexpand	%f4,%f0
+	.end
+
+! double vis_fexpand_hi(double /*frs2*/);
+!
+	.inline vis_fexpand_hi,8
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	fexpand	%f4,%f0
+	.end
+
+! double vis_fexpand_lo(double /*frs2*/);
+!
+	.inline vis_fexpand_lo,8
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	fmovs	%f5, %f2
+	fexpand	%f2,%f0
+	.end
+
+!--------------------------------------------------------------------
+! Bitwise logical operations
+!
+! double vis_fnor(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fnor,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fnor	%f4,%f10,%f0
+	.end
+!
+! float vis_fnors(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fnors,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fnors	%f4,%f10,%f0
+	.end
+!
+! double vis_fandnot(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fandnot,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fandnot1	%f4,%f10,%f0
+	.end
+!
+! float vis_fandnots(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fandnots,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fandnot1s	%f4,%f10,%f0
+	.end
+!
+! double vis_fnot(double /*frs1*/);
+!
+	.inline vis_fnot,8
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	fnot1	%f4,%f0
+	.end
+!
+! float vis_fnots(float /*frs1*/);
+!
+	.inline vis_fnots,4
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	fnot1s	%f4,%f0
+	.end
+!
+! double vis_fxor(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fxor,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fxor	%f4,%f10,%f0
+	.end
+!
+! float vis_fxors(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fxors,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fxors	%f4,%f10,%f0
+	.end
+!
+! double vis_fnand(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fnand,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fnand	%f4,%f10,%f0
+	.end
+!
+! float vis_fnands(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fnands,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fnands	%f4,%f10,%f0
+	.end
+!
+! double vis_fand(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fand,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fand	%f4,%f10,%f0
+	.end
+!
+! float vis_fands(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fands,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fands	%f4,%f10,%f0
+	.end
+!
+! double vis_fxnor(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fxnor,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fxnor	%f4,%f10,%f0
+	.end
+!
+! float vis_fxnors(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fxnors,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fxnors	%f4,%f10,%f0
+	.end
+!
+! double vis_fsrc(double /*frs1*/);
+!
+	.inline vis_fsrc,8
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	fsrc1	%f4,%f0
+	.end
+!
+! float vis_fsrcs(float /*frs1*/);
+!
+	.inline vis_fsrcs,4
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	fsrc1s	%f4,%f0
+	.end
+!
+! double vis_fornot(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fornot,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fornot1	%f4,%f10,%f0
+	.end
+!
+! float vis_fornots(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fornots,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fornot1s	%f4,%f10,%f0
+	.end
+!
+! double vis_for(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_for,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	for	%f4,%f10,%f0
+	.end
+!
+! float vis_fors(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fors,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fors	%f4,%f10,%f0
+	.end
+!
+! double vis_fzero(/* void */)
+!
+	.inline	vis_fzero,0
+	fzero	%f0
+	.end
+!
+! float vis_fzeros(/* void */)
+!
+	.inline	vis_fzeros,0
+	fzeros	%f0
+	.end
+!
+! double vis_fone(/* void */)
+!
+	.inline	vis_fone,0
+	fone	%f0
+	.end
+!
+! float vis_fones(/* void */)
+!
+	.inline	vis_fones,0
+	fones	%f0
+	.end
+
+!--------------------------------------------------------------------
+! Partial store instructions
+!
+! vis_stdfa_ASI_PST8P(double frd, void *rs1, int rmask)
+!
+	.inline vis_stdfa_ASI_PST8P,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]%o3,0xc0	! ASI_PST8_P
+	.end
+!
+! vis_stdfa_ASI_PST8PL(double frd, void *rs1, int rmask)
+!
+	.inline vis_stdfa_ASI_PST8PL,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]%o3,0xc8	! ASI_PST8_PL
+	.end
+!
+! vis_stdfa_ASI_PST8P_int_pair(void *rs1, void *rs2, void *rs3, int rmask);
+!
+	.inline vis_stdfa_ASI_PST8P_int_pair,16
+        ld	[%o0],%f4
+        ld	[%o1],%f5
+	stda	%f4,[%o2]%o3,0xc0	! ASI_PST8_P
+	.end
+!
+! vis_stdfa_ASI_PST8S(double frd, void *rs1, int rmask)
+!
+	.inline vis_stdfa_ASI_PST8S,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]%o3,0xc1	! ASI_PST8_S
+	.end
+!
+! vis_stdfa_ASI_PST16P(double frd, void *rs1, int rmask)
+!
+	.inline vis_stdfa_ASI_PST16P,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]%o3,0xc2	! ASI_PST16_P
+	.end
+!
+! vis_stdfa_ASI_PST16S(double frd, void *rs1, int rmask)
+!
+	.inline vis_stdfa_ASI_PST16S,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]%o3,0xc3	! ASI_PST16_S
+	.end
+!
+! vis_stdfa_ASI_PST32P(double frd, void *rs1, int rmask)
+!
+	.inline vis_stdfa_ASI_PST32P,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]%o3,0xc4	! ASI_PST32_P
+	.end
+!
+! vis_stdfa_ASI_PST32S(double frd, void *rs1, int rmask)
+!
+	.inline vis_stdfa_ASI_PST32S,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]%o3,0xc5	! ASI_PST32_S
+	.end
+
+!--------------------------------------------------------------------
+! Short store instructions
+!
+! vis_stdfa_ASI_FL8P(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL8P,12
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]0xd0	! ASI_FL8_P
+	.end
+!
+! vis_stdfa_ASI_FL8P_index(double frd, void *rs1, long index)
+!
+	.inline vis_stdfa_ASI_FL8P_index,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2+%o3]0xd0 ! ASI_FL8_P
+	.end
+!
+! vis_stdfa_ASI_FL8S(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL8S,12
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]0xd1	! ASI_FL8_S
+	.end
+!
+! vis_stdfa_ASI_FL16P(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL16P,12
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]0xd2	! ASI_FL16_P
+	.end
+!
+! vis_stdfa_ASI_FL16P_index(double frd, void *rs1, long index)
+!
+	.inline vis_stdfa_ASI_FL16P_index,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2+%o3]0xd2 ! ASI_FL16_P
+	.end
+!
+! vis_stdfa_ASI_FL16S(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL16S,12
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]0xd3	! ASI_FL16_S
+	.end
+!
+! vis_stdfa_ASI_FL8PL(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL8PL,12
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]0xd8	! ASI_FL8_PL
+	.end
+!
+! vis_stdfa_ASI_FL8SL(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL8SL,12
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]0xd9	! ASI_FL8_SL
+	.end
+!
+! vis_stdfa_ASI_FL16PL(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL16PL,12
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]0xda	! ASI_FL16_PL
+	.end
+!
+! vis_stdfa_ASI_FL16SL(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL16SL,12
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]0xdb	! ASI_FL16_SL
+	.end
+
+!--------------------------------------------------------------------
+! Short load instructions
+!
+! double vis_lddfa_ASI_FL8P(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL8P,4
+	ldda	[%o0]0xd0,%f4	! ASI_FL8_P
+	fmovd	%f4,%f0	        ! Compiler can clean this up
+	.end
+!
+! double vis_lddfa_ASI_FL8P_index(void *rs1, long index)
+!
+	.inline vis_lddfa_ASI_FL8P_index,8
+	ldda	[%o0+%o1]0xd0,%f4
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL8P_hi(void *rs1, unsigned int index)
+!
+	.inline vis_lddfa_ASI_FL8P_hi,8
+	sra     %o1,16,%o1
+	ldda	[%o0+%o1]0xd0,%f4
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL8P_lo(void *rs1, unsigned int index)
+!
+	.inline vis_lddfa_ASI_FL8P_lo,8
+	sll     %o1,16,%o1
+	sra     %o1,16,%o1
+	ldda	[%o0+%o1]0xd0,%f4
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL8S(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL8S,4
+	ldda	[%o0]0xd1,%f4	! ASI_FL8_S
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL16P(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL16P,4
+	ldda	[%o0]0xd2,%f4	! ASI_FL16_P
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL16P_index(void *rs1, long index)
+!
+	.inline vis_lddfa_ASI_FL16P_index,8
+	ldda	[%o0+%o1]0xd2,%f4 ! ASI_FL16_P
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL16S(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL16S,4
+	ldda	[%o0]0xd3,%f4	! ASI_FL16_S
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL8PL(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL8PL,4
+	ldda	[%o0]0xd8,%f4	! ASI_FL8_PL
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL8PL_index(void *rs1, long index)
+!
+	.inline vis_lddfa_ASI_FL8PL_index,8
+	ldda	[%o0+%o1]0xd8,%f4	! ASI_FL8_PL
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL8SL(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL8SL,4
+	ldda	[%o0]0xd9,%f4	! ASI_FL8_SL
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL16PL(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL16PL,4
+	ldda	[%o0]0xda,%f4	! ASI_FL16_PL
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL16PL_index(void *rs1, long index)
+!
+	.inline vis_lddfa_ASI_FL16PL_index,8
+	ldda	[%o0+%o1]0xda,%f4	! ASI_FL16_PL
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL16SL(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL16SL,4
+	ldda	[%o0]0xdb,%f4	! ASI_FL16_SL
+	fmovd	%f4,%f0
+	.end
+
+!--------------------------------------------------------------------
+! Graphics status register
+!
+! unsigned int vis_read_gsr(void)
+!
+	.inline vis_read_gsr,0
+	rd	%gsr,%o0
+	.end
+!
+! void vis_write_gsr(unsigned int /* GSR */)
+!
+	.inline vis_write_gsr,4
+	wr	%g0,%o0,%gsr
+	.end
+
+!--------------------------------------------------------------------
+! Voxel texture mapping
+!
+! unsigned long vis_array8(unsigned long long /*rs1 */, int /*rs2*/)
+!
+	.inline	vis_array8,12
+	sllx	%o0,32,%o0
+	srl	%o1,0,%o1	! clear the most significant 32 bits of %o1
+	or	%o0,%o1,%o3	! join %o0 and %o1 into %o3
+	array8	%o3,%o2,%o0
+	.end
+!
+! unsigned long vis_array16(unsigned long long /*rs1*/, int /*rs2*/)
+!
+	.inline	vis_array16,12
+	sllx	%o0,32,%o0
+	srl	%o1,0,%o1	! clear the most significant 32 bits of %o1
+	or	%o0,%o1,%o3	! join %o0 and %o1 into %o3
+	array16	%o3,%o2,%o0
+	.end
+!
+! unsigned long vis_array32(unsigned long long /*rs1*/, int /*rs2*/)
+!
+	.inline	vis_array32,12
+	sllx	%o0,32,%o0
+	srl	%o1,0,%o1	! clear the most significant 32 bits of %o1
+	or	%o0,%o1,%o3	! join %o0 and %o1 into %o3
+	array32	%o3,%o2,%o0
+	.end
+
+!--------------------------------------------------------------------
+! Register aliasing and type casts
+!
+! float vis_read_hi(double /* frs1 */);
+!
+	.inline vis_read_hi,8
+	std	%o0,[%sp+0x48]	! store double frs1
+	ldd	[%sp+0x48],%f0	! %f0:%f1 = double frs1; return %f0;
+	.end
+!
+! float vis_read_lo(double /* frs1 */);
+!
+	.inline vis_read_lo,8
+	std	%o0,[%sp+0x48]	! store double frs1
+	ldd	[%sp+0x48],%f0	! %f0:%f1 = double frs1;
+	fmovs	%f1,%f0		! %f0 = low word (frs1); return %f0;
+	.end
+!
+! double vis_write_hi(double /* frs1 */, float /* frs2 */);
+!
+	.inline vis_write_hi,12
+	std	%o0,[%sp+0x48]	! store double frs1;
+	ldd	[%sp+0x48],%f0	! %f0:%f1 = double frs1;
+	st	%o2,[%sp+0x44]	! store float frs2;
+	ld	[%sp+0x44],%f2	! %f2 = float frs2;
+	fmovs	%f2,%f0		! %f0 = float frs2; return %f0:f1;
+	.end
+!
+! double vis_write_lo(double /* frs1 */, float /* frs2 */);
+!
+	.inline vis_write_lo,12
+	std	%o0,[%sp+0x48]	! store double frs1;
+	ldd	[%sp+0x48],%f0	! %f0:%f1 = double frs1;
+	st	%o2,[%sp+0x44]	! store float frs2;
+	ld	[%sp+0x44],%f2	! %f2 = float frs2;
+	fmovs	%f2,%f1		! %f1 = float frs2; return %f0:f1;
+	.end
+!
+! double vis_freg_pair(float /* frs1 */, float /* frs2 */);
+!
+	.inline vis_freg_pair,8
+	st	%o0,[%sp+0x48]	! store float frs1
+	ld	[%sp+0x48],%f0
+	st	%o1,[%sp+0x48]	! store float frs2
+	ld	[%sp+0x48],%f1
+	.end
+!
+! float vis_to_float(unsigned int /*value*/);
+!
+	.inline vis_to_float,4
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f0
+	.end
+!
+! double vis_to_double(unsigned int /*value1*/, unsigned int /*value2*/);
+!
+	.inline vis_to_double,8
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f0
+	.end
+!
+! double vis_to_double_dup(unsigned int /*value*/);
+!
+	.inline vis_to_double_dup,4
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f1
+	fmovs	%f1,%f0		! duplicate value
+	.end
+!
+! double vis_ll_to_double(unsigned long long /*value*/);
+!
+	.inline vis_ll_to_double,8
+	std     %o0,[%sp+0x48]
+	ldd     [%sp+0x48],%f0
+	.end
+
+!--------------------------------------------------------------------
+! Address space identifier (ASI) register
+!
+! unsigned int vis_read_asi(void)
+!
+	.inline vis_read_asi,0
+	rd	%asi,%o0
+	.end
+!
+! void vis_write_asi(unsigned int /* ASI */)
+!
+	.inline vis_write_asi,4
+	wr	%g0,%o0,%asi
+	.end
+
+!--------------------------------------------------------------------
+! Load/store from/into alternate space
+!
+! float vis_ldfa_ASI_REG(void *rs1)
+!
+	.inline vis_ldfa_ASI_REG,4
+	lda	[%o0+0]%asi,%f4
+	fmovs	%f4,%f0	        ! Compiler can clean this up
+	.end
+!
+! float vis_ldfa_ASI_P(void *rs1)
+!
+	.inline vis_ldfa_ASI_P,4
+	lda	[%o0]0x80,%f4	! ASI_P
+	fmovs	%f4,%f0	        ! Compiler can clean this up
+	.end
+!
+! float vis_ldfa_ASI_PL(void *rs1)
+!
+	.inline vis_ldfa_ASI_PL,4
+	lda	[%o0]0x88,%f4	! ASI_PL
+	fmovs	%f4,%f0	        ! Compiler can clean this up
+	.end
+!
+! double vis_lddfa_ASI_REG(void *rs1)
+!
+	.inline vis_lddfa_ASI_REG,4
+	ldda	[%o0+0]%asi,%f4
+	fmovd	%f4,%f0	        ! Compiler can clean this up
+	.end
+!
+! double vis_lddfa_ASI_P(void *rs1)
+!
+	.inline vis_lddfa_ASI_P,4
+	ldda	[%o0]0x80,%f4	! ASI_P
+	fmovd	%f4,%f0	        ! Compiler can clean this up
+	.end
+!
+! double vis_lddfa_ASI_PL(void *rs1)
+!
+	.inline vis_lddfa_ASI_PL,4
+	ldda	[%o0]0x88,%f4	! ASI_PL
+	fmovd	%f4,%f0	        ! Compiler can clean this up
+	.end
+!
+! vis_stfa_ASI_REG(float frs, void *rs1)
+!
+	.inline vis_stfa_ASI_REG,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	sta	%f4,[%o1+0]%asi
+	.end
+!
+! vis_stfa_ASI_P(float frs, void *rs1)
+!
+	.inline vis_stfa_ASI_P,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	sta	%f4,[%o1]0x80	! ASI_P
+	.end
+!
+! vis_stfa_ASI_PL(float frs, void *rs1)
+!
+	.inline vis_stfa_ASI_PL,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	sta	%f4,[%o1]0x88	! ASI_PL
+	.end
+!
+! vis_stdfa_ASI_REG(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_REG,12
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2+0]%asi
+	.end
+!
+! vis_stdfa_ASI_P(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_P,12
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]0x80	! ASI_P
+	.end
+!
+! vis_stdfa_ASI_PL(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_PL,12
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]0x88	! ASI_PL
+	.end
+!
+! unsigned short vis_lduha_ASI_REG(void *rs1)
+!
+	.inline vis_lduha_ASI_REG,4
+	lduha	[%o0+0]%asi,%o0
+	.end
+!
+! unsigned short vis_lduha_ASI_P(void *rs1)
+!
+	.inline vis_lduha_ASI_P,4
+	lduha	[%o0]0x80,%o0	! ASI_P
+	.end
+!
+! unsigned short vis_lduha_ASI_PL(void *rs1)
+!
+	.inline vis_lduha_ASI_PL,4
+	lduha	[%o0]0x88,%o0	! ASI_PL
+	.end
+!
+! unsigned short vis_lduha_ASI_P_index(void *rs1, long index)
+!
+	.inline vis_lduha_ASI_P_index,8
+	lduha	[%o0+%o1]0x80,%o0	! ASI_P
+	.end
+!
+! unsigned short vis_lduha_ASI_PL_index(void *rs1, long index)
+!
+	.inline vis_lduha_ASI_PL_index,8
+	lduha	[%o0+%o1]0x88,%o0	! ASI_PL
+	.end
+
+!--------------------------------------------------------------------
+! Prefetch
+!
+! void vis_prefetch_read(void * /*address*/);
+!
+	.inline vis_prefetch_read,4
+	prefetch	[%o0+0],0
+	.end
+!
+! void vis_prefetch_write(void * /*address*/);
+!
+	.inline vis_prefetch_write,4
+	prefetch	[%o0+0],2
+	.end
diff --git a/security/nss/lib/freebl/mpi/vis_64.il b/security/nss/lib/freebl/mpi/vis_64.il
new file mode 100644
index 000000000..1ad8207fa
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/vis_64.il
@@ -0,0 +1,1030 @@
+! 
+! ***** BEGIN LICENSE BLOCK *****
+! Version: MPL 1.1/GPL 2.0/LGPL 2.1
+!
+! The contents of this file are subject to the Mozilla Public License Version
+! 1.1 (the "License"); you may not use this file except in compliance with
+! the License. You may obtain a copy of the License at
+! http://www.mozilla.org/MPL/
+!
+! Software distributed under the License is distributed on an "AS IS" basis,
+! WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+! for the specific language governing rights and limitations under the
+! License.
+!
+! The Original Code is vis inline macros (64 bit).  (vis_64.il 3.4).
+!
+! The Initial Developer of the Original Code is
+! Sun Microsystems Inc.
+! Portions created by the Initial Developer are Copyright (C) 1998-2000
+! the Initial Developer. All Rights Reserved.
+!
+! Contributor(s):
+!
+! Alternatively, the contents of this file may be used under the terms of
+! either the GNU General Public License Version 2 or later (the "GPL"), or
+! the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+! in which case the provisions of the GPL or the LGPL are applicable instead
+! of those above. If you wish to allow use of your version of this file only
+! under the terms of either the GPL or the LGPL, and not to allow others to
+! use your version of this file under the terms of the MPL, indicate your
+! decision by deleting the provisions above and replace them with the notice
+! and other provisions required by the GPL or the LGPL. If you do not delete
+! the provisions above, a recipient may use your version of this file under
+! the terms of any one of the MPL, the GPL or the LGPL.
+!
+! ***** END LICENSE BLOCK *****
+! $Id$
+
+! This file is to be used in place of vis.il in 64-bit builds.
+
+!--------------------------------------------------------------------
+! Pure edge handling instructions
+!
+! int vis_edge8(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge8,16
+	edge8	%o0,%o1,%o0
+	.end
+!
+! int vis_edge8l(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge8l,16
+	edge8l	%o0,%o1,%o0
+	.end
+!
+! int vis_edge16(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge16,16
+	edge16	%o0,%o1,%o0
+	.end
+!
+! int vis_edge16l(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge16l,16
+	edge16l	%o0,%o1,%o0
+	.end
+!
+! int vis_edge32(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge32,16
+	edge32	%o0,%o1,%o0
+	.end
+!
+! int vis_edge32l(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge32l,16
+	edge32l	%o0,%o1,%o0
+	.end
+
+!--------------------------------------------------------------------
+! Edge handling instructions with negative return values if cc set
+!
+! int vis_edge8cc(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge8cc,16
+	edge8	%o0,%o1,%o0
+	mov     0,%o1
+	movgu   %xcc,-1024,%o1
+	or      %o1,%o0,%o0
+	.end
+!
+! int vis_edge8lcc(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge8lcc,16
+	edge8l	%o0,%o1,%o0
+	mov     0,%o1
+	movgu   %xcc,-1024,%o1
+	or      %o1,%o0,%o0
+	.end
+!
+! int vis_edge16cc(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge16cc,16
+	edge16	%o0,%o1,%o0
+	mov     0,%o1
+	movgu   %xcc,-1024,%o1
+	or      %o1,%o0,%o0
+	.end
+!
+! int vis_edge16lcc(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge16lcc,16
+	edge16l	%o0,%o1,%o0
+	mov     0,%o1
+	movgu   %xcc,-1024,%o1
+	or      %o1,%o0,%o0
+	.end
+!
+! int vis_edge32cc(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge32cc,16
+	edge32	%o0,%o1,%o0
+	mov     0,%o1
+	movgu   %xcc,-1024,%o1
+	or      %o1,%o0,%o0
+	.end
+!
+! int vis_edge32lcc(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge32lcc,16
+	edge32l	%o0,%o1,%o0
+	mov     0,%o1
+	movgu   %xcc,-1024,%o1
+	or      %o1,%o0,%o0
+	.end
+
+!--------------------------------------------------------------------
+! Alignment instructions
+!
+! void *vis_alignaddr(void */*rs1*/, int /*rs2*/);
+!
+	.inline vis_alignaddr,12
+	alignaddr	%o0,%o1,%o0
+	.end
+!
+! void *vis_alignaddrl(void */*rs1*/, int /*rs2*/);
+!
+	.inline vis_alignaddrl,12
+	alignaddrl	%o0,%o1,%o0
+	.end
+!
+! double vis_faligndata(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_faligndata,16
+	faligndata	%f0,%f2,%f0
+	.end
+
+!--------------------------------------------------------------------
+! Partitioned comparison instructions
+!
+! int vis_fcmple16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmple16,16
+	fcmple16	%f0,%f2,%o0
+	.end
+!
+! int vis_fcmpne16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmpne16,16
+	fcmpne16	%f0,%f2,%o0
+	.end
+!
+! int vis_fcmple32(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmple32,16
+	fcmple32	%f0,%f2,%o0
+	.end
+!
+! int vis_fcmpne32(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmpne32,16
+	fcmpne32	%f0,%f2,%o0
+	.end
+!
+! int vis_fcmpgt16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmpgt16,16
+	fcmpgt16	%f0,%f2,%o0
+	.end
+!
+! int vis_fcmpeq16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmpeq16,16
+	fcmpeq16	%f0,%f2,%o0
+	.end
+!
+! int vis_fcmpgt32(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmpgt32,16
+	fcmpgt32	%f0,%f2,%o0
+	.end
+!
+! int vis_fcmpeq32(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmpeq32,16
+	fcmpeq32	%f0,%f2,%o0
+	.end
+
+!--------------------------------------------------------------------
+! Partitioned arithmetic
+!
+! double vis_fmul8x16(float /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fmul8x16,12
+	fmul8x16	%f1,%f2,%f0
+	.end
+!
+! double vis_fmul8x16_dummy(float /*frs1*/, int /*dummy*/, double /*frs2*/);
+!
+	.inline vis_fmul8x16_dummy,16
+	fmul8x16	%f1,%f4,%f0
+	.end
+!
+! double vis_fmul8x16au(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fmul8x16au,8
+	fmul8x16au	%f1,%f3,%f0
+	.end
+!
+! double vis_fmul8x16al(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fmul8x16al,8
+	fmul8x16al	%f1,%f3,%f0
+	.end
+!
+! double vis_fmul8sux16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fmul8sux16,16
+	fmul8sux16	%f0,%f2,%f0
+	.end
+!
+! double vis_fmul8ulx16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fmul8ulx16,16
+	fmul8ulx16	%f0,%f2,%f0
+	.end
+!
+! double vis_fmuld8sux16(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fmuld8sux16,8
+	fmuld8sux16	%f1,%f3,%f0
+	.end
+!
+! double vis_fmuld8ulx16(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fmuld8ulx16,8
+	fmuld8ulx16	%f1,%f3,%f0
+	.end
+!
+! double vis_fpadd16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fpadd16,16
+	fpadd16	%f0,%f2,%f0
+	.end
+!
+! float vis_fpadd16s(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fpadd16s,8
+	fpadd16s	%f1,%f3,%f0
+	.end
+!
+! double vis_fpadd32(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fpadd32,16
+	fpadd32	%f0,%f2,%f0
+	.end
+!
+! float vis_fpadd32s(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fpadd32s,8
+	fpadd32s	%f1,%f3,%f0
+	.end
+!
+! double vis_fpsub16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fpsub16,16
+	fpsub16	%f0,%f2,%f0
+	.end
+!
+! float vis_fpsub16s(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fpsub16s,8
+	fpsub16s	%f1,%f3,%f0
+	.end
+!
+! double vis_fpsub32(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fpsub32,16
+	fpsub32	%f0,%f2,%f0
+	.end
+!
+! float vis_fpsub32s(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fpsub32s,8
+	fpsub32s	%f1,%f3,%f0
+	.end
+
+!--------------------------------------------------------------------
+! Pixel packing
+!
+! float vis_fpack16(double /*frs2*/);
+!
+	.inline vis_fpack16,8
+	fpack16	%f0,%f0
+	.end
+!
+! double vis_fpack16_pair(double /*frs2*/, double /*frs2*/);
+!
+	.inline vis_fpack16_pair,16
+	fpack16	%f0,%f0
+	fpack16	%f2,%f1
+	.end
+!
+! void vis_st2_fpack16(double, double, double *)
+!
+	.inline vis_st2_fpack16,24
+ 	fpack16	%f0,%f0
+ 	fpack16	%f2,%f1
+ 	st	%f0,[%o2+0]
+ 	st	%f1,[%o2+4]
+ 	.end
+!
+! void vis_std_fpack16(double, double, double *)
+!
+	.inline vis_std_fpack16,24
+	fpack16	%f0,%f0
+	fpack16	%f2,%f1
+	std	%f0,[%o2]
+	.end
+!
+! void vis_st2_fpackfix(double, double, double *)
+!
+	.inline vis_st2_fpackfix,24
+ 	fpackfix %f0,%f0
+ 	fpackfix %f2,%f1
+ 	st	%f0,[%o2+0]
+ 	st	%f1,[%o2+4]
+ 	.end
+!
+! double vis_fpack16_to_hi(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fpack16_to_hi,16
+	fpack16	%f2,%f0
+	.end
+
+! double vis_fpack16_to_lo(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fpack16_to_lo,16
+	fpack16	%f2,%f3
+	fmovs	%f3,%f1		/* without this, optimizer goes wrong */
+	.end
+
+!
+! double vis_fpack32(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fpack32,16
+	fpack32	%f0,%f2,%f0
+	.end
+!
+! float vis_fpackfix(double /*frs2*/);
+!
+	.inline vis_fpackfix,8
+	fpackfix	%f0,%f0
+	.end
+!
+! double vis_fpackfix_pair(double /*frs2*/, double /*frs2*/);
+!
+	.inline vis_fpackfix_pair,16
+	fpackfix	%f0,%f0
+	fpackfix	%f2,%f1
+	.end
+
+!--------------------------------------------------------------------
+! Motion estimation
+!
+! double vis_pxldist64(double accum /*frd*/, double pxls1 /*frs1*/, 
+!		       double pxls2 /*frs2*/);
+!
+	.inline vis_pxldist64,24
+	pdist	%f2,%f4,%f0
+	.end
+
+!--------------------------------------------------------------------
+! Channel merging
+!
+! double vis_fpmerge(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fpmerge,8
+	fpmerge	%f1,%f3,%f0
+	.end
+
+!--------------------------------------------------------------------
+! Pixel expansion
+!
+! double vis_fexpand(float /*frs2*/);
+!
+	.inline vis_fexpand,4
+	fexpand	%f1,%f0
+	.end
+
+! double vis_fexpand_hi(double /*frs2*/);
+!
+	.inline vis_fexpand_hi,8
+	fexpand	%f0,%f0
+	.end
+
+! double vis_fexpand_lo(double /*frs2*/);
+!
+	.inline vis_fexpand_lo,8
+	fexpand	%f1,%f0
+	.end
+
+!--------------------------------------------------------------------
+! Bitwise logical operations
+!
+! double vis_fnor(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fnor,16
+	fnor	%f0,%f2,%f0
+	.end
+!
+! float vis_fnors(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fnors,8
+	fnors	%f1,%f3,%f0
+	.end
+!
+! double vis_fandnot(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fandnot,16
+	fandnot1 %f0,%f2,%f0
+	.end
+!
+! float vis_fandnots(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fandnots,8
+	fandnot1s %f1,%f3,%f0
+	.end
+!
+! double vis_fnot(double /*frs1*/);
+!
+	.inline vis_fnot,8
+	fnot1	%f0,%f0
+	.end
+!
+! float vis_fnots(float /*frs1*/);
+!
+	.inline vis_fnots,4
+	fnot1s	%f1,%f0
+	.end
+!
+! double vis_fxor(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fxor,16
+	fxor	%f0,%f2,%f0
+	.end
+!
+! float vis_fxors(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fxors,8
+	fxors	%f1,%f3,%f0
+	.end
+!
+! double vis_fnand(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fnand,16
+	fnand	%f0,%f2,%f0
+	.end
+!
+! float vis_fnands(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fnands,8
+	fnands	%f1,%f3,%f0
+	.end
+!
+! double vis_fand(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fand,16
+	fand	%f0,%f2,%f0
+	.end
+!
+! float vis_fands(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fands,8
+	fands	%f1,%f3,%f0
+	.end
+!
+! double vis_fxnor(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fxnor,16
+	fxnor	%f0,%f2,%f0
+	.end
+!
+! float vis_fxnors(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fxnors,8
+	fxnors	%f1,%f3,%f0
+	.end
+!
+! double vis_fsrc(double /*frs1*/);
+!
+	.inline vis_fsrc,8
+	fsrc1	%f0,%f0
+	.end
+!
+! float vis_fsrcs(float /*frs1*/);
+!
+	.inline vis_fsrcs,4
+	fsrc1s	%f1,%f0
+	.end
+!
+! double vis_fornot(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fornot,16
+	fornot1	%f0,%f2,%f0
+	.end
+!
+! float vis_fornots(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fornots,8
+	fornot1s %f1,%f3,%f0
+	.end
+!
+! double vis_for(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_for,16
+	for	%f0,%f2,%f0
+	.end
+!
+! float vis_fors(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fors,8
+	fors	%f1,%f3,%f0
+	.end
+!
+! double vis_fzero(/* void */)
+!
+	.inline	vis_fzero,0
+	fzero	%f0
+	.end
+!
+! float vis_fzeros(/* void */)
+!
+	.inline	vis_fzeros,0
+	fzeros	%f0
+	.end
+!
+! double vis_fone(/* void */)
+!
+	.inline	vis_fone,0
+	fone	%f0
+	.end
+!
+! float vis_fones(/* void */)
+!
+	.inline	vis_fones,0
+	fones	%f0
+	.end
+
+!--------------------------------------------------------------------
+! Partial store instructions
+!
+! vis_stdfa_ASI_PST8P(double frd, void *rs1, int rmask)
+!
+	.inline vis_stdfa_ASI_PST8P,20
+	stda	%f0,[%o1]%o2,0xc0	! ASI_PST8_P
+	.end
+!
+! vis_stdfa_ASI_PST8PL(double frd, void *rs1, int rmask)
+!
+	.inline vis_stdfa_ASI_PST8PL,20
+	stda	%f0,[%o1]%o2,0xc8	! ASI_PST8_PL
+	.end
+!
+! vis_stdfa_ASI_PST8P_int_pair(void *rs1, void *rs2, void *rs3, int rmask);
+!
+	.inline vis_stdfa_ASI_PST8P_int_pair,28
+        ld	[%o0],%f4
+        ld	[%o1],%f5
+	stda	%f4,[%o2]%o3,0xc0	! ASI_PST8_P
+	.end
+!
+! vis_stdfa_ASI_PST8S(double frd, void *rs1, int rmask)
+!
+	.inline vis_stdfa_ASI_PST8S,20
+	stda	%f0,[%o1]%o2,0xc1	! ASI_PST8_S
+	.end
+!
+! vis_stdfa_ASI_PST16P(double frd, void *rs1, int rmask)
+!
+	.inline vis_stdfa_ASI_PST16P,20
+	stda	%f0,[%o1]%o2,0xc2	! ASI_PST16_P
+	.end
+!
+! vis_stdfa_ASI_PST16S(double frd, void *rs1, int rmask)
+!
+	.inline vis_stdfa_ASI_PST16S,20
+	stda	%f0,[%o1]%o2,0xc3	! ASI_PST16_S
+	.end
+!
+! vis_stdfa_ASI_PST32P(double frd, void *rs1, int rmask)
+!
+	.inline vis_stdfa_ASI_PST32P,20
+	stda	%f0,[%o1]%o2,0xc4	! ASI_PST32_P
+	.end
+!
+! vis_stdfa_ASI_PST32S(double frd, void *rs1, int rmask)
+!
+	.inline vis_stdfa_ASI_PST32S,20
+	stda	%f0,[%o1]%o2,0xc5	! ASI_PST32_S
+	.end
+
+!--------------------------------------------------------------------
+! Short store instructions
+!
+! vis_stdfa_ASI_FL8P(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL8P,16
+	stda	%f0,[%o1]0xd0	! ASI_FL8_P
+	.end
+!
+! vis_stdfa_ASI_FL8P_index(double frd, void *rs1, long index)
+!
+	.inline vis_stdfa_ASI_FL8P_index,24
+	stda	%f0,[%o1+%o2]0xd0 ! ASI_FL8_P
+	.end
+!
+! vis_stdfa_ASI_FL8S(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL8S,16
+	stda	%f0,[%o1]0xd1	! ASI_FL8_S
+	.end
+!
+! vis_stdfa_ASI_FL16P(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL16P,16
+	stda	%f0,[%o1]0xd2	! ASI_FL16_P
+	.end
+!
+! vis_stdfa_ASI_FL16P_index(double frd, void *rs1, long index)
+!
+	.inline vis_stdfa_ASI_FL16P_index,24
+	stda	%f0,[%o1+%o2]0xd2 ! ASI_FL16_P
+	.end
+!
+! vis_stdfa_ASI_FL16S(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL16S,16
+	stda	%f0,[%o1]0xd3	! ASI_FL16_S
+	.end
+!
+! vis_stdfa_ASI_FL8PL(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL8PL,16
+	stda	%f0,[%o1]0xd8	! ASI_FL8_PL
+	.end
+!
+! vis_stdfa_ASI_FL8SL(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL8SL,16
+	stda	%f0,[%o1]0xd9	! ASI_FL8_SL
+	.end
+!
+! vis_stdfa_ASI_FL16PL(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL16PL,16
+	stda	%f0,[%o1]0xda	! ASI_FL16_PL
+	.end
+!
+! vis_stdfa_ASI_FL16SL(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL16SL,16
+	stda	%f0,[%o1]0xdb	! ASI_FL16_SL
+	.end
+
+!--------------------------------------------------------------------
+! Short load instructions
+!
+! double vis_lddfa_ASI_FL8P(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL8P,8
+	ldda	[%o0]0xd0,%f4	! ASI_FL8_P
+	fmovd	%f4,%f0	        ! Compiler can clean this up
+	.end
+!
+! double vis_lddfa_ASI_FL8P_index(void *rs1, long index)
+!
+	.inline vis_lddfa_ASI_FL8P_index,16
+	ldda	[%o0+%o1]0xd0,%f4
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL8P_hi(void *rs1, unsigned int index)
+!
+	.inline vis_lddfa_ASI_FL8P_hi,12
+	sra     %o1,16,%o1
+	ldda	[%o0+%o1]0xd0,%f4
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL8P_lo(void *rs1, unsigned int index)
+!
+	.inline vis_lddfa_ASI_FL8P_lo,12
+	sll     %o1,16,%o1
+	sra     %o1,16,%o1
+	ldda	[%o0+%o1]0xd0,%f4
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL8S(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL8S,8
+	ldda	[%o0]0xd1,%f4	! ASI_FL8_S
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL16P(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL16P,8
+	ldda	[%o0]0xd2,%f4	! ASI_FL16_P
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL16P_index(void *rs1, long index)
+!
+	.inline vis_lddfa_ASI_FL16P_index,16
+	ldda	[%o0+%o1]0xd2,%f4 ! ASI_FL16_P
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL16S(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL16S,8
+	ldda	[%o0]0xd3,%f4	! ASI_FL16_S
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL8PL(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL8PL,8
+	ldda	[%o0]0xd8,%f4	! ASI_FL8_PL
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL8PL_index(void *rs1, long index)
+!
+	.inline vis_lddfa_ASI_FL8PL_index,16
+	ldda	[%o0+%o1]0xd8,%f4	! ASI_FL8_PL
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL8SL(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL8SL,8
+	ldda	[%o0]0xd9,%f4	! ASI_FL8_SL
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL16PL(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL16PL,8
+	ldda	[%o0]0xda,%f4	! ASI_FL16_PL
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL16PL_index(void *rs1, long index)
+!
+	.inline vis_lddfa_ASI_FL16PL_index,16
+	ldda	[%o0+%o1]0xda,%f4	! ASI_FL16_PL
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL16SL(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL16SL,8
+	ldda	[%o0]0xdb,%f4	! ASI_FL16_SL
+	fmovd	%f4,%f0
+	.end
+
+!--------------------------------------------------------------------
+! Graphics status register
+!
+! unsigned int vis_read_gsr(void)
+!
+	.inline vis_read_gsr,0
+	rd	%gsr,%o0
+	.end
+!
+! void vis_write_gsr(unsigned int /* GSR */)
+!
+	.inline vis_write_gsr,4
+	wr	%g0,%o0,%gsr
+	.end
+
+!--------------------------------------------------------------------
+! Voxel texture mapping
+!
+! unsigned long vis_array8(unsigned long long /*rs1 */, int /*rs2*/)
+!
+	.inline	vis_array8,12
+	array8	%o0,%o1,%o0
+	.end
+!
+! unsigned long vis_array16(unsigned long long /*rs1*/, int /*rs2*/)
+!
+	.inline	vis_array16,12
+	array16	%o0,%o1,%o0
+	.end
+!
+! unsigned long vis_array32(unsigned long long /*rs1*/, int /*rs2*/)
+!
+	.inline	vis_array32,12
+	array32	%o0,%o1,%o0
+	.end
+
+!--------------------------------------------------------------------
+! Register aliasing and type casts
+!
+! float vis_read_hi(double /* frs1 */);
+!
+	.inline vis_read_hi,8
+	fmovs	%f0,%f0
+	.end
+!
+! float vis_read_lo(double /* frs1 */);
+!
+	.inline vis_read_lo,8
+	fmovs	%f1,%f0		! %f0 = low word (frs1); return %f0;
+	.end
+!
+! double vis_write_hi(double /* frs1 */, float /* frs2 */);
+!
+	.inline vis_write_hi,12
+	fmovs	%f3,%f0		! %f3 = float frs2; return %f0:f1;
+	.end
+!
+! double vis_write_lo(double /* frs1 */, float /* frs2 */);
+!
+	.inline vis_write_lo,12
+	fmovs	%f3,%f1		! %f3 = float frs2; return %f0:f1;
+	.end
+!
+! double vis_freg_pair(float /* frs1 */, float /* frs2 */);
+!
+	.inline vis_freg_pair,8
+	fmovs	%f1,%f0		! %f1 = float frs1; put in hi;
+	fmovs	%f3,%f1		! %f3 = float frs2; put in lo; return %f0:f1;
+	.end
+!
+! float vis_to_float(unsigned int /*value*/);
+!
+	.inline vis_to_float,4
+	st	%o0,[%sp+2183]
+	ld	[%sp+2183],%f0
+	.end
+!
+! double vis_to_double(unsigned int /*value1*/, unsigned int /*value2*/);
+!
+	.inline vis_to_double,8
+	st	%o0,[%sp+2183]
+	ld	[%sp+2183],%f0
+	st	%o1,[%sp+2183]
+	ld	[%sp+2183],%f1
+	.end
+!
+! double vis_to_double_dup(unsigned int /*value*/);
+!
+	.inline vis_to_double_dup,4
+	st	%o0,[%sp+2183]
+	ld	[%sp+2183],%f1
+	fmovs	%f1,%f0		! duplicate value
+	.end
+!
+! double vis_ll_to_double(unsigned long long /*value*/);
+!
+	.inline vis_ll_to_double,8
+	stx     %o0,[%sp+2183]
+	ldd     [%sp+2183],%f0
+        .end
+
+!--------------------------------------------------------------------
+! Address space identifier (ASI) register
+!
+! unsigned int vis_read_asi(void)
+!
+	.inline vis_read_asi,0
+	rd	%asi,%o0
+	.end
+!
+! void vis_write_asi(unsigned int /* ASI */)
+!
+	.inline vis_write_asi,4
+	wr	%g0,%o0,%asi
+	.end
+
+!--------------------------------------------------------------------
+! Load/store from/into alternate space
+!
+! float vis_ldfa_ASI_REG(void *rs1)
+!
+	.inline vis_ldfa_ASI_REG,8
+	lda	[%o0+0]%asi,%f4
+	fmovs	%f4,%f0	        ! Compiler can clean this up
+	.end
+!
+! float vis_ldfa_ASI_P(void *rs1)
+!
+	.inline vis_ldfa_ASI_P,8
+	lda	[%o0]0x80,%f4	! ASI_P
+	fmovs	%f4,%f0	        ! Compiler can clean this up
+	.end
+!
+! float vis_ldfa_ASI_PL(void *rs1)
+!
+	.inline vis_ldfa_ASI_PL,8
+	lda	[%o0]0x88,%f4	! ASI_PL
+	fmovs	%f4,%f0	        ! Compiler can clean this up
+	.end
+!
+! double vis_lddfa_ASI_REG(void *rs1)
+!
+	.inline vis_lddfa_ASI_REG,8
+	ldda	[%o0+0]%asi,%f4
+	fmovd	%f4,%f0	        ! Compiler can clean this up
+	.end
+!
+! double vis_lddfa_ASI_P(void *rs1)
+!
+	.inline vis_lddfa_ASI_P,8
+	ldda	[%o0]0x80,%f4	! ASI_P
+	fmovd	%f4,%f0	        ! Compiler can clean this up
+	.end
+!
+! double vis_lddfa_ASI_PL(void *rs1)
+!
+	.inline vis_lddfa_ASI_PL,8
+	ldda	[%o0]0x88,%f4	! ASI_PL
+	fmovd	%f4,%f0	        ! Compiler can clean this up
+	.end
+!
+! vis_stfa_ASI_REG(float frs, void *rs1)
+!
+	.inline vis_stfa_ASI_REG,12
+	sta	%f1,[%o1+0]%asi
+	.end
+!
+! vis_stfa_ASI_P(float frs, void *rs1)
+!
+	.inline vis_stfa_ASI_P,12
+	sta	%f1,[%o1]0x80	! ASI_P
+	.end
+!
+! vis_stfa_ASI_PL(float frs, void *rs1)
+!
+	.inline vis_stfa_ASI_PL,12
+	sta	%f1,[%o1]0x88	! ASI_PL
+	.end
+!
+! vis_stdfa_ASI_REG(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_REG,16
+	stda	%f0,[%o1+0]%asi
+	.end
+!
+! vis_stdfa_ASI_P(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_P,16
+	stda	%f0,[%o1]0x80	! ASI_P
+	.end
+!
+! vis_stdfa_ASI_PL(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_PL,16
+	stda	%f0,[%o1]0x88	! ASI_PL
+	.end
+!
+! unsigned short vis_lduha_ASI_REG(void *rs1)
+!
+	.inline vis_lduha_ASI_REG,8
+	lduha	[%o0+0]%asi,%o0
+	.end
+!
+! unsigned short vis_lduha_ASI_P(void *rs1)
+!
+	.inline vis_lduha_ASI_P,8
+	lduha	[%o0]0x80,%o0	! ASI_P
+	.end
+!
+! unsigned short vis_lduha_ASI_PL(void *rs1)
+!
+	.inline vis_lduha_ASI_PL,8
+	lduha	[%o0]0x88,%o0	! ASI_PL
+	.end
+!
+! unsigned short vis_lduha_ASI_P_index(void *rs1, long index)
+!
+	.inline vis_lduha_ASI_P_index,16
+	lduha	[%o0+%o1]0x80,%o0	! ASI_P
+	.end
+!
+! unsigned short vis_lduha_ASI_PL_index(void *rs1, long index)
+!
+	.inline vis_lduha_ASI_PL_index,16
+	lduha	[%o0+%o1]0x88,%o0	! ASI_PL
+	.end
+
+!--------------------------------------------------------------------
+! Prefetch
+!
+! void vis_prefetch_read(void * /*address*/);
+!
+	.inline vis_prefetch_read,8
+	prefetch	[%o0+0],0
+	.end
+!
+! void vis_prefetch_write(void * /*address*/);
+!
+	.inline vis_prefetch_write,8
+	prefetch	[%o0+0],2
+	.end
diff --git a/security/nss/lib/freebl/mpi/vis_proto.h b/security/nss/lib/freebl/mpi/vis_proto.h
new file mode 100644
index 000000000..2790fedd0
--- /dev/null
+++ b/security/nss/lib/freebl/mpi/vis_proto.h
@@ -0,0 +1,267 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is prototypes for vis.il  (vis_proto.h 1.3).
+ *
+ * The Initial Developer of the Original Code is
+ * Sun Microsystems Inc.
+ * Portions created by the Initial Developer are Copyright (C) 1995
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+/*
+ * Prototypes for the inline templates in vis.il
+ */
+
+#ifndef VIS_PROTO_H
+#define VIS_PROTO_H
+
+#pragma ident	"@(#)vis_proto.h	1.3	97/03/30 SMI"
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+/* Pure edge handling instructions */
+int vis_edge8(void * /*frs1*/, void * /*frs2*/);
+int vis_edge8l(void * /*frs1*/, void * /*frs2*/);
+int vis_edge16(void * /*frs1*/, void * /*frs2*/);
+int vis_edge16l(void * /*frs1*/, void * /*frs2*/);
+int vis_edge32(void * /*frs1*/, void * /*frs2*/);
+int vis_edge32l(void * /*frs1*/, void * /*frs2*/);
+
+/* Edge handling instructions with negative return values if cc set. */
+int vis_edge8cc(void * /*frs1*/, void * /*frs2*/);
+int vis_edge8lcc(void * /*frs1*/, void * /*frs2*/);
+int vis_edge16cc(void * /*frs1*/, void * /*frs2*/);
+int vis_edge16lcc(void * /*frs1*/, void * /*frs2*/);
+int vis_edge32cc(void * /*frs1*/, void * /*frs2*/);
+int vis_edge32lcc(void * /*frs1*/, void * /*frs2*/);
+
+/* Alignment instructions. */
+void *vis_alignaddr(void * /*rs1*/, int /*rs2*/);
+void *vis_alignaddrl(void * /*rs1*/, int /*rs2*/);
+double vis_faligndata(double /*frs1*/, double /*frs2*/);
+
+/* Partitioned comparison instructions. */
+int vis_fcmple16(double /*frs1*/, double /*frs2*/);
+int vis_fcmpne16(double /*frs1*/, double /*frs2*/);
+int vis_fcmple32(double /*frs1*/, double /*frs2*/);
+int vis_fcmpne32(double /*frs1*/, double /*frs2*/);
+int vis_fcmpgt16(double /*frs1*/, double /*frs2*/);
+int vis_fcmpeq16(double /*frs1*/, double /*frs2*/);
+int vis_fcmpgt32(double /*frs1*/, double /*frs2*/);
+int vis_fcmpeq32(double /*frs1*/, double /*frs2*/);
+
+/* Partitioned multiplication. */
+#if 0
+double vis_fmul8x16(float /*frs1*/, double /*frs2*/);
+#endif
+double vis_fmul8x16_dummy(float /*frs1*/, int /*dummy*/, double /*frs2*/);
+double vis_fmul8x16au(float /*frs1*/, float /*frs2*/);
+double vis_fmul8x16al(float /*frs1*/, float /*frs2*/);
+double vis_fmul8sux16(double /*frs1*/, double /*frs2*/);
+double vis_fmul8ulx16(double /*frs1*/, double /*frs2*/);
+double vis_fmuld8ulx16(float /*frs1*/, float /*frs2*/);
+double vis_fmuld8sux16(float /*frs1*/, float /*frs2*/);
+
+/* Partitioned addition & subtraction. */
+double vis_fpadd16(double /*frs1*/, double /*frs2*/);
+float vis_fpadd16s(float /*frs1*/, float /*frs2*/);
+double vis_fpadd32(double /*frs1*/, double /*frs2*/);
+float vis_fpadd32s(float /*frs1*/, float /*frs2*/);
+double vis_fpsub16(double /*frs1*/, double /*frs2*/);
+float vis_fpsub16s(float /*frs1*/, float /*frs2*/);
+double vis_fpsub32(double /*frs1*/, double /*frs2*/);
+float vis_fpsub32s(float /*frs1*/, float /*frs2*/);
+
+/* Pixel packing & clamping. */
+float vis_fpack16(double /*frs2*/);
+double vis_fpack32(double /*frs1*/, double /*frs2*/);
+float vis_fpackfix(double /*frs2*/);
+
+/* Combined pack ops. */
+double vis_fpack16_pair(double /*frs2*/, double /*frs2*/);
+double vis_fpackfix_pair(double /*frs2*/, double /*frs2*/);
+void vis_st2_fpack16(double, double, double *);
+void vis_std_fpack16(double, double, double *);
+void vis_st2_fpackfix(double, double, double *);
+
+double vis_fpack16_to_hi(double /*frs1*/, double /*frs2*/);
+double vis_fpack16_to_lo(double /*frs1*/, double /*frs2*/);
+
+/* Motion estimation. */
+double vis_pdist(double /*frs1*/, double /*frs2*/, double /*frd*/);
+
+/* Channel merging. */
+double vis_fpmerge(float /*frs1*/, float /*frs2*/);
+
+/* Pixel expansion. */
+double vis_fexpand(float /*frs2*/);
+double vis_fexpand_hi(double /*frs2*/);
+double vis_fexpand_lo(double /*frs2*/);
+
+/* Bitwise logical operators. */
+double vis_fnor(double /*frs1*/, double /*frs2*/);
+float vis_fnors(float /*frs1*/, float /*frs2*/);
+double vis_fandnot(double /*frs1*/, double /*frs2*/);
+float vis_fandnots(float /*frs1*/, float /*frs2*/);
+double vis_fnot(double /*frs1*/);
+float vis_fnots(float /*frs1*/);
+double vis_fxor(double /*frs1*/, double /*frs2*/);
+float vis_fxors(float /*frs1*/, float /*frs2*/);
+double vis_fnand(double /*frs1*/, double /*frs2*/);
+float vis_fnands(float /*frs1*/, float /*frs2*/);
+double vis_fand(double /*frs1*/, double /*frs2*/);
+float vis_fands(float /*frs1*/, float /*frs2*/);
+double vis_fxnor(double /*frs1*/, double /*frs2*/);
+float vis_fxnors(float /*frs1*/, float /*frs2*/);
+double vis_fsrc(double /*frs1*/);
+float vis_fsrcs(float /*frs1*/);
+double vis_fornot(double /*frs1*/, double /*frs2*/);
+float vis_fornots(float /*frs1*/, float /*frs2*/);
+double vis_for(double /*frs1*/, double /*frs2*/);
+float vis_fors(float /*frs1*/, float /*frs2*/);
+double vis_fzero(void);
+float vis_fzeros(void);
+double vis_fone(void);
+float vis_fones(void);
+
+/* Partial stores. */
+void vis_stdfa_ASI_PST8P(double /*frd*/, void * /*rs1*/, int /*rmask*/);
+void vis_stdfa_ASI_PST8PL(double /*frd*/, void * /*rs1*/, int /*rmask*/);
+void vis_stdfa_ASI_PST8P_int_pair(void * /*rs1*/, void * /*rs2*/,
+                                  void * /*rs3*/, int /*rmask*/);
+void vis_stdfa_ASI_PST8S(double /*frd*/, void * /*rs1*/, int /*rmask*/);
+void vis_stdfa_ASI_PST16P(double /*frd*/, void * /*rs1*/, int /*rmask*/);
+void vis_stdfa_ASI_PST16S(double /*frd*/, void * /*rs1*/, int /*rmask*/);
+void vis_stdfa_ASI_PST32P(double /*frd*/, void * /*rs1*/, int /*rmask*/);
+void vis_stdfa_ASI_PST32S(double /*frd*/, void * /*rs1*/, int /*rmask*/);
+
+/* Byte & short stores. */
+void vis_stdfa_ASI_FL8P(double /*frd*/, void * /*rs1*/);
+void vis_stdfa_ASI_FL8P_index(double /*frd*/, void * /*rs1*/, long /*index*/);
+void vis_stdfa_ASI_FL8S(double /*frd*/, void * /*rs1*/);
+void vis_stdfa_ASI_FL16P(double /*frd*/, void * /*rs1*/);
+void vis_stdfa_ASI_FL16P_index(double /*frd*/, void * /*rs1*/, long /*index*/);
+void vis_stdfa_ASI_FL16S(double /*frd*/, void * /*rs1*/);
+void vis_stdfa_ASI_FL8PL(double /*frd*/, void * /*rs1*/);
+void vis_stdfa_ASI_FL8SL(double /*frd*/, void * /*rs1*/);
+void vis_stdfa_ASI_FL16PL(double /*frd*/, void * /*rs1*/);
+void vis_stdfa_ASI_FL16SL(double /*frd*/, void * /*rs1*/);
+
+/* Byte & short loads. */
+double vis_lddfa_ASI_FL8P(void * /*rs1*/);
+double vis_lddfa_ASI_FL8P_index(void * /*rs1*/, long /*index*/);
+double vis_lddfa_ASI_FL8P_hi(void * /*rs1*/, unsigned int /*index*/);
+double vis_lddfa_ASI_FL8P_lo(void * /*rs1*/, unsigned int /*index*/);
+double vis_lddfa_ASI_FL8S(void * /*rs1*/);
+double vis_lddfa_ASI_FL16P(void * /*rs1*/);
+double vis_lddfa_ASI_FL16P_index(void * /*rs1*/, long /*index*/);
+double vis_lddfa_ASI_FL16S(void * /*rs1*/);
+double vis_lddfa_ASI_FL8PL(void * /*rs1*/);
+double vis_lddfa_ASI_FL8SL(void * /*rs1*/);
+double vis_lddfa_ASI_FL16PL(void * /*rs1*/);
+double vis_lddfa_ASI_FL16SL(void * /*rs1*/);
+
+/* Direct write to GSR, read from GSR */
+void vis_write_gsr(unsigned int /*GSR*/);
+unsigned int vis_read_gsr(void);
+
+/* Voxel texture mapping. */
+#if !defined(_NO_LONGLONG)
+unsigned long vis_array8(unsigned long long /*rs1*/, int /*rs2*/);
+unsigned long vis_array16(unsigned long long /*rs1*/, int /*rs2*/);
+unsigned long vis_array32(unsigned long long /*rs1*/, int /*rs2*/);
+#endif /* !defined(_NO_LONGLONG) */
+
+/* Register aliasing and type casts. */
+float vis_read_hi(double /*frs1*/);
+float vis_read_lo(double /*frs1*/);
+double vis_write_hi(double /*frs1*/, float /*frs2*/);
+double vis_write_lo(double /*frs1*/, float /*frs2*/);
+double vis_freg_pair(float /*frs1*/, float /*frs2*/);
+float vis_to_float(unsigned int /*value*/);
+double vis_to_double(unsigned int /*value1*/, unsigned int /*value2*/);
+double vis_to_double_dup(unsigned int /*value*/);
+#if !defined(_NO_LONGLONG)
+double vis_ll_to_double(unsigned long long /*value*/);
+#endif /* !defined(_NO_LONGLONG) */
+
+/* Miscellany (no inlines) */
+void vis_error(char * /*fmt*/, int /*a0*/);
+void vis_sim_init(void);
+
+/* For better performance */
+#define vis_fmul8x16(farg,darg) vis_fmul8x16_dummy((farg),0,(darg))
+
+/* Nicknames for explicit ASI loads and stores. */
+#define vis_st_u8      vis_stdfa_ASI_FL8P
+#define vis_st_u8_i    vis_stdfa_ASI_FL8P_index
+#define vis_st_u8_le   vis_stdfa_ASI_FL8PL
+#define vis_st_u16     vis_stdfa_ASI_FL16P
+#define vis_st_u16_i   vis_stdfa_ASI_FL16P_index
+#define vis_st_u16_le  vis_stdfa_ASI_FL16PL
+
+#define vis_ld_u8      vis_lddfa_ASI_FL8P
+#define vis_ld_u8_i    vis_lddfa_ASI_FL8P_index
+#define vis_ld_u8_le   vis_lddfa_ASI_FL8PL
+#define vis_ld_u16     vis_lddfa_ASI_FL16P
+#define vis_ld_u16_i   vis_lddfa_ASI_FL16P_index
+#define vis_ld_u16_le  vis_lddfa_ASI_FL16PL
+
+#define vis_pst_8      vis_stdfa_ASI_PST8P
+#define vis_pst_16     vis_stdfa_ASI_PST16P
+#define vis_pst_32     vis_stdfa_ASI_PST32P
+
+#define vis_st_u8s     vis_stdfa_ASI_FL8S
+#define vis_st_u8s_le  vis_stdfa_ASI_FL8SL
+#define vis_st_u16s    vis_stdfa_ASI_FL16S
+#define vis_st_u16s_le vis_stdfa_ASI_FL16SL
+
+#define vis_ld_u8s     vis_lddfa_ASI_FL8S
+#define vis_ld_u8s_le  vis_lddfa_ASI_FL8SL
+#define vis_ld_u16s    vis_lddfa_ASI_FL16S
+#define vis_ld_u16s_le vis_lddfa_ASI_FL16SL
+
+#define vis_pst_8s     vis_stdfa_ASI_PST8S
+#define vis_pst_16s    vis_stdfa_ASI_PST16S
+#define vis_pst_32s    vis_stdfa_ASI_PST32S
+
+/* "<" and ">=" may be implemented in terms of ">" and "<=". */
+#define vis_fcmplt16(a,b) vis_fcmpgt16((b),(a))
+#define vis_fcmplt32(a,b) vis_fcmpgt32((b),(a))
+#define vis_fcmpge16(a,b) vis_fcmple16((b),(a))
+#define vis_fcmpge32(a,b) vis_fcmple32((b),(a))
+
+#ifdef __cplusplus
+} // End of extern "C"
+#endif /* __cplusplus */
+
+#endif /* VIS_PROTO_H */
diff --git a/security/nss/lib/freebl/os2_rand.c b/security/nss/lib/freebl/os2_rand.c
new file mode 100644
index 000000000..b7bc413f7
--- /dev/null
+++ b/security/nss/lib/freebl/os2_rand.c
@@ -0,0 +1,340 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#define INCL_DOS
+#define INCL_DOSERRORS
+#include <os2.h>
+#include "secrng.h"
+#include "prerror.h"
+#include <stdlib.h>
+#include <time.h>
+#include <stdio.h>
+#include <sys/stat.h>
+
+static BOOL clockTickTime(unsigned long *phigh, unsigned long *plow)
+{
+    APIRET rc = NO_ERROR;
+    QWORD qword = {0,0};
+
+    rc = DosTmrQueryTime(&qword);
+    if (rc != NO_ERROR)
+       return FALSE;
+
+    *phigh = qword.ulHi;
+    *plow  = qword.ulLo;
+
+    return TRUE;
+}
+
+size_t RNG_GetNoise(void *buf, size_t maxbuf)
+{
+    unsigned long high = 0;
+    unsigned long low  = 0;
+    clock_t val = 0;
+    int n = 0;
+    int nBytes = 0;
+    time_t sTime;
+
+    if (maxbuf <= 0)
+       return 0;
+
+    clockTickTime(&high, &low);
+
+    /* get the maximally changing bits first */
+    nBytes = sizeof(low) > maxbuf ? maxbuf : sizeof(low);
+    memcpy(buf, &low, nBytes);
+    n += nBytes;
+    maxbuf -= nBytes;
+
+    if (maxbuf <= 0)
+       return n;
+
+    nBytes = sizeof(high) > maxbuf ? maxbuf : sizeof(high);
+    memcpy(((char *)buf) + n, &high, nBytes);
+    n += nBytes;
+    maxbuf -= nBytes;
+
+    if (maxbuf <= 0)
+       return n;
+
+    /* get the number of milliseconds that have elapsed since application started */
+    val = clock();
+
+    nBytes = sizeof(val) > maxbuf ? maxbuf : sizeof(val);
+    memcpy(((char *)buf) + n, &val, nBytes);
+    n += nBytes;
+    maxbuf -= nBytes;
+
+    if (maxbuf <= 0)
+       return n;
+
+    /* get the time in seconds since midnight Jan 1, 1970 */
+    time(&sTime);
+    nBytes = sizeof(sTime) > maxbuf ? maxbuf : sizeof(sTime);
+    memcpy(((char *)buf) + n, &sTime, nBytes);
+    n += nBytes;
+
+    return n;
+}
+
+static BOOL
+EnumSystemFiles(void (*func)(const char *))
+{
+    APIRET              rc;
+    ULONG               sysInfo = 0;
+    char                bootLetter[2];
+    char                sysDir[_MAX_PATH] = "";
+    char                filename[_MAX_PATH];
+    HDIR                hdir = HDIR_CREATE;
+    ULONG               numFiles = 1;
+    FILEFINDBUF3        fileBuf = {0};
+    ULONG               buflen = sizeof(FILEFINDBUF3);
+
+    if (DosQuerySysInfo(QSV_BOOT_DRIVE, QSV_BOOT_DRIVE, (PVOID)&sysInfo,
+                        sizeof(ULONG)) == NO_ERROR)
+    {
+      bootLetter[0] = sysInfo + 'A' -1;
+      bootLetter[1] = '\0';
+      strcpy(sysDir, bootLetter);
+      strcpy(sysDir+1, ":\\OS2\\");
+
+      strcpy( filename, sysDir );
+      strcat( filename, "*.*" );
+    }
+
+    rc =DosFindFirst( filename, &hdir, FILE_NORMAL, &fileBuf, buflen,
+                      &numFiles, FIL_STANDARD );
+    if( rc == NO_ERROR )
+    {
+      do {
+        // pass the full pathname to the callback
+        sprintf( filename, "%s%s", sysDir, fileBuf.achName );
+        (*func)(filename);
+
+        numFiles = 1;
+        rc = DosFindNext( hdir, &fileBuf, buflen, &numFiles );
+        if( rc != NO_ERROR && rc != ERROR_NO_MORE_FILES )
+          printf( "DosFindNext errod code = %d\n", rc );
+      } while ( rc == NO_ERROR );
+
+      rc = DosFindClose(hdir);
+      if( rc != NO_ERROR )
+        printf( "DosFindClose error code = %d", rc );
+    }
+    else
+      printf( "DosFindFirst error code = %d", rc );
+
+    return TRUE;
+}
+
+static int    dwNumFiles, dwReadEvery;
+
+static void
+CountFiles(const char *file)
+{
+    dwNumFiles++;
+}
+
+static void
+ReadFiles(const char *file)
+{
+    if ((dwNumFiles % dwReadEvery) == 0)
+        RNG_FileForRNG(file);
+
+    dwNumFiles++;
+}
+
+static void
+ReadSystemFiles(void)
+{
+    // first count the number of files
+    dwNumFiles = 0;
+    if (!EnumSystemFiles(CountFiles))
+        return;
+
+    RNG_RandomUpdate(&dwNumFiles, sizeof(dwNumFiles));
+
+    // now read 10 files
+    if (dwNumFiles == 0)
+        return;
+
+    dwReadEvery = dwNumFiles / 10;
+    if (dwReadEvery == 0)
+        dwReadEvery = 1;  // less than 10 files
+
+    dwNumFiles = 0;
+    EnumSystemFiles(ReadFiles);
+}
+
+void RNG_SystemInfoForRNG(void)
+{
+   unsigned long *plong = 0;
+   PTIB ptib;
+   PPIB ppib;
+   APIRET rc = NO_ERROR;
+   DATETIME dt;
+   COUNTRYCODE cc = {0};
+   COUNTRYINFO ci = {0};
+   unsigned long actual = 0;
+   char path[_MAX_PATH]="";
+   char fullpath[_MAX_PATH]="";
+   unsigned long pathlength = sizeof(path);
+   FSALLOCATE fsallocate;
+   FILESTATUS3 fstatus;
+   unsigned long defaultdrive = 0;
+   unsigned long logicaldrives = 0;
+   unsigned long sysInfo[QSV_MAX] = {0};
+   char buffer[20];
+   int nBytes = 0;
+
+   nBytes = RNG_GetNoise(buffer, sizeof(buffer));
+   RNG_RandomUpdate(buffer, nBytes);
+   
+   /* allocate memory and use address and memory */
+   plong = (unsigned long *)malloc(sizeof(*plong));
+   RNG_RandomUpdate(&plong, sizeof(plong));
+   RNG_RandomUpdate(plong, sizeof(*plong));
+   free(plong);
+
+   /* process info */
+   rc = DosGetInfoBlocks(&ptib, &ppib);
+   if (rc == NO_ERROR)
+   {
+      RNG_RandomUpdate(ptib, sizeof(*ptib));
+      RNG_RandomUpdate(ppib, sizeof(*ppib));
+   }
+
+   /* time */
+   rc = DosGetDateTime(&dt);
+   if (rc == NO_ERROR)
+   {
+      RNG_RandomUpdate(&dt, sizeof(dt));
+   }
+
+   /* country */
+   rc = DosQueryCtryInfo(sizeof(ci), &cc, &ci, &actual);
+   if (rc == NO_ERROR)
+   {
+      RNG_RandomUpdate(&cc, sizeof(cc));
+      RNG_RandomUpdate(&ci, sizeof(ci));
+      RNG_RandomUpdate(&actual, sizeof(actual));
+   }
+
+   /* current directory */
+   rc = DosQueryCurrentDir(0, path, &pathlength);
+   strcat(fullpath, "\\");
+   strcat(fullpath, path);
+   if (rc == NO_ERROR)
+   {
+      RNG_RandomUpdate(fullpath, strlen(fullpath));
+      // path info
+      rc = DosQueryPathInfo(fullpath, FIL_STANDARD, &fstatus, sizeof(fstatus));
+      if (rc == NO_ERROR)
+      {
+         RNG_RandomUpdate(&fstatus, sizeof(fstatus));
+      }
+   }
+
+   /* file system info */
+   rc = DosQueryFSInfo(0, FSIL_ALLOC, &fsallocate, sizeof(fsallocate));
+   if (rc == NO_ERROR)
+   {
+      RNG_RandomUpdate(&fsallocate, sizeof(fsallocate));
+   }
+
+   /* drive info */
+   rc = DosQueryCurrentDisk(&defaultdrive, &logicaldrives);
+   if (rc == NO_ERROR)
+   {
+      RNG_RandomUpdate(&defaultdrive, sizeof(defaultdrive));
+      RNG_RandomUpdate(&logicaldrives, sizeof(logicaldrives));
+   }
+
+   /* system info */
+   rc = DosQuerySysInfo(1L, QSV_MAX, (PVOID)&sysInfo, sizeof(ULONG)*QSV_MAX);
+   if (rc == NO_ERROR)
+   {
+      RNG_RandomUpdate(&sysInfo, sizeof(sysInfo));
+   }
+
+   // now let's do some files
+   ReadSystemFiles();
+
+   /* more noise */
+   nBytes = RNG_GetNoise(buffer, sizeof(buffer));
+   RNG_RandomUpdate(buffer, nBytes);
+}
+
+void RNG_FileForRNG(const char *filename)
+{
+    struct stat stat_buf;
+    unsigned char buffer[1024];
+    FILE *file = 0;
+    int nBytes = 0;
+    static int totalFileBytes = 0;
+    
+    if (stat((char *)filename, &stat_buf) < 0)
+       return;
+
+    RNG_RandomUpdate((unsigned char*)&stat_buf, sizeof(stat_buf));
+    
+    file = fopen((char *)filename, "r");
+    if (file != NULL)
+    {
+       for (;;)
+       {
+           size_t bytes = fread(buffer, 1, sizeof(buffer), file);
+
+           if (bytes == 0)
+              break;
+
+           RNG_RandomUpdate(buffer, bytes);
+           totalFileBytes += bytes;
+           if (totalFileBytes > 250000)
+              break;
+       }
+       fclose(file);
+    }
+
+    nBytes = RNG_GetNoise(buffer, 20); 
+    RNG_RandomUpdate(buffer, nBytes);
+}
+
+size_t RNG_SystemRNG(void *dest, size_t maxLen)
+{
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+    return 0;
+}
diff --git a/security/nss/lib/freebl/pqg.c b/security/nss/lib/freebl/pqg.c
new file mode 100644
index 000000000..2f45a43ce
--- /dev/null
+++ b/security/nss/lib/freebl/pqg.c
@@ -0,0 +1,714 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+/*
+ * PQG parameter generation/verification.  Based on FIPS 186-1.
+ *
+ * $Id$
+ */
+
+#include "prerr.h"
+#include "secerr.h"
+
+#include "prtypes.h"
+#include "blapi.h"
+#include "secitem.h"
+#include "mpi.h"
+#include "mpprime.h"
+#include "mplogic.h"
+#include "secmpi.h"
+
+#define MAX_ITERATIONS 600  /* Maximum number of iterations of primegen */
+#define PQG_Q_PRIMALITY_TESTS 18 /* from HAC table 4.4 */
+#define PQG_P_PRIMALITY_TESTS 5  /* from HAC table 4.4 */
+
+ /* XXX to be replaced by define in blapit.h */
+#define BITS_IN_Q 160
+
+/* For FIPS-compliance testing.
+** The following array holds the seed defined in FIPS 186-1 appendix 5.
+** This seed is used to generate P and Q according to appendix 2; use of
+** this seed will exactly generate the PQG specified in appendix 2.
+*/
+#ifdef FIPS_186_1_A5_TEST
+static const unsigned char fips_186_1_a5_pqseed[] = {
+    0xd5, 0x01, 0x4e, 0x4b, 0x60, 0xef, 0x2b, 0xa8,
+    0xb6, 0x21, 0x1b, 0x40, 0x62, 0xba, 0x32, 0x24,
+    0xe0, 0x42, 0x7d, 0xd3
+};
+#endif
+
+/* Get a seed for generating P and Q.  If in testing mode, copy in the
+** seed from FIPS 186-1 appendix 5.  Otherwise, obtain bytes from the
+** global random number generator.
+*/
+static SECStatus
+getPQseed(SECItem *seed, PRArenaPool* arena)
+{
+    SECStatus rv;
+
+    if (!seed->data) {
+        seed->data = (unsigned char*)PORT_ArenaZAlloc(arena, seed->len);
+    }
+    if (!seed->data) {
+	PORT_SetError(SEC_ERROR_NO_MEMORY);
+	return SECFailure;
+    }
+#ifdef FIPS_186_1_A5_TEST
+    memcpy(seed->data, fips_186_1_a5_pqseed, seed->len);
+    return SECSuccess;
+#else
+    rv = RNG_GenerateGlobalRandomBytes(seed->data, seed->len);
+    /*
+     * NIST CMVP disallows a sequence of 20 bytes with the most
+     * significant byte equal to 0.  Perhaps they interpret
+     * "a sequence of at least 160 bits" as "a number >= 2^159".
+     * So we always set the most significant bit to 1. (bug 334533)
+     */
+    seed->data[0] |= 0x80;
+    return rv;
+#endif
+}
+
+/* Generate a candidate h value.  If in testing mode, use the h value
+** specified in FIPS 186-1 appendix 5, h = 2.  Otherwise, obtain bytes
+** from the global random number generator.
+*/
+static SECStatus
+generate_h_candidate(SECItem *hit, mp_int *H)
+{
+    SECStatus rv = SECSuccess;
+    mp_err   err = MP_OKAY;
+#ifdef FIPS_186_1_A5_TEST
+    memset(hit->data, 0, hit->len);
+    hit->data[hit->len-1] = 0x02;
+#else
+    rv = RNG_GenerateGlobalRandomBytes(hit->data, hit->len);
+#endif
+    if (rv)
+	return SECFailure;
+    err = mp_read_unsigned_octets(H, hit->data, hit->len);
+    if (err) {
+	MP_TO_SEC_ERROR(err);
+	return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/* Compute SHA[(SEED + addend) mod 2**g]
+** Result is placed in shaOutBuf.
+** This computation is used in steps 2 and 7 of FIPS 186 Appendix 2.2 .
+*/
+static SECStatus
+addToSeedThenSHA(const SECItem * seed,
+                 unsigned long   addend,
+                 int             g,
+                 unsigned char * shaOutBuf)
+{
+    SECItem str = { 0, 0, 0 };
+    mp_int s, sum, modulus, tmp;
+    mp_err    err = MP_OKAY;
+    SECStatus rv  = SECSuccess;
+    MP_DIGITS(&s)       = 0;
+    MP_DIGITS(&sum)     = 0;
+    MP_DIGITS(&modulus) = 0;
+    MP_DIGITS(&tmp)     = 0;
+    CHECK_MPI_OK( mp_init(&s) );
+    CHECK_MPI_OK( mp_init(&sum) );
+    CHECK_MPI_OK( mp_init(&modulus) );
+    SECITEM_TO_MPINT(*seed, &s); /* s = seed */
+    /* seed += addend */
+    if (addend < MP_DIGIT_MAX) {
+	CHECK_MPI_OK( mp_add_d(&s, (mp_digit)addend, &s) );
+    } else {
+	CHECK_MPI_OK( mp_init(&tmp) );
+	CHECK_MPI_OK( mp_set_ulong(&tmp, addend) );
+	CHECK_MPI_OK( mp_add(&s, &tmp, &s) );
+    }
+    CHECK_MPI_OK( mp_div_2d(&s, (mp_digit)g, NULL, &sum) );/*sum = s mod 2**g */
+    MPINT_TO_SECITEM(&sum, &str, NULL);
+    rv = SHA1_HashBuf(shaOutBuf, str.data, str.len); /* SHA1 hash result */
+cleanup:
+    mp_clear(&s);
+    mp_clear(&sum);
+    mp_clear(&modulus);
+    mp_clear(&tmp);
+    if (str.data)
+	SECITEM_ZfreeItem(&str, PR_FALSE);
+    if (err) {
+	MP_TO_SEC_ERROR(err);
+	return SECFailure;
+    }
+    return rv;
+}
+
+/*
+**  Perform steps 2 and 3 of FIPS 186, appendix 2.2.
+**  Generate Q from seed.
+*/
+static SECStatus
+makeQfromSeed(
+      unsigned int  g,          /* input.  Length of seed in bits. */
+const SECItem   *   seed,       /* input.  */
+      mp_int    *   Q)          /* output. */
+{
+    unsigned char sha1[SHA1_LENGTH];
+    unsigned char sha2[SHA1_LENGTH];
+    unsigned char U[SHA1_LENGTH];
+    SECStatus rv  = SECSuccess;
+    mp_err    err = MP_OKAY;
+    int i;
+    /* ******************************************************************
+    ** Step 2.
+    ** "Compute U = SHA[SEED] XOR SHA[(SEED+1) mod 2**g]."
+    **/
+    CHECK_SEC_OK( SHA1_HashBuf(sha1, seed->data, seed->len) );
+    CHECK_SEC_OK( addToSeedThenSHA(seed, 1, g, sha2) );
+    for (i=0; i<SHA1_LENGTH; ++i) 
+	U[i] = sha1[i] ^ sha2[i];
+    /* ******************************************************************
+    ** Step 3.
+    ** "Form Q from U by setting the most signficant bit (the 2**159 bit)
+    **  and the least signficant bit to 1.  In terms of boolean operations,
+    **  Q = U OR 2**159 OR 1.  Note that 2**159 < Q < 2**160."
+    */
+    U[0]             |= 0x80;  /* U is MSB first */
+    U[SHA1_LENGTH-1] |= 0x01;
+    err = mp_read_unsigned_octets(Q, U, SHA1_LENGTH);
+cleanup:
+     memset(U, 0, SHA1_LENGTH);
+     memset(sha1, 0, SHA1_LENGTH);
+     memset(sha2, 0, SHA1_LENGTH);
+     if (err) {
+	MP_TO_SEC_ERROR(err);
+	return SECFailure;
+     }
+     return rv;
+}
+
+/*  Perform steps 7, 8 and 9 of FIPS 186, appendix 2.2.
+**  Generate P from Q, seed, L, and offset.
+*/
+static SECStatus
+makePfromQandSeed(
+      unsigned int  L,          /* Length of P in bits.  Per FIPS 186. */
+      unsigned int  offset,     /* Per FIPS 186, appendix 2.2. */
+      unsigned int  g,          /* input.  Length of seed in bits. */
+const SECItem   *   seed,       /* input.  */
+const mp_int    *   Q,          /* input.  */
+      mp_int    *   P)          /* output. */
+{
+    unsigned int  k;            /* Per FIPS 186, appendix 2.2. */
+    unsigned int  n;            /* Per FIPS 186, appendix 2.2. */
+    mp_digit      b;            /* Per FIPS 186, appendix 2.2. */
+    unsigned char V_k[SHA1_LENGTH];
+    mp_int        W, X, c, twoQ, V_n, tmp;
+    mp_err    err = MP_OKAY;
+    SECStatus rv  = SECSuccess;
+    /* Initialize bignums */
+    MP_DIGITS(&W)     = 0;
+    MP_DIGITS(&X)     = 0;
+    MP_DIGITS(&c)     = 0;
+    MP_DIGITS(&twoQ)  = 0;
+    MP_DIGITS(&V_n)   = 0;
+    MP_DIGITS(&tmp)   = 0;
+    CHECK_MPI_OK( mp_init(&W)    );
+    CHECK_MPI_OK( mp_init(&X)    );
+    CHECK_MPI_OK( mp_init(&c)    );
+    CHECK_MPI_OK( mp_init(&twoQ) );
+    CHECK_MPI_OK( mp_init(&tmp)  );
+    CHECK_MPI_OK( mp_init(&V_n)  );
+    /* L - 1 = n*160 + b */
+    n = (L - 1) / BITS_IN_Q;
+    b = (L - 1) % BITS_IN_Q;
+    /* ******************************************************************
+    ** Step 7.
+    **  "for k = 0 ... n let
+    **           V_k = SHA[(SEED + offset + k) mod 2**g]."
+    **
+    ** Step 8.
+    **  "Let W be the integer 
+    **    W = V_0 + (V_1 * 2**160) + ... + (V_n-1 * 2**((n-1)*160)) 
+    **         + ((V_n mod 2**b) * 2**(n*160))
+    */
+    for (k=0; k<n; ++k) { /* Do the first n terms of V_k */
+	/* Do step 7 for iteration k.
+	** V_k = SHA[(seed + offset + k) mod 2**g]
+	*/
+	CHECK_SEC_OK( addToSeedThenSHA(seed, offset + k, g, V_k) );
+	/* Do step 8 for iteration k.
+	** W += V_k * 2**(k*160)
+	*/
+	OCTETS_TO_MPINT(V_k, &tmp, SHA1_LENGTH);      /* get bignum V_k     */
+	CHECK_MPI_OK( mpl_lsh(&tmp, &tmp, k*160) );   /* tmp = V_k << k*160 */
+	CHECK_MPI_OK( mp_add(&W, &tmp, &W) );         /* W += tmp           */
+    }
+    /* Step 8, continued.
+    **   [W += ((V_n mod 2**b) * 2**(n*160))] 
+    */
+    CHECK_SEC_OK( addToSeedThenSHA(seed, offset + n, g, V_k) );
+    OCTETS_TO_MPINT(V_k, &V_n, SHA1_LENGTH);          /* get bignum V_n     */
+    CHECK_MPI_OK( mp_div_2d(&V_n, b, NULL, &tmp) );   /* tmp = V_n mod 2**b */
+    CHECK_MPI_OK( mpl_lsh(&tmp, &tmp, n*160) );       /* tmp = tmp << n*160 */
+    CHECK_MPI_OK( mp_add(&W, &tmp, &W) );             /* W += tmp           */
+    /* Step 8, continued.
+    ** "and let X = W + 2**(L-1).
+    **  Note that 0 <= W < 2**(L-1) and hence 2**(L-1) <= X < 2**L."
+    */
+    CHECK_MPI_OK( mpl_set_bit(&X, (mp_size)(L-1), 1) );    /* X = 2**(L-1) */
+    CHECK_MPI_OK( mp_add(&X, &W, &X) );                    /* X += W       */
+    /*************************************************************
+    ** Step 9.
+    ** "Let c = X mod 2q  and set p = X - (c - 1).
+    **  Note that p is congruent to 1 mod 2q."
+    */
+    CHECK_MPI_OK( mp_mul_2(Q, &twoQ) );                    /* 2q           */
+    CHECK_MPI_OK( mp_mod(&X, &twoQ, &c) );                 /* c = X mod 2q */
+    CHECK_MPI_OK( mp_sub_d(&c, 1, &c) );                   /* c -= 1       */
+    CHECK_MPI_OK( mp_sub(&X, &c, P) );                     /* P = X - c    */
+cleanup:
+    mp_clear(&W);
+    mp_clear(&X);
+    mp_clear(&c);
+    mp_clear(&twoQ);
+    mp_clear(&V_n);
+    mp_clear(&tmp);
+    if (err) {
+	MP_TO_SEC_ERROR(err);
+	return SECFailure;
+    }
+    return rv;
+}
+
+/*
+** Generate G from h, P, and Q.
+*/
+static SECStatus
+makeGfromH(const mp_int *P,     /* input.  */
+           const mp_int *Q,     /* input.  */
+                 mp_int *H,     /* input and output. */
+                 mp_int *G,     /* output. */
+                 PRBool *passed)
+{
+    mp_int exp, pm1;
+    mp_err err = MP_OKAY;
+    SECStatus rv = SECSuccess;
+    *passed = PR_FALSE;
+    MP_DIGITS(&exp) = 0;
+    MP_DIGITS(&pm1) = 0;
+    CHECK_MPI_OK( mp_init(&exp) );
+    CHECK_MPI_OK( mp_init(&pm1) );
+    CHECK_MPI_OK( mp_sub_d(P, 1, &pm1) );        /* P - 1            */
+    if ( mp_cmp(H, &pm1) >= 0)                   /* H >= P-1         */
+	CHECK_MPI_OK( mp_sub(H, &pm1, H) );      /* H = H mod (P-1)  */
+    /* Let b = 2**n (smallest power of 2 greater than P).
+    ** Since P-1 >= b/2, and H < b, quotient(H/(P-1)) = 0 or 1
+    ** so the above operation safely computes H mod (P-1)
+    */
+    /* Check for H = to 0 or 1.  Regen H if so.  (Regen means return error). */
+    if (mp_cmp_d(H, 1) <= 0) {
+	rv = SECFailure;
+	goto cleanup;
+    }
+    /* Compute G, according to the equation  G = (H ** ((P-1)/Q)) mod P */
+    CHECK_MPI_OK( mp_div(&pm1, Q, &exp, NULL) );  /* exp = (P-1)/Q      */
+    CHECK_MPI_OK( mp_exptmod(H, &exp, P, G) );    /* G = H ** exp mod P */
+    /* Check for G == 0 or G == 1, return error if so. */
+    if (mp_cmp_d(G, 1) <= 0) {
+	rv = SECFailure;
+	goto cleanup;
+    }
+    *passed = PR_TRUE;
+cleanup:
+    mp_clear(&exp);
+    mp_clear(&pm1);
+    if (err) {
+	MP_TO_SEC_ERROR(err);
+	rv = SECFailure;
+    }
+    return rv;
+}
+
+SECStatus
+PQG_ParamGen(unsigned int j, PQGParams **pParams, PQGVerify **pVfy)
+{
+    unsigned int L;            /* Length of P in bits.  Per FIPS 186. */
+    unsigned int seedBytes;
+
+    if (j > 8 || !pParams || !pVfy) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    L = 512 + (j * 64);         /* bits in P */
+    seedBytes = L/8;
+    return PQG_ParamGenSeedLen(j, seedBytes, pParams, pVfy);
+}
+
+/* This code uses labels and gotos, so that it can follow the numbered
+** steps in the algorithms from FIPS 186 appendix 2.2 very closely,
+** and so that the correctness of this code can be easily verified.
+** So, please forgive the ugly c code.
+**/
+SECStatus
+PQG_ParamGenSeedLen(unsigned int j, unsigned int seedBytes,
+                    PQGParams **pParams, PQGVerify **pVfy)
+{
+    unsigned int  L;        /* Length of P in bits.  Per FIPS 186. */
+    unsigned int  n;        /* Per FIPS 186, appendix 2.2. */
+    unsigned int  b;        /* Per FIPS 186, appendix 2.2. */
+    unsigned int  g;        /* Per FIPS 186, appendix 2.2. */
+    unsigned int  counter;  /* Per FIPS 186, appendix 2.2. */
+    unsigned int  offset;   /* Per FIPS 186, appendix 2.2. */
+    SECItem      *seed;     /* Per FIPS 186, appendix 2.2. */
+    PRArenaPool  *arena  = NULL;
+    PQGParams    *params = NULL;
+    PQGVerify    *verify = NULL;
+    PRBool passed;
+    SECItem hit = { 0, 0, 0 };
+    mp_int P, Q, G, H, l;
+    mp_err    err = MP_OKAY;
+    SECStatus rv  = SECFailure;
+    int iterations = 0;
+    if (j > 8 || seedBytes < 20 || !pParams || !pVfy) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+    /* Initialize an arena for the params. */
+    arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+	PORT_SetError(SEC_ERROR_NO_MEMORY);
+	return SECFailure;
+    }
+    params = (PQGParams *)PORT_ArenaZAlloc(arena, sizeof(PQGParams));
+    if (!params) {
+	PORT_SetError(SEC_ERROR_NO_MEMORY);
+	PORT_FreeArena(arena, PR_TRUE);
+	return SECFailure;
+    }
+    params->arena = arena;
+    /* Initialize an arena for the verify. */
+    arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+	PORT_SetError(SEC_ERROR_NO_MEMORY);
+	PORT_FreeArena(params->arena, PR_TRUE);
+	return SECFailure;
+    }
+    verify = (PQGVerify *)PORT_ArenaZAlloc(arena, sizeof(PQGVerify));
+    if (!verify) {
+	PORT_SetError(SEC_ERROR_NO_MEMORY);
+	PORT_FreeArena(arena, PR_TRUE);
+	PORT_FreeArena(params->arena, PR_TRUE);
+	return SECFailure;
+    }
+    verify->arena = arena;
+    seed = &verify->seed;
+    arena = NULL;
+    /* Initialize bignums */
+    MP_DIGITS(&P) = 0;
+    MP_DIGITS(&Q) = 0;
+    MP_DIGITS(&G) = 0;
+    MP_DIGITS(&H) = 0;
+    MP_DIGITS(&l) = 0;
+    CHECK_MPI_OK( mp_init(&P) );
+    CHECK_MPI_OK( mp_init(&Q) );
+    CHECK_MPI_OK( mp_init(&G) );
+    CHECK_MPI_OK( mp_init(&H) );
+    CHECK_MPI_OK( mp_init(&l) );
+    /* Compute lengths. */
+    L = 512 + (j * 64);               /* bits in P */
+    n = (L - 1) / BITS_IN_Q;          /* BITS_IN_Q is 160 */  
+    b = (L - 1) % BITS_IN_Q;
+    g = seedBytes * BITS_PER_BYTE;    /* bits in seed, NOT G of PQG. */
+step_1:
+    /* ******************************************************************
+    ** Step 1.
+    ** "Choose an abitrary sequence of at least 160 bits and call it SEED.
+    **  Let g be the length of SEED in bits."
+    */
+    if (++iterations > MAX_ITERATIONS) {        /* give up after a while */
+        PORT_SetError(SEC_ERROR_NEED_RANDOM);
+        goto cleanup;
+    }
+    seed->len = seedBytes;
+    CHECK_SEC_OK( getPQseed(seed, verify->arena) );
+    /* ******************************************************************
+    ** Step 2.
+    ** "Compute U = SHA[SEED] XOR SHA[(SEED+1) mod 2**g]."
+    **
+    ** Step 3.
+    ** "Form Q from U by setting the most signficant bit (the 2**159 bit) 
+    **  and the least signficant bit to 1.  In terms of boolean operations,
+    **  Q = U OR 2**159 OR 1.  Note that 2**159 < Q < 2**160."
+    */
+    CHECK_SEC_OK( makeQfromSeed(g, seed, &Q) );
+    /* ******************************************************************
+    ** Step 4.
+    ** "Use a robust primality testing algorithm to test whether q is prime."
+    **
+    ** Appendix 2.1 states that a Rabin test with at least 50 iterations
+    ** "will give an acceptable probability of error."
+    */
+    /*CHECK_SEC_OK( prm_RabinTest(&Q, &passed) );*/
+    err = mpp_pprime(&Q, PQG_Q_PRIMALITY_TESTS);
+    passed = (err == MP_YES) ? SECSuccess : SECFailure;
+    /* ******************************************************************
+    ** Step 5. "If q is not prime, goto step 1."
+    */
+    if (passed != SECSuccess)
+        goto step_1;
+    /* ******************************************************************
+    ** Step 6. "Let counter = 0 and offset = 2."
+    */
+    counter = 0;
+    offset  = 2;
+step_7:
+    /* ******************************************************************
+    ** Step 7.
+    ** "for k = 0 ... n let
+    **          V_k = SHA[(SEED + offset + k) mod 2**g]."
+    **
+    ** Step 8.
+    ** "Let W be the sum of  (V_k * 2**(k*160)) for k = 0 ... n
+    **  and let X = W + 2**(L-1).
+    **  Note that 0 <= W < 2**(L-1) and hence 2**(L-1) <= X < 2**L."
+    **
+    ** Step 9.
+    ** "Let c = X mod 2q  and set p = X - (c - 1).
+    **  Note that p is congruent to 1 mod 2q."
+    */
+    CHECK_SEC_OK( makePfromQandSeed(L, offset, g, seed, &Q, &P) );
+    /*************************************************************
+    ** Step 10.
+    ** "if p < 2**(L-1), then goto step 13."
+    */
+    CHECK_MPI_OK( mpl_set_bit(&l, (mp_size)(L-1), 1) ); /* l = 2**(L-1) */
+    if (mp_cmp(&P, &l) < 0)
+        goto step_13;
+    /************************************************************
+    ** Step 11.
+    ** "Perform a robust primality test on p."
+    */
+    /*CHECK_SEC_OK( prm_RabinTest(&P, &passed) );*/
+    err = mpp_pprime(&P, PQG_P_PRIMALITY_TESTS);
+    passed = (err == MP_YES) ? SECSuccess : SECFailure;
+    /* ******************************************************************
+    ** Step 12. "If p passes the test performed in step 11, go to step 15."
+    */
+    if (passed == SECSuccess)
+        goto step_15;
+step_13:
+    /* ******************************************************************
+    ** Step 13.  "Let counter = counter + 1 and offset = offset + n + 1."
+    */
+    counter++;
+    offset += n + 1;
+    /* ******************************************************************
+    ** Step 14.  "If counter >= 4096 goto step 1, otherwise go to step 7."
+    */
+    if (counter >= 4096)
+        goto step_1;
+    goto step_7;
+step_15:
+    /* ******************************************************************
+    ** Step 15.  
+    ** "Save the value of SEED and the value of counter for use
+    **  in certifying the proper generation of p and q."
+    */
+    /* Generate h. */
+    SECITEM_AllocItem(NULL, &hit, L/8); /* h is no longer than p */
+    if (!hit.data) goto cleanup;
+    do {
+	/* loop generate h until 1<h<p-1 and (h**[(p-1)/q])mod p > 1 */
+	CHECK_SEC_OK( generate_h_candidate(&hit, &H) );
+        CHECK_SEC_OK( makeGfromH(&P, &Q, &H, &G, &passed) );
+    } while (passed != PR_TRUE);
+    /* All generation is done.  Now, save the PQG params.  */
+    MPINT_TO_SECITEM(&P, &params->prime,    params->arena);
+    MPINT_TO_SECITEM(&Q, &params->subPrime, params->arena);
+    MPINT_TO_SECITEM(&G, &params->base,     params->arena);
+    MPINT_TO_SECITEM(&H, &verify->h,        verify->arena);
+    verify->counter = counter;
+    *pParams = params;
+    *pVfy = verify;
+cleanup:
+    mp_clear(&P);
+    mp_clear(&Q);
+    mp_clear(&G);
+    mp_clear(&H);
+    mp_clear(&l);
+    if (err) {
+	MP_TO_SEC_ERROR(err);
+	rv = SECFailure;
+    }
+    if (rv) {
+	PORT_FreeArena(params->arena, PR_TRUE);
+	PORT_FreeArena(verify->arena, PR_TRUE);
+    }
+    if (hit.data) {
+        SECITEM_FreeItem(&hit, PR_FALSE);
+    }
+    return rv;
+}
+
+SECStatus   
+PQG_VerifyParams(const PQGParams *params, 
+                 const PQGVerify *vfy, SECStatus *result)
+{
+    SECStatus rv = SECSuccess;
+    int passed;
+    unsigned int g, n, L, offset;
+    mp_int P, Q, G, P_, Q_, G_, r, h;
+    mp_err err = MP_OKAY;
+    int j;
+#define CHECKPARAM(cond)      \
+    if (!(cond)) {            \
+	*result = SECFailure; \
+	goto cleanup;         \
+    }
+    if (!params || !vfy || !result) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+    MP_DIGITS(&P) = 0;
+    MP_DIGITS(&Q) = 0;
+    MP_DIGITS(&G) = 0;
+    MP_DIGITS(&P_) = 0;
+    MP_DIGITS(&Q_) = 0;
+    MP_DIGITS(&G_) = 0;
+    MP_DIGITS(&r) = 0;
+    MP_DIGITS(&h) = 0;
+    CHECK_MPI_OK( mp_init(&P) );
+    CHECK_MPI_OK( mp_init(&Q) );
+    CHECK_MPI_OK( mp_init(&G) );
+    CHECK_MPI_OK( mp_init(&P_) );
+    CHECK_MPI_OK( mp_init(&Q_) );
+    CHECK_MPI_OK( mp_init(&G_) );
+    CHECK_MPI_OK( mp_init(&r) );
+    CHECK_MPI_OK( mp_init(&h) );
+    *result = SECSuccess;
+    SECITEM_TO_MPINT(params->prime,    &P);
+    SECITEM_TO_MPINT(params->subPrime, &Q);
+    SECITEM_TO_MPINT(params->base,     &G);
+    /* 1.  Q is 160 bits long. */
+    CHECKPARAM( mpl_significant_bits(&Q) == 160 );
+    /* 2.  P is one of the 9 valid lengths. */
+    L = mpl_significant_bits(&P);
+    j = PQG_PBITS_TO_INDEX(L);
+    CHECKPARAM( j >= 0 && j <= 8 );
+    /* 3.  G < P */
+    CHECKPARAM( mp_cmp(&G, &P) < 0 );
+    /* 4.  P % Q == 1 */
+    CHECK_MPI_OK( mp_mod(&P, &Q, &r) );
+    CHECKPARAM( mp_cmp_d(&r, 1) == 0 );
+    /* 5.  Q is prime */
+    CHECKPARAM( mpp_pprime(&Q, PQG_Q_PRIMALITY_TESTS) == MP_YES );
+    /* 6.  P is prime */
+    CHECKPARAM( mpp_pprime(&P, PQG_P_PRIMALITY_TESTS) == MP_YES );
+    /* Steps 7-12 are done only if the optional PQGVerify is supplied. */
+    /* 7.  counter < 4096 */
+    CHECKPARAM( vfy->counter < 4096 );
+    /* 8.  g >= 160 and g < 2048   (g is length of seed in bits) */
+    g = vfy->seed.len * 8;
+    CHECKPARAM( g >= 160 && g < 2048 );
+    /* 9.  Q generated from SEED matches Q in PQGParams. */
+    CHECK_SEC_OK( makeQfromSeed(g, &vfy->seed, &Q_) );
+    CHECKPARAM( mp_cmp(&Q, &Q_) == 0 );
+    /* 10. P generated from (L, counter, g, SEED, Q) matches P in PQGParams. */
+    n = (L - 1) / BITS_IN_Q;
+    offset = vfy->counter * (n + 1) + 2;
+    CHECK_SEC_OK( makePfromQandSeed(L, offset, g, &vfy->seed, &Q, &P_) );
+    CHECKPARAM( mp_cmp(&P, &P_) == 0 );
+    /* Next two are optional: if h == 0 ignore */
+    if (vfy->h.len == 0) goto cleanup;
+    /* 11. 1 < h < P-1 */
+    SECITEM_TO_MPINT(vfy->h, &h);
+    CHECK_MPI_OK( mpl_set_bit(&P, 0, 0) ); /* P is prime, p-1 == zero 1st bit */
+    CHECKPARAM( mp_cmp_d(&h, 1) > 0 && mp_cmp(&h, &P) );
+    CHECK_MPI_OK( mpl_set_bit(&P, 0, 1) ); /* set it back */
+    /* 12. G generated from h matches G in PQGParams. */
+    CHECK_SEC_OK( makeGfromH(&P, &Q, &h, &G_, &passed) );
+    CHECKPARAM( passed && mp_cmp(&G, &G_) == 0 );
+cleanup:
+    mp_clear(&P);
+    mp_clear(&Q);
+    mp_clear(&G);
+    mp_clear(&P_);
+    mp_clear(&Q_);
+    mp_clear(&G_);
+    mp_clear(&r);
+    mp_clear(&h);
+    if (err) {
+	MP_TO_SEC_ERROR(err);
+	rv = SECFailure;
+    }
+    return rv;
+}
+
+/**************************************************************************
+ *  Free the PQGParams struct and the things it points to.                *
+ **************************************************************************/
+void
+PQG_DestroyParams(PQGParams *params)
+{
+    if (params == NULL) 
+    	return;
+    if (params->arena != NULL) {
+	PORT_FreeArena(params->arena, PR_FALSE);	/* don't zero it */
+    } else {
+	SECITEM_FreeItem(&params->prime,    PR_FALSE); /* don't free prime */
+	SECITEM_FreeItem(&params->subPrime, PR_FALSE); /* don't free subPrime */
+	SECITEM_FreeItem(&params->base,     PR_FALSE); /* don't free base */
+	PORT_Free(params);
+    }
+}
+
+/**************************************************************************
+ *  Free the PQGVerify struct and the things it points to.                *
+ **************************************************************************/
+
+void
+PQG_DestroyVerify(PQGVerify *vfy)
+{
+    if (vfy == NULL) 
+    	return;
+    if (vfy->arena != NULL) {
+	PORT_FreeArena(vfy->arena, PR_FALSE);	/* don't zero it */
+    } else {
+	SECITEM_FreeItem(&vfy->seed,   PR_FALSE); /* don't free seed */
+	SECITEM_FreeItem(&vfy->h,      PR_FALSE); /* don't free h */
+	PORT_Free(vfy);
+    }
+}
diff --git a/security/nss/lib/freebl/prng_fips1861.c b/security/nss/lib/freebl/prng_fips1861.c
new file mode 100644
index 000000000..50c29692e
--- /dev/null
+++ b/security/nss/lib/freebl/prng_fips1861.c
@@ -0,0 +1,642 @@
+/*
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include "prerr.h"
+#include "secerr.h"
+
+#include "prtypes.h"
+#include "prinit.h"
+#include "blapi.h"
+#include "nssilock.h"
+#include "secitem.h"
+#include "sha_fast.h"
+#include "sha256.h"
+#include "secrng.h"	/* for RNG_GetNoise() */
+#include "secmpi.h"
+
+/*
+ * The minimum amount of seed data required before the generator will
+ * provide data.
+ * Note that this is a measure of the number of bytes sent to
+ * RNG_RandomUpdate, not the actual amount of entropy present in the
+ * generator.  Naturally, it is impossible to know (at this level) just
+ * how much entropy is present in the provided seed data.  A bare minimum
+ * of entropy would be 20 bytes, so by requiring 1K this code is making
+ * the tacit assumption that at least 1 byte of pure entropy is provided
+ * with every 8 bytes supplied to RNG_RandomUpdate.  The reality of this
+ * assumption is left up to the caller.
+ */
+#define MIN_SEED_COUNT 1024
+
+/*
+ * Steps taken from Algorithm 1 of FIPS 186-2 Change Notice 1
+ */
+
+/*
+ * According to FIPS 186-2, 160 <= b <= 512.
+ * For our purposes, we will assume b == 160,
+ * 256, or 512 (the output size of SHA-1,
+ * SHA-256, or SHA-512).
+ */
+#define FIPS_B     256
+#define BSIZE      (FIPS_B / PR_BITS_PER_BYTE)
+#if BSIZE != SHA256_LENGTH
+#error "this file requires that BSIZE and SHA256_LENGTH be equal"
+#endif
+
+/* Output size of the G function */
+#define FIPS_G     160
+#define GSIZE      (FIPS_G / PR_BITS_PER_BYTE)
+
+/*
+ * Add two b-bit numbers represented as arrays of BSIZE bytes.
+ * The numbers are big-endian, MSB first, so addition is done
+ * from the end of the buffer to the beginning.
+ */
+#define ADD_B_BIT_PLUS_CARRY(dest, add1, add2, cy) \
+    carry = cy; \
+    for (k=BSIZE-1; k>=0; --k) { \
+	carry += add1[k] + add2[k]; \
+	dest[k] = (PRUint8)carry; \
+	carry >>= 8; \
+    }
+
+#define ADD_B_BIT_2(dest, add1, add2) \
+	ADD_B_BIT_PLUS_CARRY(dest, add1, add2, 0)
+
+
+/*
+ * FIPS requires result from Step 3.3 to be reduced mod q when generating
+ * random numbers for DSA.
+ *
+ * Input: w, 2*GSIZE bytes
+ *        q, DSA_SUBPRIME_LEN bytes
+ * Output: xj, DSA_SUBPRIME_LEN bytes
+ */
+SECStatus
+FIPS186Change_ReduceModQForDSA(const unsigned char *w,
+                               const unsigned char *q,
+                               unsigned char *xj)
+{
+    mp_int W, Q, Xj;
+    mp_err err;
+    SECStatus rv = SECSuccess;
+
+    /* Initialize MPI integers. */
+    MP_DIGITS(&W) = 0;
+    MP_DIGITS(&Q) = 0;
+    MP_DIGITS(&Xj) = 0;
+    CHECK_MPI_OK( mp_init(&W) );
+    CHECK_MPI_OK( mp_init(&Q) );
+    CHECK_MPI_OK( mp_init(&Xj) );
+    /*
+     * Convert input arguments into MPI integers.
+     */
+    CHECK_MPI_OK( mp_read_unsigned_octets(&W, w, 2*GSIZE) );
+    CHECK_MPI_OK( mp_read_unsigned_octets(&Q, q, DSA_SUBPRIME_LEN) );
+    /*
+     * Algorithm 1 of FIPS 186-2 Change Notice 1, Step 3.3
+     *
+     * xj = (w0 || w1) mod q
+     */
+    CHECK_MPI_OK( mp_mod(&W, &Q, &Xj) );
+    CHECK_MPI_OK( mp_to_fixlen_octets(&Xj, xj, DSA_SUBPRIME_LEN) );
+cleanup:
+    mp_clear(&W);
+    mp_clear(&Q);
+    mp_clear(&Xj);
+    if (err) {
+	MP_TO_SEC_ERROR(err);
+	rv = SECFailure;
+    }
+    return rv;
+}
+
+/*
+ * Specialized SHA1-like function.  This function appends zeroes to a 
+ * single input block and runs a single instance of the compression function, 
+ * as specified in FIPS 186-2 appendix 3.3.
+ */
+static void 
+RNG_UpdateAndEnd_FIPS186_2(SHA1Context *ctx, 
+                           unsigned char *input, unsigned int inputLen,
+                           unsigned char *hashout, unsigned int *pDigestLen, 
+                           unsigned int maxDigestLen);
+
+/*
+ * Global RNG context
+ */ 
+struct RNGContextStr {
+    PRUint8   XKEY[BSIZE]; /* Seed for next SHA iteration */
+    PRUint8   Xj[2*GSIZE]; /* Output from previous operation. */
+    PZLock   *lock;        /* Lock to serialize access to global rng */
+    PRUint8   avail;       /* # bytes of output available, [0...2*GSIZE] */
+    PRUint32  seedCount;   /* number of seed bytes given to generator */
+    PRBool    isValid;     /* false if RNG reaches an invalid state */
+};
+typedef struct RNGContextStr RNGContext;
+static RNGContext *globalrng = NULL;
+static RNGContext theGlobalRng;
+
+/*
+ * Clean up the global RNG context
+ */
+static void
+freeRNGContext()
+{
+    unsigned char inputhash[BSIZE];
+    SECStatus rv;
+
+    /* destroy context lock */
+    PZ_DestroyLock(globalrng->lock);
+
+    /* zero global RNG context except for XKEY to preserve entropy */
+    rv = SHA256_HashBuf(inputhash, globalrng->XKEY, BSIZE);
+    PORT_Assert(SECSuccess == rv);
+    memset(globalrng, 0, sizeof(*globalrng));
+    memcpy(globalrng->XKEY, inputhash, BSIZE);
+
+    globalrng = NULL;
+}
+
+/*
+ * The core of Algorithm 1 of FIPS 186-2 Change Notice 1,
+ * separated from alg_fips186_2_cn_1 as a standalone function
+ * for FIPS algorithm testing.
+ *
+ * Parameters:
+ *   XKEY [input/output]: the state of the RNG (seed-key)
+ *   XSEEDj [input]: optional user input (seed)
+ *   x_j [output]: output of the RNG
+ *
+ * Return value:
+ * This function usually returns SECSuccess.  The only reason
+ * this function returns SECFailure is that XSEEDj equals
+ * XKEY, including the intermediate XKEY value between the two
+ * iterations.  (This test is actually a FIPS 140-2 requirement
+ * and not required for FIPS algorithm testing, but it is too
+ * hard to separate from this function.)  If this function fails,
+ * XKEY is not updated, but some data may have been written to
+ * x_j, which should be ignored.
+ */
+SECStatus
+FIPS186Change_GenerateX(unsigned char *XKEY, const unsigned char *XSEEDj,
+                        unsigned char *x_j)
+{
+    /* SHA1 context for G(t, XVAL) function */
+    SHA1Context sha1cx;
+    /* XKEY for iteration 1 */
+    PRUint8 XKEY_1[BSIZE];
+    const PRUint8 *XKEY_old;
+    PRUint8 *XKEY_new;
+    /* input to hash function */
+    PRUint8 XVAL[BSIZE];
+    /* used by ADD_B_BIT macros */
+    int k, carry;
+    /* store the output of G(t, XVAL) in the rightmost GSIZE bytes */
+    PRUint8 w_i[BSIZE];
+    int i;
+    unsigned int len;
+    SECStatus rv = SECSuccess;
+
+#if GSIZE < BSIZE
+    /* zero the leftmost bytes so we can pass it to ADD_B_BIT_PLUS_CARRY */
+    memset(w_i, 0, BSIZE - GSIZE);
+#endif
+    /* 
+     * <Step 2> Initialize t, taken care of in SHA-1 (same initial values)
+     *
+     * <Step 3.1> XSEEDj is optional user input
+     */ 
+    for (i = 0; i < 2; i++) {
+	/* only update XKEY when both iterations have been completed */
+	if (i == 0) {
+	    /* for iteration 0 */
+	    XKEY_old = XKEY;
+	    XKEY_new = XKEY_1;
+	} else {
+	    /* for iteration 1 */
+	    XKEY_old = XKEY_1;
+	    XKEY_new = XKEY;
+	}
+	/* 
+	 * <Step 3.2a> XVAL = (XKEY + XSEEDj) mod 2^b
+	 *     :always reduced mod 2^b, since storing as b-bit value
+	 */
+	if (XSEEDj) {
+	    /* XSEEDj > 0 */
+	    if (memcmp(XKEY_old, XSEEDj, BSIZE) == 0) {
+		/* Should we add the error code SEC_ERROR_BAD_RNG_SEED? */
+		PORT_SetError(SEC_ERROR_INVALID_ARGS);
+		rv = SECFailure;
+		goto done;
+	    }
+	    ADD_B_BIT_2(XVAL, XKEY_old, XSEEDj);
+	} else {
+	    /* XSEEDj == 0 */
+	    memcpy(XVAL, XKEY_old, BSIZE);
+	}
+	/* 
+	 * <Step 3.2b> Wi = G(t, XVAL)
+	 *     :FIPS 186-2 specifies a different padding than the SHA1 180-1
+	 *     :specification, this function is implemented in
+	 *     :RNG_UpdateAndEnd_FIPS186_2 below.
+	 */ 
+	SHA1_Begin(&sha1cx);
+	RNG_UpdateAndEnd_FIPS186_2(&sha1cx, XVAL, BSIZE,
+				   &w_i[BSIZE - GSIZE], &len, GSIZE);
+	/* 
+	 * <Step 3.2c> XKEY = (1 + XKEY + Wi) mod 2^b
+	 *     :always reduced mod 2^b, since storing as 160-bit value 
+	 */
+	ADD_B_BIT_PLUS_CARRY(XKEY_new, XKEY_old, w_i, 1);
+	/*
+	 * <Step 3.3> Xj = (W0 || W1)
+	 */
+	memcpy(&x_j[i*GSIZE], &w_i[BSIZE - GSIZE], GSIZE);
+    }
+
+done:
+    /* housekeeping */
+    memset(&w_i[BSIZE - GSIZE], 0, GSIZE);
+    memset(XVAL, 0, BSIZE);
+    memset(XKEY_1, 0, BSIZE);
+    return rv;
+}
+
+/*
+ * Implementation of Algorithm 1 of FIPS 186-2 Change Notice 1,
+ * hereinafter called alg_cn_1().  It is assumed a lock for the global
+ * rng context has already been acquired.
+ * Calling this function with XSEEDj == NULL is equivalent to saying there
+ * is no optional user input, which is further equivalent to saying that
+ * the optional user input is 0.
+ */
+static SECStatus
+alg_fips186_2_cn_1(RNGContext *rng, const unsigned char *XSEEDj)
+{
+    /* store a copy of the output to compare with the previous output */
+    PRUint8 x_j[2*GSIZE];
+    SECStatus rv;
+
+    if (!rng->isValid) {
+	/* RNG has alread entered an invalid state. */
+	PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+	return SECFailure;
+    }
+    rv = FIPS186Change_GenerateX(rng->XKEY, XSEEDj, x_j);
+    if (rv != SECSuccess) {
+	goto done;
+    }
+    /*     [FIPS 140-2] verify output does not match previous output */
+    if (memcmp(x_j, rng->Xj, 2*GSIZE) == 0) {
+	/* failed FIPS 140-2 continuous RNG test.  RNG now invalid. */
+	rng->isValid = PR_FALSE;
+	PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+	rv = SECFailure;
+	goto done;
+    }
+    /* Xj is the output */
+    memcpy(rng->Xj, x_j, 2*GSIZE);
+    /* Always have a full buffer after executing alg_cn_1() */
+    rng->avail = 2*GSIZE;
+
+done:
+    /* housekeeping */
+    memset(x_j, 0, 2*GSIZE);
+    return rv;
+}
+
+/* Use NSPR to prevent RNG_RNGInit from being called from separate
+ * threads, creating a race condition.
+ */
+static const PRCallOnceType pristineCallOnce;
+static PRCallOnceType coRNGInit;
+static PRStatus rng_init(void)
+{
+    unsigned char bytes[SYSTEM_RNG_SEED_COUNT];
+    unsigned int numBytes;
+    if (globalrng == NULL) {
+	/* create a new global RNG context */
+	globalrng = &theGlobalRng;
+        PORT_Assert(NULL == globalrng->lock);
+	/* create a lock for it */
+	globalrng->lock = PZ_NewLock(nssILockOther);
+	if (globalrng->lock == NULL) {
+	    globalrng = NULL;
+	    PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
+	    return PR_FAILURE;
+	}
+	/* the RNG is in a valid state */
+	globalrng->isValid = PR_TRUE;
+	/* Try to get some seed data for the RNG */
+	numBytes = RNG_SystemRNG(bytes, sizeof bytes);
+	PORT_Assert(numBytes == 0 || numBytes == sizeof bytes);
+	if (numBytes != 0) {
+	    RNG_RandomUpdate(bytes, numBytes);
+	    memset(bytes, 0, numBytes);
+	} else if (PORT_GetError() != PR_NOT_IMPLEMENTED_ERROR) {
+	    PZ_DestroyLock(globalrng->lock);
+	    globalrng->lock = NULL;
+	    globalrng->isValid = PR_FALSE;
+	    globalrng = NULL;
+	    return PR_FAILURE;
+	}
+	numBytes = RNG_GetNoise(bytes, sizeof bytes);
+	RNG_RandomUpdate(bytes, numBytes);
+    }
+    return PR_SUCCESS;
+}
+
+/*
+ * Initialize the global RNG context and give it some seed input taken
+ * from the system.  This function is thread-safe and will only allow
+ * the global context to be initialized once.  The seed input is likely
+ * small, so it is imperative that RNG_RandomUpdate() be called with
+ * additional seed data before the generator is used.  A good way to
+ * provide the generator with additional entropy is to call
+ * RNG_SystemInfoForRNG().  Note that NSS_Init() does exactly that.
+ */
+SECStatus 
+RNG_RNGInit(void)
+{
+    /* Allow only one call to initialize the context */
+    PR_CallOnce(&coRNGInit, rng_init);
+    /* Make sure there is a context */
+    return (globalrng != NULL) ? PR_SUCCESS : PR_FAILURE;
+}
+
+/*
+** Update the global random number generator with more seeding
+** material
+*/
+static SECStatus 
+prng_RandomUpdate(RNGContext *rng, const void *data, size_t bytes)
+{
+    SECStatus rv = SECSuccess;
+    /* check for a valid global RNG context */
+    PORT_Assert(rng != NULL);
+    if (rng == NULL) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+    /* RNG_SystemInfoForRNG() sometimes does this, not really an error */
+    if (bytes == 0)
+	return SECSuccess;
+    /* --- LOCKED --- */
+    PZ_Lock(rng->lock);
+    /*
+     * Random information is initially supplied by a call to
+     * RNG_SystemInfoForRNG().  That function collects entropy from
+     * the system and calls RNG_RandomUpdate() to seed the generator.
+     * Algorithm 1 of FIPS 186-2 Change Notice 1, step 1 specifies that
+     * a secret value for the seed-key must be chosen before the
+     * generator can begin.  The size of XKEY is b bits, so fill it
+     * with the b-bit hash of the input to the first RNG_RandomUpdate()
+     * call.
+     */
+    if (rng->seedCount == 0) {
+	/* This is the first call to RandomUpdate().  Use a hash
+	 * of the input to set the seed-key, XKEY.
+	 *
+	 * <Step 1> copy hash of seed bytes into context's XKEY
+	 */
+	SHA256_HashBuf(rng->XKEY, data, bytes);
+	/* Now continue with algorithm. */
+	rv = alg_fips186_2_cn_1(rng, NULL);
+	/* As per FIPS 140-2 continuous RNG test requirement, the first
+	 * iteration of output is discarded.  So here there is really
+	 * no output available.  This forces another execution of alg_cn_1()
+	 * before any bytes can be extracted from the generator.
+	 */
+	rng->avail = 0;
+    } else if (bytes == BSIZE && memcmp(rng->XKEY, data, BSIZE) == 0) {
+	/* Should we add the error code SEC_ERROR_BAD_RNG_SEED? */
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	rv = SECFailure;
+    } else {
+	/*
+	 * FIPS 186-2 does not specify how to reseed the RNG.  We retrofit
+	 * our RNG with a reseed function from NIST SP 800-90.
+	 *
+	 * Use a hash of the seed-key and the input to reseed the RNG.
+	 */
+	SHA256Context ctx;
+	SHA256_Begin(&ctx);
+	SHA256_Update(&ctx, rng->XKEY, BSIZE);
+	SHA256_Update(&ctx, data, bytes);
+	SHA256_End(&ctx, rng->XKEY, NULL, BSIZE);
+    }
+    /* If got this far, have added bytes of seed data. */
+    if (rv == SECSuccess)
+	rng->seedCount += bytes;
+    PZ_Unlock(rng->lock);
+    /* --- UNLOCKED --- */
+    return rv;
+}
+
+/*
+** Update the global random number generator with more seeding
+** material.
+*/
+SECStatus 
+RNG_RandomUpdate(const void *data, size_t bytes)
+{
+    return prng_RandomUpdate(globalrng, data, bytes);
+}
+
+/*
+** Generate some random bytes, using the global random number generator
+** object.
+*/
+static SECStatus 
+prng_GenerateGlobalRandomBytes(RNGContext *rng,
+                               void *dest, size_t len)
+{
+    PRUint8 num;
+    SECStatus rv = SECSuccess;
+    unsigned char *output = dest;
+    /* check for a valid global RNG context */
+    PORT_Assert(rng != NULL);
+    if (rng == NULL) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+    /* --- LOCKED --- */
+    PZ_Lock(rng->lock);
+    /* Check the amount of seed data in the generator.  If not enough,
+     * don't produce any data.
+     */
+    if (rng->seedCount < MIN_SEED_COUNT) {
+	PZ_Unlock(rng->lock);
+	PORT_SetError(SEC_ERROR_NEED_RANDOM);
+	return SECFailure;
+    }
+    /*
+     * If there are enough bytes of random data, send back Xj, 
+     * else call alg_cn_1() with 0's to generate more random data.
+     */
+    while (len > 0 && rv == SECSuccess) {
+	if (rng->avail == 0) {
+	    /* All available bytes are used, so generate more. */
+	    rv = alg_fips186_2_cn_1(rng, NULL);
+	}
+	/* number of bytes to obtain on this iteration (max of 40) */
+	num = PR_MIN(rng->avail, len);
+	/*
+	 * if avail < 2*GSIZE, the first 2*GSIZE - avail bytes have
+	 * already been used.
+	 */
+	if (num) {
+	    memcpy(output, rng->Xj + (2*GSIZE - rng->avail), num);
+	    rng->avail -= num;
+	    len -= num;
+	    output += num;
+	}
+    }
+    PZ_Unlock(rng->lock);
+    /* --- UNLOCKED --- */
+    return rv;
+}
+
+/*
+** Generate some random bytes, using the global random number generator
+** object.
+*/
+SECStatus 
+RNG_GenerateGlobalRandomBytes(void *dest, size_t len)
+{
+    return prng_GenerateGlobalRandomBytes(globalrng, dest, len);
+}
+
+void
+RNG_RNGShutdown(void)
+{
+    /* check for a valid global RNG context */
+    PORT_Assert(globalrng != NULL);
+    if (globalrng == NULL) {
+	/* Should set a "not initialized" error code. */
+	PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+	return;
+    }
+    /* clear */
+    freeRNGContext();
+    /* reset the callonce struct to allow a new call to RNG_RNGInit() */
+    coRNGInit = pristineCallOnce;
+}
+
+/*
+ *  SHA: Generate hash value from context
+ *       Specialized function for PRNG
+ *       The PRNG specified in FIPS 186-2 3.3 uses a function, G,
+ *       which has the same initialization and compression functions
+ *       as SHA1 180-1, but uses different padding.  FIPS 186-2 3.3 
+ *       specifies that the message be padded with 0's until the size
+ *       reaches 512 bits.
+ */
+static void 
+RNG_UpdateAndEnd_FIPS186_2(SHA1Context *ctx, 
+                           unsigned char *input, unsigned int inputLen,
+                           unsigned char *hashout, unsigned int *pDigestLen, 
+                           unsigned int maxDigestLen)
+{
+#if defined(SHA_NEED_TMP_VARIABLE)
+    register PRUint32 tmp;
+#endif
+    static const unsigned char bulk_pad0[64] = { 0,0,0,0,0,0,0,0,0,0,
+               0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+               0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0  };
+
+    PORT_Assert(maxDigestLen >= SHA1_LENGTH);
+    PORT_Assert(inputLen <= SHA1_INPUT_LEN);
+
+    /*
+     *  Add the input
+     */
+    SHA1_Update(ctx, input, inputLen);
+    /*
+     *  Pad with zeroes
+     *  This will fill the input block and cause the compression function
+     *  to be called.
+     */
+    SHA1_Update(ctx, bulk_pad0, SHA1_INPUT_LEN - inputLen);
+
+    /*
+     *  Output hash
+     */
+    SHA_STORE_RESULT;
+    *pDigestLen = SHA1_LENGTH;
+}
+
+/*
+ * Specialized RNG for DSA
+ *
+ * As per Algorithm 1 of FIPS 186-2 Change Notice 1, in step 3.3 the value
+ * Xj should be reduced mod q, a 160-bit prime number.  Since this parameter
+ * is only meaningful in the context of DSA, the above RNG functions
+ * were implemented without it.  They are re-implemented below for use
+ * with DSA.
+ *
+ */
+
+/*
+** Generate some random bytes, using the global random number generator
+** object.  In DSA mode, so there is a q.
+*/
+SECStatus 
+DSA_GenerateGlobalRandomBytes(void *dest, size_t len, const unsigned char *q)
+{
+    SECStatus rv;
+    unsigned char w[2*GSIZE];
+
+    PORT_Assert(q && len == DSA_SUBPRIME_LEN);
+    if (len != DSA_SUBPRIME_LEN) {
+	PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+	return SECFailure;
+    }
+    if (*q == 0) {
+        ++q;
+    }
+    rv = prng_GenerateGlobalRandomBytes(globalrng, w, 2*GSIZE);
+    if (rv != SECSuccess) {
+	return rv;
+    }
+    FIPS186Change_ReduceModQForDSA(w, q, (unsigned char *)dest);
+    return rv;
+}
diff --git a/security/nss/lib/freebl/rawhash.c b/security/nss/lib/freebl/rawhash.c
new file mode 100644
index 000000000..a3efe9b30
--- /dev/null
+++ b/security/nss/lib/freebl/rawhash.c
@@ -0,0 +1,164 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "nspr.h"
+#include "sechash.h"
+#include "blapi.h"	/* below the line */
+#include "secerr.h"
+
+static void *
+null_hash_new_context(void)
+{
+    return NULL;
+}
+
+static void *
+null_hash_clone_context(void *v)
+{
+    PORT_Assert(v == NULL);
+    return NULL;
+}
+
+static void
+null_hash_begin(void *v)
+{
+}
+
+static void
+null_hash_update(void *v, const unsigned char *input, unsigned int length)
+{
+}
+
+static void
+null_hash_end(void *v, unsigned char *output, unsigned int *outLen,
+	      unsigned int maxOut)
+{
+    *outLen = 0;
+}
+
+static void
+null_hash_destroy_context(void *v, PRBool b)
+{
+    PORT_Assert(v == NULL);
+}
+
+
+const SECHashObject SECRawHashObjects[] = {
+  { 0,
+    (void * (*)(void)) null_hash_new_context,
+    (void * (*)(void *)) null_hash_clone_context,
+    (void (*)(void *, PRBool)) null_hash_destroy_context,
+    (void (*)(void *)) null_hash_begin,
+    (void (*)(void *, const unsigned char *, unsigned int)) null_hash_update,
+    (void (*)(void *, unsigned char *, unsigned int *,
+	      unsigned int)) null_hash_end,
+    0,
+    HASH_AlgNULL
+  },
+  { MD2_LENGTH,
+    (void * (*)(void)) MD2_NewContext,
+    (void * (*)(void *)) null_hash_clone_context,
+    (void (*)(void *, PRBool)) MD2_DestroyContext,
+    (void (*)(void *)) MD2_Begin,
+    (void (*)(void *, const unsigned char *, unsigned int)) MD2_Update,
+    (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) MD2_End,
+    MD2_BLOCK_LENGTH,
+    HASH_AlgMD2
+  },
+  { MD5_LENGTH,
+    (void * (*)(void)) MD5_NewContext,
+    (void * (*)(void *)) null_hash_clone_context,
+    (void (*)(void *, PRBool)) MD5_DestroyContext,
+    (void (*)(void *)) MD5_Begin,
+    (void (*)(void *, const unsigned char *, unsigned int)) MD5_Update,
+    (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) MD5_End,
+    MD5_BLOCK_LENGTH,
+    HASH_AlgMD5
+  },
+  { SHA1_LENGTH,
+    (void * (*)(void)) SHA1_NewContext,
+    (void * (*)(void *)) null_hash_clone_context,
+    (void (*)(void *, PRBool)) SHA1_DestroyContext,
+    (void (*)(void *)) SHA1_Begin,
+    (void (*)(void *, const unsigned char *, unsigned int)) SHA1_Update,
+    (void (*)(void *, unsigned char *, unsigned int *, unsigned int)) SHA1_End,
+    SHA1_BLOCK_LENGTH,
+    HASH_AlgSHA1
+  },
+  { SHA256_LENGTH,
+    (void * (*)(void)) SHA256_NewContext,
+    (void * (*)(void *)) null_hash_clone_context,
+    (void (*)(void *, PRBool)) SHA256_DestroyContext,
+    (void (*)(void *)) SHA256_Begin,
+    (void (*)(void *, const unsigned char *, unsigned int)) SHA256_Update,
+    (void (*)(void *, unsigned char *, unsigned int *,
+	      unsigned int)) SHA256_End,
+    SHA256_BLOCK_LENGTH,
+    HASH_AlgSHA256
+  },
+  { SHA384_LENGTH,
+    (void * (*)(void)) SHA384_NewContext,
+    (void * (*)(void *)) null_hash_clone_context,
+    (void (*)(void *, PRBool)) SHA384_DestroyContext,
+    (void (*)(void *)) SHA384_Begin,
+    (void (*)(void *, const unsigned char *, unsigned int)) SHA384_Update,
+    (void (*)(void *, unsigned char *, unsigned int *,
+	      unsigned int)) SHA384_End,
+    SHA384_BLOCK_LENGTH,
+    HASH_AlgSHA384
+  },
+  { SHA512_LENGTH,
+    (void * (*)(void)) SHA512_NewContext,
+    (void * (*)(void *)) null_hash_clone_context,
+    (void (*)(void *, PRBool)) SHA512_DestroyContext,
+    (void (*)(void *)) SHA512_Begin,
+    (void (*)(void *, const unsigned char *, unsigned int)) SHA512_Update,
+    (void (*)(void *, unsigned char *, unsigned int *,
+	      unsigned int)) SHA512_End,
+    SHA512_BLOCK_LENGTH,
+    HASH_AlgSHA512
+  },
+};
+
+const SECHashObject *
+HASH_GetRawHashObject(HASH_HashType hashType)
+{
+    if (hashType < HASH_AlgNULL || hashType >= HASH_AlgTOTAL) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return NULL;
+    }
+    return &SECRawHashObjects[hashType];
+}
diff --git a/security/nss/lib/freebl/ret_cr16.s b/security/nss/lib/freebl/ret_cr16.s
new file mode 100644
index 000000000..7fb37e725
--- /dev/null
+++ b/security/nss/lib/freebl/ret_cr16.s
@@ -0,0 +1,57 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#ifdef __LP64__
+        .LEVEL   2.0W
+#else
+        .LEVEL   1.1
+#endif
+
+	.CODE	; equivalent to the following two lines
+;       .SPACE   $TEXT$,SORT=8
+;       .SUBSPA  $CODE$,QUAD=0,ALIGN=4,ACCESS=0x2c,CODE_ONLY,SORT=24
+
+ret_cr16
+	.PROC
+	.CALLINFO 	FRAME=0, NO_CALLS
+	.EXPORT 	ret_cr16,ENTRY
+	.ENTER
+;	BV		%r0(%rp)
+	BV		0(%rp)
+	MFCTL		%cr16,%ret0
+        .LEAVE
+        .PROCEND
+        .END
diff --git a/security/nss/lib/freebl/rijndael.c b/security/nss/lib/freebl/rijndael.c
new file mode 100644
index 000000000..58f5e5cdf
--- /dev/null
+++ b/security/nss/lib/freebl/rijndael.c
@@ -0,0 +1,1155 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include "prinit.h"
+#include "prerr.h"
+#include "secerr.h"
+
+#include "prtypes.h"
+#include "blapi.h"
+#include "rijndael.h"
+
+/*
+ * There are currently five ways to build this code, varying in performance
+ * and code size.
+ *
+ * RIJNDAEL_INCLUDE_TABLES         Include all tables from rijndael32.tab
+ * RIJNDAEL_GENERATE_TABLES        Generate tables on first 
+ *                                 encryption/decryption, then store them;
+ *                                 use the function gfm
+ * RIJNDAEL_GENERATE_TABLES_MACRO  Same as above, but use macros to do
+ *                                 the generation
+ * RIJNDAEL_GENERATE_VALUES        Do not store tables, generate the table
+ *                                 values "on-the-fly", using gfm
+ * RIJNDAEL_GENERATE_VALUES_MACRO  Same as above, but use macros
+ *
+ * The default is RIJNDAEL_INCLUDE_TABLES.
+ */
+
+/*
+ * When building RIJNDAEL_INCLUDE_TABLES, includes S**-1, Rcon, T[0..4], 
+ *                                                 T**-1[0..4], IMXC[0..4]
+ * When building anything else, includes S, S**-1, Rcon
+ */
+#include "rijndael32.tab"
+
+#if defined(RIJNDAEL_INCLUDE_TABLES)
+/*
+ * RIJNDAEL_INCLUDE_TABLES
+ */
+#define T0(i)    _T0[i]
+#define T1(i)    _T1[i]
+#define T2(i)    _T2[i]
+#define T3(i)    _T3[i]
+#define TInv0(i) _TInv0[i]
+#define TInv1(i) _TInv1[i]
+#define TInv2(i) _TInv2[i]
+#define TInv3(i) _TInv3[i]
+#define IMXC0(b) _IMXC0[b]
+#define IMXC1(b) _IMXC1[b]
+#define IMXC2(b) _IMXC2[b]
+#define IMXC3(b) _IMXC3[b]
+/* The S-box can be recovered from the T-tables */
+#ifdef IS_LITTLE_ENDIAN
+#define SBOX(b)    ((PRUint8)_T3[b])
+#else
+#define SBOX(b)    ((PRUint8)_T1[b])
+#endif
+#define SINV(b) (_SInv[b])
+
+#else /* not RIJNDAEL_INCLUDE_TABLES */
+
+/*
+ * Code for generating T-table values.
+ */
+
+#ifdef IS_LITTLE_ENDIAN
+#define WORD4(b0, b1, b2, b3) \
+    (((b3) << 24) | ((b2) << 16) | ((b1) << 8) | (b0))
+#else
+#define WORD4(b0, b1, b2, b3) \
+    (((b0) << 24) | ((b1) << 16) | ((b2) << 8) | (b3))
+#endif
+
+/*
+ * Define the S and S**-1 tables (both have been stored)
+ */
+#define SBOX(b)    (_S[b])
+#define SINV(b) (_SInv[b])
+
+/*
+ * The function xtime, used for Galois field multiplication
+ */
+#define XTIME(a) \
+    ((a & 0x80) ? ((a << 1) ^ 0x1b) : (a << 1))
+
+/* Choose GFM method (macros or function) */
+#if defined(RIJNDAEL_GENERATE_TABLES_MACRO) ||  \
+    defined(RIJNDAEL_GENERATE_VALUES_MACRO)
+
+/*
+ * Galois field GF(2**8) multipliers, in macro form
+ */
+#define GFM01(a) \
+    (a)                                 /* a * 01 = a, the identity */
+#define GFM02(a) \
+    (XTIME(a) & 0xff)                   /* a * 02 = xtime(a) */
+#define GFM04(a) \
+    (GFM02(GFM02(a)))                   /* a * 04 = xtime**2(a) */
+#define GFM08(a) \
+    (GFM02(GFM04(a)))                   /* a * 08 = xtime**3(a) */
+#define GFM03(a) \
+    (GFM01(a) ^ GFM02(a))               /* a * 03 = a * (01 + 02) */
+#define GFM09(a) \
+    (GFM01(a) ^ GFM08(a))               /* a * 09 = a * (01 + 08) */
+#define GFM0B(a) \
+    (GFM01(a) ^ GFM02(a) ^ GFM08(a))    /* a * 0B = a * (01 + 02 + 08) */
+#define GFM0D(a) \
+    (GFM01(a) ^ GFM04(a) ^ GFM08(a))    /* a * 0D = a * (01 + 04 + 08) */
+#define GFM0E(a) \
+    (GFM02(a) ^ GFM04(a) ^ GFM08(a))    /* a * 0E = a * (02 + 04 + 08) */
+
+#else  /* RIJNDAEL_GENERATE_TABLES or RIJNDAEL_GENERATE_VALUES */
+
+/* GF_MULTIPLY
+ *
+ * multiply two bytes represented in GF(2**8), mod (x**4 + 1)
+ */
+PRUint8 gfm(PRUint8 a, PRUint8 b)
+{
+    PRUint8 res = 0;
+    while (b > 0) {
+	res = (b & 0x01) ? res ^ a : res;
+	a = XTIME(a);
+	b >>= 1;
+    }
+    return res;
+}
+
+#define GFM01(a) \
+    (a)                                 /* a * 01 = a, the identity */
+#define GFM02(a) \
+    (XTIME(a) & 0xff)                   /* a * 02 = xtime(a) */
+#define GFM03(a) \
+    (gfm(a, 0x03))                      /* a * 03 */
+#define GFM09(a) \
+    (gfm(a, 0x09))                      /* a * 09 */
+#define GFM0B(a) \
+    (gfm(a, 0x0B))                      /* a * 0B */
+#define GFM0D(a) \
+    (gfm(a, 0x0D))                      /* a * 0D */
+#define GFM0E(a) \
+    (gfm(a, 0x0E))                      /* a * 0E */
+
+#endif /* choosing GFM function */
+
+/*
+ * The T-tables
+ */
+#define G_T0(i) \
+    ( WORD4( GFM02(SBOX(i)), GFM01(SBOX(i)), GFM01(SBOX(i)), GFM03(SBOX(i)) ) )
+#define G_T1(i) \
+    ( WORD4( GFM03(SBOX(i)), GFM02(SBOX(i)), GFM01(SBOX(i)), GFM01(SBOX(i)) ) )
+#define G_T2(i) \
+    ( WORD4( GFM01(SBOX(i)), GFM03(SBOX(i)), GFM02(SBOX(i)), GFM01(SBOX(i)) ) )
+#define G_T3(i) \
+    ( WORD4( GFM01(SBOX(i)), GFM01(SBOX(i)), GFM03(SBOX(i)), GFM02(SBOX(i)) ) )
+
+/*
+ * The inverse T-tables
+ */
+#define G_TInv0(i) \
+    ( WORD4( GFM0E(SINV(i)), GFM09(SINV(i)), GFM0D(SINV(i)), GFM0B(SINV(i)) ) )
+#define G_TInv1(i) \
+    ( WORD4( GFM0B(SINV(i)), GFM0E(SINV(i)), GFM09(SINV(i)), GFM0D(SINV(i)) ) )
+#define G_TInv2(i) \
+    ( WORD4( GFM0D(SINV(i)), GFM0B(SINV(i)), GFM0E(SINV(i)), GFM09(SINV(i)) ) )
+#define G_TInv3(i) \
+    ( WORD4( GFM09(SINV(i)), GFM0D(SINV(i)), GFM0B(SINV(i)), GFM0E(SINV(i)) ) )
+
+/*
+ * The inverse mix column tables
+ */
+#define G_IMXC0(i) \
+    ( WORD4( GFM0E(i), GFM09(i), GFM0D(i), GFM0B(i) ) )
+#define G_IMXC1(i) \
+    ( WORD4( GFM0B(i), GFM0E(i), GFM09(i), GFM0D(i) ) )
+#define G_IMXC2(i) \
+    ( WORD4( GFM0D(i), GFM0B(i), GFM0E(i), GFM09(i) ) )
+#define G_IMXC3(i) \
+    ( WORD4( GFM09(i), GFM0D(i), GFM0B(i), GFM0E(i) ) )
+
+/* Now choose the T-table indexing method */
+#if defined(RIJNDAEL_GENERATE_VALUES)
+/* generate values for the tables with a function*/
+static PRUint32 gen_TInvXi(PRUint8 tx, PRUint8 i)
+{
+    PRUint8 si01, si02, si03, si04, si08, si09, si0B, si0D, si0E;
+    si01 = SINV(i);
+    si02 = XTIME(si01);
+    si04 = XTIME(si02);
+    si08 = XTIME(si04);
+    si03 = si02 ^ si01;
+    si09 = si08 ^ si01;
+    si0B = si08 ^ si03;
+    si0D = si09 ^ si04;
+    si0E = si08 ^ si04 ^ si02;
+    switch (tx) {
+    case 0:
+	return WORD4(si0E, si09, si0D, si0B);
+    case 1:
+	return WORD4(si0B, si0E, si09, si0D);
+    case 2:
+	return WORD4(si0D, si0B, si0E, si09);
+    case 3:
+	return WORD4(si09, si0D, si0B, si0E);
+    }
+    return -1;
+}
+#define T0(i)    G_T0(i)
+#define T1(i)    G_T1(i)
+#define T2(i)    G_T2(i)
+#define T3(i)    G_T3(i)
+#define TInv0(i) gen_TInvXi(0, i)
+#define TInv1(i) gen_TInvXi(1, i)
+#define TInv2(i) gen_TInvXi(2, i)
+#define TInv3(i) gen_TInvXi(3, i)
+#define IMXC0(b) G_IMXC0(b)
+#define IMXC1(b) G_IMXC1(b)
+#define IMXC2(b) G_IMXC2(b)
+#define IMXC3(b) G_IMXC3(b)
+#elif defined(RIJNDAEL_GENERATE_VALUES_MACRO)
+/* generate values for the tables with macros */
+#define T0(i)    G_T0(i)
+#define T1(i)    G_T1(i)
+#define T2(i)    G_T2(i)
+#define T3(i)    G_T3(i)
+#define TInv0(i) G_TInv0(i)
+#define TInv1(i) G_TInv1(i)
+#define TInv2(i) G_TInv2(i)
+#define TInv3(i) G_TInv3(i)
+#define IMXC0(b) G_IMXC0(b)
+#define IMXC1(b) G_IMXC1(b)
+#define IMXC2(b) G_IMXC2(b)
+#define IMXC3(b) G_IMXC3(b)
+#else  /* RIJNDAEL_GENERATE_TABLES or RIJNDAEL_GENERATE_TABLES_MACRO */
+/* Generate T and T**-1 table values and store, then index */
+/* The inverse mix column tables are still generated */
+#define T0(i)    rijndaelTables->T0[i]
+#define T1(i)    rijndaelTables->T1[i]
+#define T2(i)    rijndaelTables->T2[i]
+#define T3(i)    rijndaelTables->T3[i]
+#define TInv0(i) rijndaelTables->TInv0[i]
+#define TInv1(i) rijndaelTables->TInv1[i]
+#define TInv2(i) rijndaelTables->TInv2[i]
+#define TInv3(i) rijndaelTables->TInv3[i]
+#define IMXC0(b) G_IMXC0(b)
+#define IMXC1(b) G_IMXC1(b)
+#define IMXC2(b) G_IMXC2(b)
+#define IMXC3(b) G_IMXC3(b)
+#endif /* choose T-table indexing method */
+
+#endif /* not RIJNDAEL_INCLUDE_TABLES */
+
+#if defined(RIJNDAEL_GENERATE_TABLES) ||  \
+    defined(RIJNDAEL_GENERATE_TABLES_MACRO)
+
+/* Code to generate and store the tables */
+
+struct rijndael_tables_str {
+    PRUint32 T0[256];
+    PRUint32 T1[256];
+    PRUint32 T2[256];
+    PRUint32 T3[256];
+    PRUint32 TInv0[256];
+    PRUint32 TInv1[256];
+    PRUint32 TInv2[256];
+    PRUint32 TInv3[256];
+};
+
+static struct rijndael_tables_str *rijndaelTables = NULL;
+static PRCallOnceType coRTInit = { 0, 0, 0 };
+static PRStatus 
+init_rijndael_tables(void)
+{
+    PRUint32 i;
+    PRUint8 si01, si02, si03, si04, si08, si09, si0B, si0D, si0E;
+    struct rijndael_tables_str *rts;
+    rts = (struct rijndael_tables_str *)
+                   PORT_Alloc(sizeof(struct rijndael_tables_str));
+    if (!rts) return PR_FAILURE;
+    for (i=0; i<256; i++) {
+	/* The forward values */
+	si01 = SBOX(i);
+	si02 = XTIME(si01);
+	si03 = si02 ^ si01;
+	rts->T0[i] = WORD4(si02, si01, si01, si03);
+	rts->T1[i] = WORD4(si03, si02, si01, si01);
+	rts->T2[i] = WORD4(si01, si03, si02, si01);
+	rts->T3[i] = WORD4(si01, si01, si03, si02);
+	/* The inverse values */
+	si01 = SINV(i);
+	si02 = XTIME(si01);
+	si04 = XTIME(si02);
+	si08 = XTIME(si04);
+	si03 = si02 ^ si01;
+	si09 = si08 ^ si01;
+	si0B = si08 ^ si03;
+	si0D = si09 ^ si04;
+	si0E = si08 ^ si04 ^ si02;
+	rts->TInv0[i] = WORD4(si0E, si09, si0D, si0B);
+	rts->TInv1[i] = WORD4(si0B, si0E, si09, si0D);
+	rts->TInv2[i] = WORD4(si0D, si0B, si0E, si09);
+	rts->TInv3[i] = WORD4(si09, si0D, si0B, si0E);
+    }
+    /* wait until all the values are in to set */
+    rijndaelTables = rts;
+    return PR_SUCCESS;
+}
+
+#endif /* code to generate tables */
+
+/**************************************************************************
+ *
+ * Stuff related to the Rijndael key schedule
+ *
+ *************************************************************************/
+
+#define SUBBYTE(w) \
+    ((SBOX((w >> 24) & 0xff) << 24) | \
+     (SBOX((w >> 16) & 0xff) << 16) | \
+     (SBOX((w >>  8) & 0xff) <<  8) | \
+     (SBOX((w      ) & 0xff)         ))
+
+#ifdef IS_LITTLE_ENDIAN
+#define ROTBYTE(b) \
+    ((b >> 8) | (b << 24))
+#else
+#define ROTBYTE(b) \
+    ((b << 8) | (b >> 24))
+#endif
+
+/* rijndael_key_expansion7
+ *
+ * Generate the expanded key from the key input by the user.
+ * XXX
+ * Nk == 7 (224 key bits) is a weird case.  Since Nk > 6, an added SubByte
+ * transformation is done periodically.  The period is every 4 bytes, and
+ * since 7%4 != 0 this happens at different times for each key word (unlike
+ * Nk == 8 where it happens twice in every key word, in the same positions).
+ * For now, I'm implementing this case "dumbly", w/o any unrolling.
+ */
+static SECStatus
+rijndael_key_expansion7(AESContext *cx, const unsigned char *key, unsigned int Nk)
+{
+    unsigned int i;
+    PRUint32 *W;
+    PRUint32 *pW;
+    PRUint32 tmp;
+    W = cx->expandedKey;
+    /* 1.  the first Nk words contain the cipher key */
+    memcpy(W, key, Nk * 4);
+    i = Nk;
+    /* 2.  loop until full expanded key is obtained */
+    pW = W + i - 1;
+    for (; i < cx->Nb * (cx->Nr + 1); ++i) {
+	tmp = *pW++;
+	if (i % Nk == 0)
+	    tmp = SUBBYTE(ROTBYTE(tmp)) ^ Rcon[i / Nk - 1];
+	else if (i % Nk == 4)
+	    tmp = SUBBYTE(tmp);
+	*pW = W[i - Nk] ^ tmp;
+    }
+    return SECSuccess;
+}
+
+/* rijndael_key_expansion
+ *
+ * Generate the expanded key from the key input by the user.
+ */
+static SECStatus
+rijndael_key_expansion(AESContext *cx, const unsigned char *key, unsigned int Nk)
+{
+    unsigned int i;
+    PRUint32 *W;
+    PRUint32 *pW;
+    PRUint32 tmp;
+    unsigned int round_key_words = cx->Nb * (cx->Nr + 1);
+    if (Nk == 7)
+	return rijndael_key_expansion7(cx, key, Nk);
+    W = cx->expandedKey;
+    /* The first Nk words contain the input cipher key */
+    memcpy(W, key, Nk * 4);
+    i = Nk;
+    pW = W + i - 1;
+    /* Loop over all sets of Nk words, except the last */
+    while (i < round_key_words - Nk) {
+	tmp = *pW++;
+	tmp = SUBBYTE(ROTBYTE(tmp)) ^ Rcon[i / Nk - 1];
+	*pW = W[i++ - Nk] ^ tmp;
+	tmp = *pW++; *pW = W[i++ - Nk] ^ tmp;
+	tmp = *pW++; *pW = W[i++ - Nk] ^ tmp;
+	tmp = *pW++; *pW = W[i++ - Nk] ^ tmp;
+	if (Nk == 4)
+	    continue;
+	switch (Nk) {
+	case 8: tmp = *pW++; tmp = SUBBYTE(tmp); *pW = W[i++ - Nk] ^ tmp;
+	case 7: tmp = *pW++; *pW = W[i++ - Nk] ^ tmp;
+	case 6: tmp = *pW++; *pW = W[i++ - Nk] ^ tmp;
+	case 5: tmp = *pW++; *pW = W[i++ - Nk] ^ tmp;
+	}
+    }
+    /* Generate the last word */
+    tmp = *pW++;
+    tmp = SUBBYTE(ROTBYTE(tmp)) ^ Rcon[i / Nk - 1];
+    *pW = W[i++ - Nk] ^ tmp;
+    /* There may be overflow here, if Nk % (Nb * (Nr + 1)) > 0.  However,
+     * since the above loop generated all but the last Nk key words, there
+     * is no more need for the SubByte transformation.
+     */
+    if (Nk < 8) {
+	for (; i < round_key_words; ++i) {
+	    tmp = *pW++; 
+	    *pW = W[i - Nk] ^ tmp;
+	}
+    } else {
+	/* except in the case when Nk == 8.  Then one more SubByte may have
+	 * to be performed, at i % Nk == 4.
+	 */
+	for (; i < round_key_words; ++i) {
+	    tmp = *pW++;
+	    if (i % Nk == 4)
+		tmp = SUBBYTE(tmp);
+	    *pW = W[i - Nk] ^ tmp;
+	}
+    }
+    return SECSuccess;
+}
+
+/* rijndael_invkey_expansion
+ *
+ * Generate the expanded key for the inverse cipher from the key input by 
+ * the user.
+ */
+static SECStatus
+rijndael_invkey_expansion(AESContext *cx, const unsigned char *key, unsigned int Nk)
+{
+    unsigned int r;
+    PRUint32 *roundkeyw;
+    PRUint8 *b;
+    int Nb = cx->Nb;
+    /* begins like usual key expansion ... */
+    if (rijndael_key_expansion(cx, key, Nk) != SECSuccess)
+	return SECFailure;
+    /* ... but has the additional step of InvMixColumn,
+     * excepting the first and last round keys.
+     */
+    roundkeyw = cx->expandedKey + cx->Nb;
+    for (r=1; r<cx->Nr; ++r) {
+	/* each key word, roundkeyw, represents a column in the key
+	 * matrix.  Each column is multiplied by the InvMixColumn matrix.
+	 *   [ 0E 0B 0D 09 ]   [ b0 ]
+	 *   [ 09 0E 0B 0D ] * [ b1 ]
+	 *   [ 0D 09 0E 0B ]   [ b2 ]
+	 *   [ 0B 0D 09 0E ]   [ b3 ]
+	 */
+	b = (PRUint8 *)roundkeyw;
+	*roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^ IMXC2(b[2]) ^ IMXC3(b[3]);
+	b = (PRUint8 *)roundkeyw;
+	*roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^ IMXC2(b[2]) ^ IMXC3(b[3]);
+	b = (PRUint8 *)roundkeyw;
+	*roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^ IMXC2(b[2]) ^ IMXC3(b[3]);
+	b = (PRUint8 *)roundkeyw;
+	*roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^ IMXC2(b[2]) ^ IMXC3(b[3]);
+	if (Nb <= 4)
+	    continue;
+	switch (Nb) {
+	case 8: b = (PRUint8 *)roundkeyw;
+	        *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^ 
+	                       IMXC2(b[2]) ^ IMXC3(b[3]);
+	case 7: b = (PRUint8 *)roundkeyw;
+	        *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^ 
+	                       IMXC2(b[2]) ^ IMXC3(b[3]);
+	case 6: b = (PRUint8 *)roundkeyw;
+	        *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^ 
+	                       IMXC2(b[2]) ^ IMXC3(b[3]);
+	case 5: b = (PRUint8 *)roundkeyw;
+	        *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^ 
+	                       IMXC2(b[2]) ^ IMXC3(b[3]);
+	}
+    }
+    return SECSuccess;
+}
+/**************************************************************************
+ *
+ * Stuff related to Rijndael encryption/decryption, optimized for
+ * a 128-bit blocksize.
+ *
+ *************************************************************************/
+
+#ifdef IS_LITTLE_ENDIAN
+#define BYTE0WORD(w) ((w) & 0x000000ff)
+#define BYTE1WORD(w) ((w) & 0x0000ff00)
+#define BYTE2WORD(w) ((w) & 0x00ff0000)
+#define BYTE3WORD(w) ((w) & 0xff000000)
+#else
+#define BYTE0WORD(w) ((w) & 0xff000000)
+#define BYTE1WORD(w) ((w) & 0x00ff0000)
+#define BYTE2WORD(w) ((w) & 0x0000ff00)
+#define BYTE3WORD(w) ((w) & 0x000000ff)
+#endif
+
+typedef union {
+    PRUint32 w[4];
+    PRUint8  b[16];
+} rijndael_state;
+
+#define COLUMN_0(state) state.w[0]
+#define COLUMN_1(state) state.w[1]
+#define COLUMN_2(state) state.w[2]
+#define COLUMN_3(state) state.w[3]
+
+#define STATE_BYTE(i) state.b[i]
+
+static SECStatus 
+rijndael_encryptBlock128(AESContext *cx, 
+                         unsigned char *output,
+                         const unsigned char *input)
+{
+    unsigned int r;
+    PRUint32 *roundkeyw;
+    rijndael_state state;
+    PRUint32 C0, C1, C2, C3;
+#if defined(_X86_)
+#define pIn input
+#define pOut output
+#else
+    unsigned char *pIn, *pOut;
+    PRUint32 inBuf[4], outBuf[4];
+
+    if ((ptrdiff_t)input & 0x3) {
+	memcpy(inBuf, input, sizeof inBuf);
+	pIn = (unsigned char *)inBuf;
+    } else {
+	pIn = (unsigned char *)input;
+    }
+    if ((ptrdiff_t)output & 0x3) {
+	pOut = (unsigned char *)outBuf;
+    } else {
+	pOut = (unsigned char *)output;
+    }
+#endif
+    roundkeyw = cx->expandedKey;
+    /* Step 1: Add Round Key 0 to initial state */
+    COLUMN_0(state) = *((PRUint32 *)(pIn     )) ^ *roundkeyw++;
+    COLUMN_1(state) = *((PRUint32 *)(pIn + 4 )) ^ *roundkeyw++;
+    COLUMN_2(state) = *((PRUint32 *)(pIn + 8 )) ^ *roundkeyw++;
+    COLUMN_3(state) = *((PRUint32 *)(pIn + 12)) ^ *roundkeyw++;
+    /* Step 2: Loop over rounds [1..NR-1] */
+    for (r=1; r<cx->Nr; ++r) {
+        /* Do ShiftRow, ByteSub, and MixColumn all at once */
+	C0 = T0(STATE_BYTE(0))  ^
+	     T1(STATE_BYTE(5))  ^
+	     T2(STATE_BYTE(10)) ^
+	     T3(STATE_BYTE(15));
+	C1 = T0(STATE_BYTE(4))  ^
+	     T1(STATE_BYTE(9))  ^
+	     T2(STATE_BYTE(14)) ^
+	     T3(STATE_BYTE(3));
+	C2 = T0(STATE_BYTE(8))  ^
+	     T1(STATE_BYTE(13)) ^
+	     T2(STATE_BYTE(2))  ^
+	     T3(STATE_BYTE(7));
+	C3 = T0(STATE_BYTE(12)) ^
+	     T1(STATE_BYTE(1))  ^
+	     T2(STATE_BYTE(6))  ^
+	     T3(STATE_BYTE(11));
+	/* Round key addition */
+	COLUMN_0(state) = C0 ^ *roundkeyw++;
+	COLUMN_1(state) = C1 ^ *roundkeyw++;
+	COLUMN_2(state) = C2 ^ *roundkeyw++;
+	COLUMN_3(state) = C3 ^ *roundkeyw++;
+    }
+    /* Step 3: Do the last round */
+    /* Final round does not employ MixColumn */
+    C0 = ((BYTE0WORD(T2(STATE_BYTE(0))))   |
+          (BYTE1WORD(T3(STATE_BYTE(5))))   |
+          (BYTE2WORD(T0(STATE_BYTE(10))))  |
+          (BYTE3WORD(T1(STATE_BYTE(15)))))  ^
+          *roundkeyw++;
+    C1 = ((BYTE0WORD(T2(STATE_BYTE(4))))   |
+          (BYTE1WORD(T3(STATE_BYTE(9))))   |
+          (BYTE2WORD(T0(STATE_BYTE(14))))  |
+          (BYTE3WORD(T1(STATE_BYTE(3)))))   ^
+          *roundkeyw++;
+    C2 = ((BYTE0WORD(T2(STATE_BYTE(8))))   |
+          (BYTE1WORD(T3(STATE_BYTE(13))))  |
+          (BYTE2WORD(T0(STATE_BYTE(2))))   |
+          (BYTE3WORD(T1(STATE_BYTE(7)))))   ^
+          *roundkeyw++;
+    C3 = ((BYTE0WORD(T2(STATE_BYTE(12))))  |
+          (BYTE1WORD(T3(STATE_BYTE(1))))   |
+          (BYTE2WORD(T0(STATE_BYTE(6))))   |
+          (BYTE3WORD(T1(STATE_BYTE(11)))))  ^
+          *roundkeyw++;
+    *((PRUint32 *) pOut     )  = C0;
+    *((PRUint32 *)(pOut + 4))  = C1;
+    *((PRUint32 *)(pOut + 8))  = C2;
+    *((PRUint32 *)(pOut + 12)) = C3;
+#if defined(_X86_)
+#undef pIn
+#undef pOut
+#else
+    if ((ptrdiff_t)output & 0x3) {
+	memcpy(output, outBuf, sizeof outBuf);
+    }
+#endif
+    return SECSuccess;
+}
+
+static SECStatus 
+rijndael_decryptBlock128(AESContext *cx, 
+                         unsigned char *output,
+                         const unsigned char *input)
+{
+    int r;
+    PRUint32 *roundkeyw;
+    rijndael_state state;
+    PRUint32 C0, C1, C2, C3;
+#if defined(_X86_)
+#define pIn input
+#define pOut output
+#else
+    unsigned char *pIn, *pOut;
+    PRUint32 inBuf[4], outBuf[4];
+
+    if ((ptrdiff_t)input & 0x3) {
+	memcpy(inBuf, input, sizeof inBuf);
+	pIn = (unsigned char *)inBuf;
+    } else {
+	pIn = (unsigned char *)input;
+    }
+    if ((ptrdiff_t)output & 0x3) {
+	pOut = (unsigned char *)outBuf;
+    } else {
+	pOut = (unsigned char *)output;
+    }
+#endif
+    roundkeyw = cx->expandedKey + cx->Nb * cx->Nr + 3;
+    /* reverse the final key addition */
+    COLUMN_3(state) = *((PRUint32 *)(pIn + 12)) ^ *roundkeyw--;
+    COLUMN_2(state) = *((PRUint32 *)(pIn +  8)) ^ *roundkeyw--;
+    COLUMN_1(state) = *((PRUint32 *)(pIn +  4)) ^ *roundkeyw--;
+    COLUMN_0(state) = *((PRUint32 *)(pIn     )) ^ *roundkeyw--;
+    /* Loop over rounds in reverse [NR..1] */
+    for (r=cx->Nr; r>1; --r) {
+	/* Invert the (InvByteSub*InvMixColumn)(InvShiftRow(state)) */
+	C0 = TInv0(STATE_BYTE(0))  ^
+	     TInv1(STATE_BYTE(13)) ^
+	     TInv2(STATE_BYTE(10)) ^
+	     TInv3(STATE_BYTE(7));
+	C1 = TInv0(STATE_BYTE(4))  ^
+	     TInv1(STATE_BYTE(1))  ^
+	     TInv2(STATE_BYTE(14)) ^
+	     TInv3(STATE_BYTE(11));
+	C2 = TInv0(STATE_BYTE(8))  ^
+	     TInv1(STATE_BYTE(5))  ^
+	     TInv2(STATE_BYTE(2))  ^
+	     TInv3(STATE_BYTE(15));
+	C3 = TInv0(STATE_BYTE(12)) ^
+	     TInv1(STATE_BYTE(9))  ^
+	     TInv2(STATE_BYTE(6))  ^
+	     TInv3(STATE_BYTE(3));
+	/* Invert the key addition step */
+	COLUMN_3(state) = C3 ^ *roundkeyw--;
+	COLUMN_2(state) = C2 ^ *roundkeyw--;
+	COLUMN_1(state) = C1 ^ *roundkeyw--;
+	COLUMN_0(state) = C0 ^ *roundkeyw--;
+    }
+    /* inverse sub */
+    pOut[ 0] = SINV(STATE_BYTE( 0));
+    pOut[ 1] = SINV(STATE_BYTE(13));
+    pOut[ 2] = SINV(STATE_BYTE(10));
+    pOut[ 3] = SINV(STATE_BYTE( 7));
+    pOut[ 4] = SINV(STATE_BYTE( 4));
+    pOut[ 5] = SINV(STATE_BYTE( 1));
+    pOut[ 6] = SINV(STATE_BYTE(14));
+    pOut[ 7] = SINV(STATE_BYTE(11));
+    pOut[ 8] = SINV(STATE_BYTE( 8));
+    pOut[ 9] = SINV(STATE_BYTE( 5));
+    pOut[10] = SINV(STATE_BYTE( 2));
+    pOut[11] = SINV(STATE_BYTE(15));
+    pOut[12] = SINV(STATE_BYTE(12));
+    pOut[13] = SINV(STATE_BYTE( 9));
+    pOut[14] = SINV(STATE_BYTE( 6));
+    pOut[15] = SINV(STATE_BYTE( 3));
+    /* final key addition */
+    *((PRUint32 *)(pOut + 12)) ^= *roundkeyw--;
+    *((PRUint32 *)(pOut +  8)) ^= *roundkeyw--;
+    *((PRUint32 *)(pOut +  4)) ^= *roundkeyw--;
+    *((PRUint32 *) pOut      ) ^= *roundkeyw--;
+#if defined(_X86_)
+#undef pIn
+#undef pOut
+#else
+    if ((ptrdiff_t)output & 0x3) {
+	memcpy(output, outBuf, sizeof outBuf);
+    }
+#endif
+    return SECSuccess;
+}
+
+/**************************************************************************
+ *
+ * Stuff related to general Rijndael encryption/decryption, for blocksizes
+ * greater than 128 bits.
+ *
+ * XXX This code is currently untested!  So far, AES specs have only been
+ *     released for 128 bit blocksizes.  This will be tested, but for now
+ *     only the code above has been tested using known values.
+ *
+ *************************************************************************/
+
+#define COLUMN(array, j) *((PRUint32 *)(array + j))
+
+SECStatus 
+rijndael_encryptBlock(AESContext *cx, 
+                      unsigned char *output,
+                      const unsigned char *input)
+{
+    return SECFailure;
+#ifdef rijndael_large_blocks_fixed
+    unsigned int j, r, Nb;
+    unsigned int c2=0, c3=0;
+    PRUint32 *roundkeyw;
+    PRUint8 clone[RIJNDAEL_MAX_STATE_SIZE];
+    Nb = cx->Nb;
+    roundkeyw = cx->expandedKey;
+    /* Step 1: Add Round Key 0 to initial state */
+    for (j=0; j<4*Nb; j+=4) {
+	COLUMN(clone, j) = COLUMN(input, j) ^ *roundkeyw++;
+    }
+    /* Step 2: Loop over rounds [1..NR-1] */
+    for (r=1; r<cx->Nr; ++r) {
+	for (j=0; j<Nb; ++j) {
+	    COLUMN(output, j) = T0(STATE_BYTE(4*  j          )) ^
+	                        T1(STATE_BYTE(4*((j+ 1)%Nb)+1)) ^
+	                        T2(STATE_BYTE(4*((j+c2)%Nb)+2)) ^
+	                        T3(STATE_BYTE(4*((j+c3)%Nb)+3));
+	}
+	for (j=0; j<4*Nb; j+=4) {
+	    COLUMN(clone, j) = COLUMN(output, j) ^ *roundkeyw++;
+	}
+    }
+    /* Step 3: Do the last round */
+    /* Final round does not employ MixColumn */
+    for (j=0; j<Nb; ++j) {
+	COLUMN(output, j) = ((BYTE0WORD(T2(STATE_BYTE(4* j         ))))  |
+                             (BYTE1WORD(T3(STATE_BYTE(4*(j+ 1)%Nb)+1)))  |
+                             (BYTE2WORD(T0(STATE_BYTE(4*(j+c2)%Nb)+2)))  |
+                             (BYTE3WORD(T1(STATE_BYTE(4*(j+c3)%Nb)+3)))) ^
+	                     *roundkeyw++;
+    }
+    return SECSuccess;
+#endif
+}
+
+SECStatus 
+rijndael_decryptBlock(AESContext *cx, 
+                      unsigned char *output,
+                      const unsigned char *input)
+{
+    return SECFailure;
+#ifdef rijndael_large_blocks_fixed
+    int j, r, Nb;
+    int c2=0, c3=0;
+    PRUint32 *roundkeyw;
+    PRUint8 clone[RIJNDAEL_MAX_STATE_SIZE];
+    Nb = cx->Nb;
+    roundkeyw = cx->expandedKey + cx->Nb * cx->Nr + 3;
+    /* reverse key addition */
+    for (j=4*Nb; j>=0; j-=4) {
+	COLUMN(clone, j) = COLUMN(input, j) ^ *roundkeyw--;
+    }
+    /* Loop over rounds in reverse [NR..1] */
+    for (r=cx->Nr; r>1; --r) {
+	/* Invert the (InvByteSub*InvMixColumn)(InvShiftRow(state)) */
+	for (j=0; j<Nb; ++j) {
+	    COLUMN(output, 4*j) = TInv0(STATE_BYTE(4* j            )) ^
+	                          TInv1(STATE_BYTE(4*(j+Nb- 1)%Nb)+1) ^
+	                          TInv2(STATE_BYTE(4*(j+Nb-c2)%Nb)+2) ^
+	                          TInv3(STATE_BYTE(4*(j+Nb-c3)%Nb)+3);
+	}
+	/* Invert the key addition step */
+	for (j=4*Nb; j>=0; j-=4) {
+	    COLUMN(clone, j) = COLUMN(output, j) ^ *roundkeyw--;
+	}
+    }
+    /* inverse sub */
+    for (j=0; j<4*Nb; ++j) {
+	output[j] = SINV(clone[j]);
+    }
+    /* final key addition */
+    for (j=4*Nb; j>=0; j-=4) {
+	COLUMN(output, j) ^= *roundkeyw--;
+    }
+    return SECSuccess;
+#endif
+}
+
+/**************************************************************************
+ *
+ *  Rijndael modes of operation (ECB and CBC)
+ *
+ *************************************************************************/
+
+static SECStatus 
+rijndael_encryptECB(AESContext *cx, unsigned char *output,
+                    unsigned int *outputLen, unsigned int maxOutputLen,
+                    const unsigned char *input, unsigned int inputLen, 
+                    unsigned int blocksize)
+{
+    SECStatus rv;
+    AESBlockFunc *encryptor;
+    encryptor = (blocksize == RIJNDAEL_MIN_BLOCKSIZE) 
+				  ? &rijndael_encryptBlock128 
+				  : &rijndael_encryptBlock;
+    while (inputLen > 0) {
+        rv = (*encryptor)(cx, output, input);
+	if (rv != SECSuccess)
+	    return rv;
+	output += blocksize;
+	input += blocksize;
+	inputLen -= blocksize;
+    }
+    return SECSuccess;
+}
+
+static SECStatus 
+rijndael_encryptCBC(AESContext *cx, unsigned char *output,
+                    unsigned int *outputLen, unsigned int maxOutputLen,
+                    const unsigned char *input, unsigned int inputLen, 
+                    unsigned int blocksize)
+{
+    unsigned int j;
+    SECStatus rv;
+    AESBlockFunc *encryptor;
+    unsigned char *lastblock;
+    unsigned char inblock[RIJNDAEL_MAX_STATE_SIZE * 8];
+
+    if (!inputLen)
+	return SECSuccess;
+    lastblock = cx->iv;
+    encryptor = (blocksize == RIJNDAEL_MIN_BLOCKSIZE) 
+				  ? &rijndael_encryptBlock128 
+				  : &rijndael_encryptBlock;
+    while (inputLen > 0) {
+	/* XOR with the last block (IV if first block) */
+	for (j=0; j<blocksize; ++j)
+	    inblock[j] = input[j] ^ lastblock[j];
+	/* encrypt */
+        rv = (*encryptor)(cx, output, inblock);
+	if (rv != SECSuccess)
+	    return rv;
+	/* move to the next block */
+	lastblock = output;
+	output += blocksize;
+	input += blocksize;
+	inputLen -= blocksize;
+    }
+    memcpy(cx->iv, lastblock, blocksize);
+    return SECSuccess;
+}
+
+static SECStatus 
+rijndael_decryptECB(AESContext *cx, unsigned char *output,
+                    unsigned int *outputLen, unsigned int maxOutputLen,
+                    const unsigned char *input, unsigned int inputLen, 
+                    unsigned int blocksize)
+{
+    SECStatus rv;
+    AESBlockFunc *decryptor;
+    decryptor = (blocksize == RIJNDAEL_MIN_BLOCKSIZE) 
+				  ? &rijndael_decryptBlock128 
+				  : &rijndael_decryptBlock;
+    while (inputLen > 0) {
+        rv = (*decryptor)(cx, output, input);
+	if (rv != SECSuccess)
+	    return rv;
+	output += blocksize;
+	input += blocksize;
+	inputLen -= blocksize;
+    }
+    return SECSuccess;
+}
+
+static SECStatus 
+rijndael_decryptCBC(AESContext *cx, unsigned char *output,
+                    unsigned int *outputLen, unsigned int maxOutputLen,
+                    const unsigned char *input, unsigned int inputLen, 
+                    unsigned int blocksize)
+{
+    SECStatus rv;
+    AESBlockFunc *decryptor;
+    const unsigned char *in;
+    unsigned char *out;
+    unsigned int j;
+    unsigned char newIV[RIJNDAEL_MAX_BLOCKSIZE];
+
+    if (!inputLen) 
+	return SECSuccess;
+    PORT_Assert(output - input >= 0 || input - output >= (int)inputLen );
+    decryptor = (blocksize == RIJNDAEL_MIN_BLOCKSIZE) 
+                                  ? &rijndael_decryptBlock128 
+				  : &rijndael_decryptBlock;
+    in  = input  + (inputLen - blocksize);
+    memcpy(newIV, in, blocksize);
+    out = output + (inputLen - blocksize);
+    while (inputLen > blocksize) {
+        rv = (*decryptor)(cx, out, in);
+	if (rv != SECSuccess)
+	    return rv;
+	for (j=0; j<blocksize; ++j)
+	    out[j] ^= in[(int)(j - blocksize)];
+	out -= blocksize;
+	in -= blocksize;
+	inputLen -= blocksize;
+    }
+    if (in == input) {
+        rv = (*decryptor)(cx, out, in);
+	if (rv != SECSuccess)
+	    return rv;
+	for (j=0; j<blocksize; ++j)
+	    out[j] ^= cx->iv[j];
+    }
+    memcpy(cx->iv, newIV, blocksize);
+    return SECSuccess;
+}
+
+/************************************************************************
+ *
+ * BLAPI Interface functions
+ *
+ * The following functions implement the encryption routines defined in
+ * BLAPI for the AES cipher, Rijndael.
+ *
+ ***********************************************************************/
+
+AESContext * AES_AllocateContext(void)
+{
+    return PORT_ZNew(AESContext);
+}
+
+SECStatus   
+AES_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize, 
+	        const unsigned char *iv, int mode, unsigned int encrypt,
+	        unsigned int blocksize)
+{
+    unsigned int Nk;
+    /* According to Rijndael AES Proposal, section 12.1, block and key
+     * lengths between 128 and 256 bits are supported, as long as the
+     * length in bytes is divisible by 4.
+     */
+    if (key == NULL || 
+        keysize < RIJNDAEL_MIN_BLOCKSIZE   || 
+	keysize > RIJNDAEL_MAX_BLOCKSIZE   || 
+	keysize % 4 != 0 ||
+        blocksize < RIJNDAEL_MIN_BLOCKSIZE || 
+	blocksize > RIJNDAEL_MAX_BLOCKSIZE || 
+	blocksize % 4 != 0) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+    if (mode != NSS_AES && mode != NSS_AES_CBC) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+    if (mode == NSS_AES_CBC && iv == NULL) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+    if (!cx) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+    	return SECFailure;
+    }
+    /* Nb = (block size in bits) / 32 */
+    cx->Nb = blocksize / 4;
+    /* Nk = (key size in bits) / 32 */
+    Nk = keysize / 4;
+    /* Obtain number of rounds from "table" */
+    cx->Nr = RIJNDAEL_NUM_ROUNDS(Nk, cx->Nb);
+    /* copy in the iv, if neccessary */
+    if (mode == NSS_AES_CBC) {
+	memcpy(cx->iv, iv, blocksize);
+	cx->worker = (encrypt) ? &rijndael_encryptCBC : &rijndael_decryptCBC;
+    } else {
+	cx->worker = (encrypt) ? &rijndael_encryptECB : &rijndael_decryptECB;
+    }
+    PORT_Assert((cx->Nb * (cx->Nr + 1)) <= RIJNDAEL_MAX_EXP_KEY_SIZE);
+    if ((cx->Nb * (cx->Nr + 1)) > RIJNDAEL_MAX_EXP_KEY_SIZE) {
+	PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+	goto cleanup;
+    }
+    /* Generate expanded key */
+    if (encrypt) {
+	if (rijndael_key_expansion(cx, key, Nk) != SECSuccess)
+	    goto cleanup;
+    } else {
+	if (rijndael_invkey_expansion(cx, key, Nk) != SECSuccess)
+	    goto cleanup;
+    }
+    return SECSuccess;
+cleanup:
+    return SECFailure;
+}
+
+
+/* AES_CreateContext
+ *
+ * create a new context for Rijndael operations
+ */
+AESContext *
+AES_CreateContext(const unsigned char *key, const unsigned char *iv, 
+                  int mode, int encrypt,
+                  unsigned int keysize, unsigned int blocksize)
+{
+    AESContext *cx = AES_AllocateContext();
+    if (cx) {
+	SECStatus rv = AES_InitContext(cx, key, keysize, iv, mode, encrypt,
+				       blocksize);
+	if (rv != SECSuccess) {
+	    AES_DestroyContext(cx, PR_TRUE);
+	    cx = NULL;
+	}
+    }
+    return cx;
+}
+
+/*
+ * AES_DestroyContext
+ * 
+ * Zero an AES cipher context.  If freeit is true, also free the pointer
+ * to the context.
+ */
+void 
+AES_DestroyContext(AESContext *cx, PRBool freeit)
+{
+/*  memset(cx, 0, sizeof *cx); */
+    if (freeit)
+	PORT_Free(cx);
+}
+
+/*
+ * AES_Encrypt
+ *
+ * Encrypt an arbitrary-length buffer.  The output buffer must already be
+ * allocated to at least inputLen.
+ */
+SECStatus 
+AES_Encrypt(AESContext *cx, unsigned char *output,
+            unsigned int *outputLen, unsigned int maxOutputLen,
+            const unsigned char *input, unsigned int inputLen)
+{
+    int blocksize;
+    /* Check args */
+    if (cx == NULL || output == NULL || input == NULL) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+    blocksize = 4 * cx->Nb;
+    if (inputLen % blocksize != 0) {
+	PORT_SetError(SEC_ERROR_INPUT_LEN);
+	return SECFailure;
+    }
+    if (maxOutputLen < inputLen) {
+	PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+	return SECFailure;
+    }
+    *outputLen = inputLen;
+#if defined(RIJNDAEL_GENERATE_TABLES) ||  \
+    defined(RIJNDAEL_GENERATE_TABLES_MACRO)
+    if (rijndaelTables == NULL) {
+	if (PR_CallOnce(&coRTInit, init_rijndael_tables) 
+	      != PR_SUCCESS) {
+	    return PR_FAILURE;
+	}
+    }
+#endif
+    return (*cx->worker)(cx, output, outputLen, maxOutputLen,	
+                             input, inputLen, blocksize);
+}
+
+/*
+ * AES_Decrypt
+ *
+ * Decrypt and arbitrary-length buffer.  The output buffer must already be
+ * allocated to at least inputLen.
+ */
+SECStatus 
+AES_Decrypt(AESContext *cx, unsigned char *output,
+            unsigned int *outputLen, unsigned int maxOutputLen,
+            const unsigned char *input, unsigned int inputLen)
+{
+    int blocksize;
+    /* Check args */
+    if (cx == NULL || output == NULL || input == NULL) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+    blocksize = 4 * cx->Nb;
+    if (inputLen % blocksize != 0) {
+	PORT_SetError(SEC_ERROR_INPUT_LEN);
+	return SECFailure;
+    }
+    if (maxOutputLen < inputLen) {
+	PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+	return SECFailure;
+    }
+    *outputLen = inputLen;
+#if defined(RIJNDAEL_GENERATE_TABLES) ||  \
+    defined(RIJNDAEL_GENERATE_TABLES_MACRO)
+    if (rijndaelTables == NULL) {
+	if (PR_CallOnce(&coRTInit, init_rijndael_tables) 
+	      != PR_SUCCESS) {
+	    return PR_FAILURE;
+	}
+    }
+#endif
+    return (*cx->worker)(cx, output, outputLen, maxOutputLen,	
+                             input, inputLen, blocksize);
+}
+
diff --git a/security/nss/lib/freebl/rijndael.h b/security/nss/lib/freebl/rijndael.h
new file mode 100644
index 000000000..4ace67528
--- /dev/null
+++ b/security/nss/lib/freebl/rijndael.h
@@ -0,0 +1,95 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#ifndef _RIJNDAEL_H_
+#define _RIJNDAEL_H_ 1
+
+#define RIJNDAEL_MIN_BLOCKSIZE 16 /* bytes */
+#define RIJNDAEL_MAX_BLOCKSIZE 32 /* bytes */
+
+typedef SECStatus AESFunc(AESContext *cx, unsigned char *output,
+                          unsigned int *outputLen, unsigned int maxOutputLen,
+                          const unsigned char *input, unsigned int inputLen, 
+                          unsigned int blocksize);
+
+typedef SECStatus AESBlockFunc(AESContext *cx, 
+                               unsigned char *output,
+                               const unsigned char *input);
+
+/* RIJNDAEL_NUM_ROUNDS
+ *
+ * Number of rounds per execution
+ * Nk - number of key bytes
+ * Nb - blocksize (in bytes)
+ */
+#define RIJNDAEL_NUM_ROUNDS(Nk, Nb) \
+    (PR_MAX(Nk, Nb) + 6)
+
+/* RIJNDAEL_MAX_STATE_SIZE 
+ *
+ * Maximum number of bytes in the state (spec includes up to 256-bit block
+ * size)
+ */
+#define RIJNDAEL_MAX_STATE_SIZE 32
+
+/*
+ * This magic number is (Nb_max * (Nr_max + 1))
+ * where Nb_max is the maximum block size in 32-bit words,
+ *       Nr_max is the maximum number of rounds, which is Nb_max + 6
+ */
+#define RIJNDAEL_MAX_EXP_KEY_SIZE (8 * 15)
+
+/* AESContextStr
+ *
+ * Values which maintain the state for Rijndael encryption/decryption.
+ *
+ * iv          - initialization vector for CBC mode
+ * Nb          - the number of bytes in a block, specified by user
+ * Nr          - the number of rounds, specified by a table
+ * expandedKey - the round keys in 4-byte words, the length is Nr * Nb
+ * worker      - the encryption/decryption function to use with this context
+ */
+struct AESContextStr
+{
+    unsigned int   Nb;
+    unsigned int   Nr;
+    AESFunc       *worker;
+    unsigned char iv[RIJNDAEL_MAX_BLOCKSIZE];
+    PRUint32      expandedKey[RIJNDAEL_MAX_EXP_KEY_SIZE];
+};
+
+#endif /* _RIJNDAEL_H_ */
diff --git a/security/nss/lib/freebl/rijndael32.tab b/security/nss/lib/freebl/rijndael32.tab
new file mode 100644
index 000000000..6b78e2e8b
--- /dev/null
+++ b/security/nss/lib/freebl/rijndael32.tab
@@ -0,0 +1,1215 @@
+#ifndef RIJNDAEL_INCLUDE_TABLES
+static const PRUint8 _S[256] = 
+{
+ 99, 124, 119, 123, 242, 107, 111, 197,  48,   1, 103,  43, 254, 215, 171, 118,
+202, 130, 201, 125, 250,  89,  71, 240, 173, 212, 162, 175, 156, 164, 114, 192,
+183, 253, 147,  38,  54,  63, 247, 204,  52, 165, 229, 241, 113, 216,  49,  21,
+  4, 199,  35, 195,  24, 150,   5, 154,   7,  18, 128, 226, 235,  39, 178, 117,
+  9, 131,  44,  26,  27, 110,  90, 160,  82,  59, 214, 179,  41, 227,  47, 132,
+ 83, 209,   0, 237,  32, 252, 177,  91, 106, 203, 190,  57,  74,  76,  88, 207,
+208, 239, 170, 251,  67,  77,  51, 133,  69, 249,   2, 127,  80,  60, 159, 168,
+ 81, 163,  64, 143, 146, 157,  56, 245, 188, 182, 218,  33,  16, 255, 243, 210,
+205,  12,  19, 236,  95, 151,  68,  23, 196, 167, 126,  61, 100,  93,  25, 115,
+ 96, 129,  79, 220,  34,  42, 144, 136,  70, 238, 184,  20, 222,  94,  11, 219,
+224,  50,  58,  10,  73,   6,  36,  92, 194, 211, 172,  98, 145, 149, 228, 121,
+231, 200,  55, 109, 141, 213,  78, 169, 108,  86, 244, 234, 101, 122, 174,   8,
+186, 120,  37,  46,  28, 166, 180, 198, 232, 221, 116,  31,  75, 189, 139, 138,
+112,  62, 181, 102,  72,   3, 246,  14,  97,  53,  87, 185, 134, 193,  29, 158,
+225, 248, 152,  17, 105, 217, 142, 148, 155,  30, 135, 233, 206,  85,  40, 223,
+140, 161, 137,  13, 191, 230,  66, 104,  65, 153,  45,  15, 176,  84, 187,  22 
+};
+#endif /* not RIJNDAEL_INCLUDE_TABLES */
+
+static const PRUint8 _SInv[256] = 
+{
+ 82,   9, 106, 213,  48,  54, 165,  56, 191,  64, 163, 158, 129, 243, 215, 251,
+124, 227,  57, 130, 155,  47, 255, 135,  52, 142,  67,  68, 196, 222, 233, 203,
+ 84, 123, 148,  50, 166, 194,  35,  61, 238,  76, 149,  11,  66, 250, 195,  78,
+  8,  46, 161, 102,  40, 217,  36, 178, 118,  91, 162,  73, 109, 139, 209,  37,
+114, 248, 246, 100, 134, 104, 152,  22, 212, 164,  92, 204,  93, 101, 182, 146,
+108, 112,  72,  80, 253, 237, 185, 218,  94,  21,  70,  87, 167, 141, 157, 132,
+144, 216, 171,   0, 140, 188, 211,  10, 247, 228,  88,   5, 184, 179,  69,   6,
+208,  44,  30, 143, 202,  63,  15,   2, 193, 175, 189,   3,   1,  19, 138, 107,
+ 58, 145,  17,  65,  79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115,
+150, 172, 116,  34, 231, 173,  53, 133, 226, 249,  55, 232,  28, 117, 223, 110,
+ 71, 241,  26, 113,  29,  41, 197, 137, 111, 183,  98,  14, 170,  24, 190,  27,
+252,  86,  62,  75, 198, 210, 121,  32, 154, 219, 192, 254, 120, 205,  90, 244,
+ 31, 221, 168,  51, 136,   7, 199,  49, 177,  18,  16,  89,  39, 128, 236,  95,
+ 96,  81, 127, 169,  25, 181,  74,  13,  45, 229, 122, 159, 147, 201, 156, 239,
+160, 224,  59,  77, 174,  42, 245, 176, 200, 235, 187,  60, 131,  83, 153,  97,
+ 23,  43,   4, 126, 186, 119, 214,  38, 225, 105,  20,  99,  85,  33,  12, 125 
+};
+
+#ifdef RIJNDAEL_INCLUDE_TABLES
+#ifdef IS_LITTLE_ENDIAN
+static const PRUint32 _T0[256] = 
+{
+0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6, 0x0df2f2ff, 0xbd6b6bd6,
+0xb16f6fde, 0x54c5c591, 0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56,
+0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec, 0x45caca8f, 0x9d82821f,
+0x40c9c989, 0x877d7dfa, 0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb,
+0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45, 0xbf9c9c23, 0xf7a4a453,
+0x967272e4, 0x5bc0c09b, 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c,
+0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83, 0x5c343468, 0xf4a5a551,
+0x34e5e5d1, 0x08f1f1f9, 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a,
+0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d, 0x28181830, 0xa1969637,
+0x0f05050a, 0xb59a9a2f, 0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df,
+0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea, 0x1b090912, 0x9e83831d,
+0x742c2c58, 0x2e1a1a34, 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b,
+0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d, 0x7b292952, 0x3ee3e3dd,
+0x712f2f5e, 0x97848413, 0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1,
+0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6, 0xbe6a6ad4, 0x46cbcb8d,
+0xd9bebe67, 0x4b393972, 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85,
+0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed, 0xc5434386, 0xd74d4d9a,
+0x55333366, 0x94858511, 0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe,
+0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b, 0xf35151a2, 0xfea3a35d,
+0xc0404080, 0x8a8f8f05, 0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1,
+0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142, 0x30101020, 0x1affffe5,
+0x0ef3f3fd, 0x6dd2d2bf, 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3,
+0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e, 0x57c4c493, 0xf2a7a755,
+0x827e7efc, 0x473d3d7a, 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6,
+0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3, 0x66222244, 0x7e2a2a54,
+0xab90903b, 0x8388880b, 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428,
+0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad, 0x3be0e0db, 0x56323264,
+0x4e3a3a74, 0x1e0a0a14, 0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8,
+0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4, 0xa8919139, 0xa4959531,
+0x37e4e4d3, 0x8b7979f2, 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda,
+0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949, 0xb46c6cd8, 0xfa5656ac,
+0x07f4f4f3, 0x25eaeacf, 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810,
+0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c, 0x241c1c38, 0xf1a6a657,
+0xc7b4b473, 0x51c6c697, 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e,
+0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f, 0x907070e0, 0x423e3e7c,
+0xc4b5b571, 0xaa6666cc, 0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c,
+0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969, 0x91868617, 0x58c1c199,
+0x271d1d3a, 0xb99e9e27, 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122,
+0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433, 0xb69b9b2d, 0x221e1e3c,
+0x92878715, 0x20e9e9c9, 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5,
+0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a, 0xdabfbf65, 0x31e6e6d7,
+0xc6424284, 0xb86868d0, 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e,
+0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c  
+};
+#else
+static const PRUint32 _T0[256] = 
+{
+0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d, 0xfff2f20d, 0xd66b6bbd,
+0xde6f6fb1, 0x91c5c554, 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d,
+0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a, 0x8fcaca45, 0x1f82829d,
+0x89c9c940, 0xfa7d7d87, 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b,
+0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea, 0x239c9cbf, 0x53a4a4f7,
+0xe4727296, 0x9bc0c05b, 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a,
+0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f, 0x6834345c, 0x51a5a5f4,
+0xd1e5e534, 0xf9f1f108, 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f,
+0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e, 0x30181828, 0x379696a1,
+0x0a05050f, 0x2f9a9ab5, 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d,
+0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f, 0x1209091b, 0x1d83839e,
+0x582c2c74, 0x341a1a2e, 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb,
+0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce, 0x5229297b, 0xdde3e33e,
+0x5e2f2f71, 0x13848497, 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c,
+0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed, 0xd46a6abe, 0x8dcbcb46,
+0x67bebed9, 0x7239394b, 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a,
+0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16, 0x864343c5, 0x9a4d4dd7,
+0x66333355, 0x11858594, 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81,
+0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3, 0xa25151f3, 0x5da3a3fe,
+0x804040c0, 0x058f8f8a, 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504,
+0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163, 0x20101030, 0xe5ffff1a,
+0xfdf3f30e, 0xbfd2d26d, 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f,
+0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739, 0x93c4c457, 0x55a7a7f2,
+0xfc7e7e82, 0x7a3d3d47, 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395,
+0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f, 0x44222266, 0x542a2a7e,
+0x3b9090ab, 0x0b888883, 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c,
+0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76, 0xdbe0e03b, 0x64323256,
+0x743a3a4e, 0x140a0a1e, 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4,
+0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6, 0x399191a8, 0x319595a4,
+0xd3e4e437, 0xf279798b, 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7,
+0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0, 0xd86c6cb4, 0xac5656fa,
+0xf3f4f407, 0xcfeaea25, 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818,
+0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72, 0x381c1c24, 0x57a6a6f1,
+0x73b4b4c7, 0x97c6c651, 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21,
+0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85, 0xe0707090, 0x7c3e3e42,
+0x71b5b5c4, 0xcc6666aa, 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12,
+0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0, 0x17868691, 0x99c1c158,
+0x3a1d1d27, 0x279e9eb9, 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133,
+0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7, 0x2d9b9bb6, 0x3c1e1e22,
+0x15878792, 0xc9e9e920, 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a,
+0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17, 0x65bfbfda, 0xd7e6e631,
+0x844242c6, 0xd06868b8, 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11,
+0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a  
+};
+#endif
+
+#ifdef IS_LITTLE_ENDIAN
+static const PRUint32 _T1[256] = 
+{
+0x6363c6a5, 0x7c7cf884, 0x7777ee99, 0x7b7bf68d, 0xf2f2ff0d, 0x6b6bd6bd,
+0x6f6fdeb1, 0xc5c59154, 0x30306050, 0x01010203, 0x6767cea9, 0x2b2b567d,
+0xfefee719, 0xd7d7b562, 0xabab4de6, 0x7676ec9a, 0xcaca8f45, 0x82821f9d,
+0xc9c98940, 0x7d7dfa87, 0xfafaef15, 0x5959b2eb, 0x47478ec9, 0xf0f0fb0b,
+0xadad41ec, 0xd4d4b367, 0xa2a25ffd, 0xafaf45ea, 0x9c9c23bf, 0xa4a453f7,
+0x7272e496, 0xc0c09b5b, 0xb7b775c2, 0xfdfde11c, 0x93933dae, 0x26264c6a,
+0x36366c5a, 0x3f3f7e41, 0xf7f7f502, 0xcccc834f, 0x3434685c, 0xa5a551f4,
+0xe5e5d134, 0xf1f1f908, 0x7171e293, 0xd8d8ab73, 0x31316253, 0x15152a3f,
+0x0404080c, 0xc7c79552, 0x23234665, 0xc3c39d5e, 0x18183028, 0x969637a1,
+0x05050a0f, 0x9a9a2fb5, 0x07070e09, 0x12122436, 0x80801b9b, 0xe2e2df3d,
+0xebebcd26, 0x27274e69, 0xb2b27fcd, 0x7575ea9f, 0x0909121b, 0x83831d9e,
+0x2c2c5874, 0x1a1a342e, 0x1b1b362d, 0x6e6edcb2, 0x5a5ab4ee, 0xa0a05bfb,
+0x5252a4f6, 0x3b3b764d, 0xd6d6b761, 0xb3b37dce, 0x2929527b, 0xe3e3dd3e,
+0x2f2f5e71, 0x84841397, 0x5353a6f5, 0xd1d1b968, 0x00000000, 0xededc12c,
+0x20204060, 0xfcfce31f, 0xb1b179c8, 0x5b5bb6ed, 0x6a6ad4be, 0xcbcb8d46,
+0xbebe67d9, 0x3939724b, 0x4a4a94de, 0x4c4c98d4, 0x5858b0e8, 0xcfcf854a,
+0xd0d0bb6b, 0xefefc52a, 0xaaaa4fe5, 0xfbfbed16, 0x434386c5, 0x4d4d9ad7,
+0x33336655, 0x85851194, 0x45458acf, 0xf9f9e910, 0x02020406, 0x7f7ffe81,
+0x5050a0f0, 0x3c3c7844, 0x9f9f25ba, 0xa8a84be3, 0x5151a2f3, 0xa3a35dfe,
+0x404080c0, 0x8f8f058a, 0x92923fad, 0x9d9d21bc, 0x38387048, 0xf5f5f104,
+0xbcbc63df, 0xb6b677c1, 0xdadaaf75, 0x21214263, 0x10102030, 0xffffe51a,
+0xf3f3fd0e, 0xd2d2bf6d, 0xcdcd814c, 0x0c0c1814, 0x13132635, 0xececc32f,
+0x5f5fbee1, 0x979735a2, 0x444488cc, 0x17172e39, 0xc4c49357, 0xa7a755f2,
+0x7e7efc82, 0x3d3d7a47, 0x6464c8ac, 0x5d5dbae7, 0x1919322b, 0x7373e695,
+0x6060c0a0, 0x81811998, 0x4f4f9ed1, 0xdcdca37f, 0x22224466, 0x2a2a547e,
+0x90903bab, 0x88880b83, 0x46468cca, 0xeeeec729, 0xb8b86bd3, 0x1414283c,
+0xdedea779, 0x5e5ebce2, 0x0b0b161d, 0xdbdbad76, 0xe0e0db3b, 0x32326456,
+0x3a3a744e, 0x0a0a141e, 0x494992db, 0x06060c0a, 0x2424486c, 0x5c5cb8e4,
+0xc2c29f5d, 0xd3d3bd6e, 0xacac43ef, 0x6262c4a6, 0x919139a8, 0x959531a4,
+0xe4e4d337, 0x7979f28b, 0xe7e7d532, 0xc8c88b43, 0x37376e59, 0x6d6ddab7,
+0x8d8d018c, 0xd5d5b164, 0x4e4e9cd2, 0xa9a949e0, 0x6c6cd8b4, 0x5656acfa,
+0xf4f4f307, 0xeaeacf25, 0x6565caaf, 0x7a7af48e, 0xaeae47e9, 0x08081018,
+0xbaba6fd5, 0x7878f088, 0x25254a6f, 0x2e2e5c72, 0x1c1c3824, 0xa6a657f1,
+0xb4b473c7, 0xc6c69751, 0xe8e8cb23, 0xdddda17c, 0x7474e89c, 0x1f1f3e21,
+0x4b4b96dd, 0xbdbd61dc, 0x8b8b0d86, 0x8a8a0f85, 0x7070e090, 0x3e3e7c42,
+0xb5b571c4, 0x6666ccaa, 0x484890d8, 0x03030605, 0xf6f6f701, 0x0e0e1c12,
+0x6161c2a3, 0x35356a5f, 0x5757aef9, 0xb9b969d0, 0x86861791, 0xc1c19958,
+0x1d1d3a27, 0x9e9e27b9, 0xe1e1d938, 0xf8f8eb13, 0x98982bb3, 0x11112233,
+0x6969d2bb, 0xd9d9a970, 0x8e8e0789, 0x949433a7, 0x9b9b2db6, 0x1e1e3c22,
+0x87871592, 0xe9e9c920, 0xcece8749, 0x5555aaff, 0x28285078, 0xdfdfa57a,
+0x8c8c038f, 0xa1a159f8, 0x89890980, 0x0d0d1a17, 0xbfbf65da, 0xe6e6d731,
+0x424284c6, 0x6868d0b8, 0x414182c3, 0x999929b0, 0x2d2d5a77, 0x0f0f1e11,
+0xb0b07bcb, 0x5454a8fc, 0xbbbb6dd6, 0x16162c3a  
+};
+#else
+static const PRUint32 _T1[256] = 
+{
+0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b, 0x0dfff2f2, 0xbdd66b6b,
+0xb1de6f6f, 0x5491c5c5, 0x50603030, 0x03020101, 0xa9ce6767, 0x7d562b2b,
+0x19e7fefe, 0x62b5d7d7, 0xe64dabab, 0x9aec7676, 0x458fcaca, 0x9d1f8282,
+0x4089c9c9, 0x87fa7d7d, 0x15effafa, 0xebb25959, 0xc98e4747, 0x0bfbf0f0,
+0xec41adad, 0x67b3d4d4, 0xfd5fa2a2, 0xea45afaf, 0xbf239c9c, 0xf753a4a4,
+0x96e47272, 0x5b9bc0c0, 0xc275b7b7, 0x1ce1fdfd, 0xae3d9393, 0x6a4c2626,
+0x5a6c3636, 0x417e3f3f, 0x02f5f7f7, 0x4f83cccc, 0x5c683434, 0xf451a5a5,
+0x34d1e5e5, 0x08f9f1f1, 0x93e27171, 0x73abd8d8, 0x53623131, 0x3f2a1515,
+0x0c080404, 0x5295c7c7, 0x65462323, 0x5e9dc3c3, 0x28301818, 0xa1379696,
+0x0f0a0505, 0xb52f9a9a, 0x090e0707, 0x36241212, 0x9b1b8080, 0x3ddfe2e2,
+0x26cdebeb, 0x694e2727, 0xcd7fb2b2, 0x9fea7575, 0x1b120909, 0x9e1d8383,
+0x74582c2c, 0x2e341a1a, 0x2d361b1b, 0xb2dc6e6e, 0xeeb45a5a, 0xfb5ba0a0,
+0xf6a45252, 0x4d763b3b, 0x61b7d6d6, 0xce7db3b3, 0x7b522929, 0x3edde3e3,
+0x715e2f2f, 0x97138484, 0xf5a65353, 0x68b9d1d1, 0x00000000, 0x2cc1eded,
+0x60402020, 0x1fe3fcfc, 0xc879b1b1, 0xedb65b5b, 0xbed46a6a, 0x468dcbcb,
+0xd967bebe, 0x4b723939, 0xde944a4a, 0xd4984c4c, 0xe8b05858, 0x4a85cfcf,
+0x6bbbd0d0, 0x2ac5efef, 0xe54faaaa, 0x16edfbfb, 0xc5864343, 0xd79a4d4d,
+0x55663333, 0x94118585, 0xcf8a4545, 0x10e9f9f9, 0x06040202, 0x81fe7f7f,
+0xf0a05050, 0x44783c3c, 0xba259f9f, 0xe34ba8a8, 0xf3a25151, 0xfe5da3a3,
+0xc0804040, 0x8a058f8f, 0xad3f9292, 0xbc219d9d, 0x48703838, 0x04f1f5f5,
+0xdf63bcbc, 0xc177b6b6, 0x75afdada, 0x63422121, 0x30201010, 0x1ae5ffff,
+0x0efdf3f3, 0x6dbfd2d2, 0x4c81cdcd, 0x14180c0c, 0x35261313, 0x2fc3ecec,
+0xe1be5f5f, 0xa2359797, 0xcc884444, 0x392e1717, 0x5793c4c4, 0xf255a7a7,
+0x82fc7e7e, 0x477a3d3d, 0xacc86464, 0xe7ba5d5d, 0x2b321919, 0x95e67373,
+0xa0c06060, 0x98198181, 0xd19e4f4f, 0x7fa3dcdc, 0x66442222, 0x7e542a2a,
+0xab3b9090, 0x830b8888, 0xca8c4646, 0x29c7eeee, 0xd36bb8b8, 0x3c281414,
+0x79a7dede, 0xe2bc5e5e, 0x1d160b0b, 0x76addbdb, 0x3bdbe0e0, 0x56643232,
+0x4e743a3a, 0x1e140a0a, 0xdb924949, 0x0a0c0606, 0x6c482424, 0xe4b85c5c,
+0x5d9fc2c2, 0x6ebdd3d3, 0xef43acac, 0xa6c46262, 0xa8399191, 0xa4319595,
+0x37d3e4e4, 0x8bf27979, 0x32d5e7e7, 0x438bc8c8, 0x596e3737, 0xb7da6d6d,
+0x8c018d8d, 0x64b1d5d5, 0xd29c4e4e, 0xe049a9a9, 0xb4d86c6c, 0xfaac5656,
+0x07f3f4f4, 0x25cfeaea, 0xafca6565, 0x8ef47a7a, 0xe947aeae, 0x18100808,
+0xd56fbaba, 0x88f07878, 0x6f4a2525, 0x725c2e2e, 0x24381c1c, 0xf157a6a6,
+0xc773b4b4, 0x5197c6c6, 0x23cbe8e8, 0x7ca1dddd, 0x9ce87474, 0x213e1f1f,
+0xdd964b4b, 0xdc61bdbd, 0x860d8b8b, 0x850f8a8a, 0x90e07070, 0x427c3e3e,
+0xc471b5b5, 0xaacc6666, 0xd8904848, 0x05060303, 0x01f7f6f6, 0x121c0e0e,
+0xa3c26161, 0x5f6a3535, 0xf9ae5757, 0xd069b9b9, 0x91178686, 0x5899c1c1,
+0x273a1d1d, 0xb9279e9e, 0x38d9e1e1, 0x13ebf8f8, 0xb32b9898, 0x33221111,
+0xbbd26969, 0x70a9d9d9, 0x89078e8e, 0xa7339494, 0xb62d9b9b, 0x223c1e1e,
+0x92158787, 0x20c9e9e9, 0x4987cece, 0xffaa5555, 0x78502828, 0x7aa5dfdf,
+0x8f038c8c, 0xf859a1a1, 0x80098989, 0x171a0d0d, 0xda65bfbf, 0x31d7e6e6,
+0xc6844242, 0xb8d06868, 0xc3824141, 0xb0299999, 0x775a2d2d, 0x111e0f0f,
+0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616  
+};
+#endif
+
+#ifdef IS_LITTLE_ENDIAN
+static const PRUint32 _T2[256] = 
+{
+0x63c6a563, 0x7cf8847c, 0x77ee9977, 0x7bf68d7b, 0xf2ff0df2, 0x6bd6bd6b,
+0x6fdeb16f, 0xc59154c5, 0x30605030, 0x01020301, 0x67cea967, 0x2b567d2b,
+0xfee719fe, 0xd7b562d7, 0xab4de6ab, 0x76ec9a76, 0xca8f45ca, 0x821f9d82,
+0xc98940c9, 0x7dfa877d, 0xfaef15fa, 0x59b2eb59, 0x478ec947, 0xf0fb0bf0,
+0xad41ecad, 0xd4b367d4, 0xa25ffda2, 0xaf45eaaf, 0x9c23bf9c, 0xa453f7a4,
+0x72e49672, 0xc09b5bc0, 0xb775c2b7, 0xfde11cfd, 0x933dae93, 0x264c6a26,
+0x366c5a36, 0x3f7e413f, 0xf7f502f7, 0xcc834fcc, 0x34685c34, 0xa551f4a5,
+0xe5d134e5, 0xf1f908f1, 0x71e29371, 0xd8ab73d8, 0x31625331, 0x152a3f15,
+0x04080c04, 0xc79552c7, 0x23466523, 0xc39d5ec3, 0x18302818, 0x9637a196,
+0x050a0f05, 0x9a2fb59a, 0x070e0907, 0x12243612, 0x801b9b80, 0xe2df3de2,
+0xebcd26eb, 0x274e6927, 0xb27fcdb2, 0x75ea9f75, 0x09121b09, 0x831d9e83,
+0x2c58742c, 0x1a342e1a, 0x1b362d1b, 0x6edcb26e, 0x5ab4ee5a, 0xa05bfba0,
+0x52a4f652, 0x3b764d3b, 0xd6b761d6, 0xb37dceb3, 0x29527b29, 0xe3dd3ee3,
+0x2f5e712f, 0x84139784, 0x53a6f553, 0xd1b968d1, 0x00000000, 0xedc12ced,
+0x20406020, 0xfce31ffc, 0xb179c8b1, 0x5bb6ed5b, 0x6ad4be6a, 0xcb8d46cb,
+0xbe67d9be, 0x39724b39, 0x4a94de4a, 0x4c98d44c, 0x58b0e858, 0xcf854acf,
+0xd0bb6bd0, 0xefc52aef, 0xaa4fe5aa, 0xfbed16fb, 0x4386c543, 0x4d9ad74d,
+0x33665533, 0x85119485, 0x458acf45, 0xf9e910f9, 0x02040602, 0x7ffe817f,
+0x50a0f050, 0x3c78443c, 0x9f25ba9f, 0xa84be3a8, 0x51a2f351, 0xa35dfea3,
+0x4080c040, 0x8f058a8f, 0x923fad92, 0x9d21bc9d, 0x38704838, 0xf5f104f5,
+0xbc63dfbc, 0xb677c1b6, 0xdaaf75da, 0x21426321, 0x10203010, 0xffe51aff,
+0xf3fd0ef3, 0xd2bf6dd2, 0xcd814ccd, 0x0c18140c, 0x13263513, 0xecc32fec,
+0x5fbee15f, 0x9735a297, 0x4488cc44, 0x172e3917, 0xc49357c4, 0xa755f2a7,
+0x7efc827e, 0x3d7a473d, 0x64c8ac64, 0x5dbae75d, 0x19322b19, 0x73e69573,
+0x60c0a060, 0x81199881, 0x4f9ed14f, 0xdca37fdc, 0x22446622, 0x2a547e2a,
+0x903bab90, 0x880b8388, 0x468cca46, 0xeec729ee, 0xb86bd3b8, 0x14283c14,
+0xdea779de, 0x5ebce25e, 0x0b161d0b, 0xdbad76db, 0xe0db3be0, 0x32645632,
+0x3a744e3a, 0x0a141e0a, 0x4992db49, 0x060c0a06, 0x24486c24, 0x5cb8e45c,
+0xc29f5dc2, 0xd3bd6ed3, 0xac43efac, 0x62c4a662, 0x9139a891, 0x9531a495,
+0xe4d337e4, 0x79f28b79, 0xe7d532e7, 0xc88b43c8, 0x376e5937, 0x6ddab76d,
+0x8d018c8d, 0xd5b164d5, 0x4e9cd24e, 0xa949e0a9, 0x6cd8b46c, 0x56acfa56,
+0xf4f307f4, 0xeacf25ea, 0x65caaf65, 0x7af48e7a, 0xae47e9ae, 0x08101808,
+0xba6fd5ba, 0x78f08878, 0x254a6f25, 0x2e5c722e, 0x1c38241c, 0xa657f1a6,
+0xb473c7b4, 0xc69751c6, 0xe8cb23e8, 0xdda17cdd, 0x74e89c74, 0x1f3e211f,
+0x4b96dd4b, 0xbd61dcbd, 0x8b0d868b, 0x8a0f858a, 0x70e09070, 0x3e7c423e,
+0xb571c4b5, 0x66ccaa66, 0x4890d848, 0x03060503, 0xf6f701f6, 0x0e1c120e,
+0x61c2a361, 0x356a5f35, 0x57aef957, 0xb969d0b9, 0x86179186, 0xc19958c1,
+0x1d3a271d, 0x9e27b99e, 0xe1d938e1, 0xf8eb13f8, 0x982bb398, 0x11223311,
+0x69d2bb69, 0xd9a970d9, 0x8e07898e, 0x9433a794, 0x9b2db69b, 0x1e3c221e,
+0x87159287, 0xe9c920e9, 0xce8749ce, 0x55aaff55, 0x28507828, 0xdfa57adf,
+0x8c038f8c, 0xa159f8a1, 0x89098089, 0x0d1a170d, 0xbf65dabf, 0xe6d731e6,
+0x4284c642, 0x68d0b868, 0x4182c341, 0x9929b099, 0x2d5a772d, 0x0f1e110f,
+0xb07bcbb0, 0x54a8fc54, 0xbb6dd6bb, 0x162c3a16  
+};
+#else
+static const PRUint32 _T2[256] = 
+{
+0x63a5c663, 0x7c84f87c, 0x7799ee77, 0x7b8df67b, 0xf20dfff2, 0x6bbdd66b,
+0x6fb1de6f, 0xc55491c5, 0x30506030, 0x01030201, 0x67a9ce67, 0x2b7d562b,
+0xfe19e7fe, 0xd762b5d7, 0xabe64dab, 0x769aec76, 0xca458fca, 0x829d1f82,
+0xc94089c9, 0x7d87fa7d, 0xfa15effa, 0x59ebb259, 0x47c98e47, 0xf00bfbf0,
+0xadec41ad, 0xd467b3d4, 0xa2fd5fa2, 0xafea45af, 0x9cbf239c, 0xa4f753a4,
+0x7296e472, 0xc05b9bc0, 0xb7c275b7, 0xfd1ce1fd, 0x93ae3d93, 0x266a4c26,
+0x365a6c36, 0x3f417e3f, 0xf702f5f7, 0xcc4f83cc, 0x345c6834, 0xa5f451a5,
+0xe534d1e5, 0xf108f9f1, 0x7193e271, 0xd873abd8, 0x31536231, 0x153f2a15,
+0x040c0804, 0xc75295c7, 0x23654623, 0xc35e9dc3, 0x18283018, 0x96a13796,
+0x050f0a05, 0x9ab52f9a, 0x07090e07, 0x12362412, 0x809b1b80, 0xe23ddfe2,
+0xeb26cdeb, 0x27694e27, 0xb2cd7fb2, 0x759fea75, 0x091b1209, 0x839e1d83,
+0x2c74582c, 0x1a2e341a, 0x1b2d361b, 0x6eb2dc6e, 0x5aeeb45a, 0xa0fb5ba0,
+0x52f6a452, 0x3b4d763b, 0xd661b7d6, 0xb3ce7db3, 0x297b5229, 0xe33edde3,
+0x2f715e2f, 0x84971384, 0x53f5a653, 0xd168b9d1, 0x00000000, 0xed2cc1ed,
+0x20604020, 0xfc1fe3fc, 0xb1c879b1, 0x5bedb65b, 0x6abed46a, 0xcb468dcb,
+0xbed967be, 0x394b7239, 0x4ade944a, 0x4cd4984c, 0x58e8b058, 0xcf4a85cf,
+0xd06bbbd0, 0xef2ac5ef, 0xaae54faa, 0xfb16edfb, 0x43c58643, 0x4dd79a4d,
+0x33556633, 0x85941185, 0x45cf8a45, 0xf910e9f9, 0x02060402, 0x7f81fe7f,
+0x50f0a050, 0x3c44783c, 0x9fba259f, 0xa8e34ba8, 0x51f3a251, 0xa3fe5da3,
+0x40c08040, 0x8f8a058f, 0x92ad3f92, 0x9dbc219d, 0x38487038, 0xf504f1f5,
+0xbcdf63bc, 0xb6c177b6, 0xda75afda, 0x21634221, 0x10302010, 0xff1ae5ff,
+0xf30efdf3, 0xd26dbfd2, 0xcd4c81cd, 0x0c14180c, 0x13352613, 0xec2fc3ec,
+0x5fe1be5f, 0x97a23597, 0x44cc8844, 0x17392e17, 0xc45793c4, 0xa7f255a7,
+0x7e82fc7e, 0x3d477a3d, 0x64acc864, 0x5de7ba5d, 0x192b3219, 0x7395e673,
+0x60a0c060, 0x81981981, 0x4fd19e4f, 0xdc7fa3dc, 0x22664422, 0x2a7e542a,
+0x90ab3b90, 0x88830b88, 0x46ca8c46, 0xee29c7ee, 0xb8d36bb8, 0x143c2814,
+0xde79a7de, 0x5ee2bc5e, 0x0b1d160b, 0xdb76addb, 0xe03bdbe0, 0x32566432,
+0x3a4e743a, 0x0a1e140a, 0x49db9249, 0x060a0c06, 0x246c4824, 0x5ce4b85c,
+0xc25d9fc2, 0xd36ebdd3, 0xacef43ac, 0x62a6c462, 0x91a83991, 0x95a43195,
+0xe437d3e4, 0x798bf279, 0xe732d5e7, 0xc8438bc8, 0x37596e37, 0x6db7da6d,
+0x8d8c018d, 0xd564b1d5, 0x4ed29c4e, 0xa9e049a9, 0x6cb4d86c, 0x56faac56,
+0xf407f3f4, 0xea25cfea, 0x65afca65, 0x7a8ef47a, 0xaee947ae, 0x08181008,
+0xbad56fba, 0x7888f078, 0x256f4a25, 0x2e725c2e, 0x1c24381c, 0xa6f157a6,
+0xb4c773b4, 0xc65197c6, 0xe823cbe8, 0xdd7ca1dd, 0x749ce874, 0x1f213e1f,
+0x4bdd964b, 0xbddc61bd, 0x8b860d8b, 0x8a850f8a, 0x7090e070, 0x3e427c3e,
+0xb5c471b5, 0x66aacc66, 0x48d89048, 0x03050603, 0xf601f7f6, 0x0e121c0e,
+0x61a3c261, 0x355f6a35, 0x57f9ae57, 0xb9d069b9, 0x86911786, 0xc15899c1,
+0x1d273a1d, 0x9eb9279e, 0xe138d9e1, 0xf813ebf8, 0x98b32b98, 0x11332211,
+0x69bbd269, 0xd970a9d9, 0x8e89078e, 0x94a73394, 0x9bb62d9b, 0x1e223c1e,
+0x87921587, 0xe920c9e9, 0xce4987ce, 0x55ffaa55, 0x28785028, 0xdf7aa5df,
+0x8c8f038c, 0xa1f859a1, 0x89800989, 0x0d171a0d, 0xbfda65bf, 0xe631d7e6,
+0x42c68442, 0x68b8d068, 0x41c38241, 0x99b02999, 0x2d775a2d, 0x0f111e0f,
+0xb0cb7bb0, 0x54fca854, 0xbbd66dbb, 0x163a2c16  
+};
+#endif
+
+#ifdef IS_LITTLE_ENDIAN
+static const PRUint32 _T3[256] = 
+{
+0xc6a56363, 0xf8847c7c, 0xee997777, 0xf68d7b7b, 0xff0df2f2, 0xd6bd6b6b,
+0xdeb16f6f, 0x9154c5c5, 0x60503030, 0x02030101, 0xcea96767, 0x567d2b2b,
+0xe719fefe, 0xb562d7d7, 0x4de6abab, 0xec9a7676, 0x8f45caca, 0x1f9d8282,
+0x8940c9c9, 0xfa877d7d, 0xef15fafa, 0xb2eb5959, 0x8ec94747, 0xfb0bf0f0,
+0x41ecadad, 0xb367d4d4, 0x5ffda2a2, 0x45eaafaf, 0x23bf9c9c, 0x53f7a4a4,
+0xe4967272, 0x9b5bc0c0, 0x75c2b7b7, 0xe11cfdfd, 0x3dae9393, 0x4c6a2626,
+0x6c5a3636, 0x7e413f3f, 0xf502f7f7, 0x834fcccc, 0x685c3434, 0x51f4a5a5,
+0xd134e5e5, 0xf908f1f1, 0xe2937171, 0xab73d8d8, 0x62533131, 0x2a3f1515,
+0x080c0404, 0x9552c7c7, 0x46652323, 0x9d5ec3c3, 0x30281818, 0x37a19696,
+0x0a0f0505, 0x2fb59a9a, 0x0e090707, 0x24361212, 0x1b9b8080, 0xdf3de2e2,
+0xcd26ebeb, 0x4e692727, 0x7fcdb2b2, 0xea9f7575, 0x121b0909, 0x1d9e8383,
+0x58742c2c, 0x342e1a1a, 0x362d1b1b, 0xdcb26e6e, 0xb4ee5a5a, 0x5bfba0a0,
+0xa4f65252, 0x764d3b3b, 0xb761d6d6, 0x7dceb3b3, 0x527b2929, 0xdd3ee3e3,
+0x5e712f2f, 0x13978484, 0xa6f55353, 0xb968d1d1, 0x00000000, 0xc12ceded,
+0x40602020, 0xe31ffcfc, 0x79c8b1b1, 0xb6ed5b5b, 0xd4be6a6a, 0x8d46cbcb,
+0x67d9bebe, 0x724b3939, 0x94de4a4a, 0x98d44c4c, 0xb0e85858, 0x854acfcf,
+0xbb6bd0d0, 0xc52aefef, 0x4fe5aaaa, 0xed16fbfb, 0x86c54343, 0x9ad74d4d,
+0x66553333, 0x11948585, 0x8acf4545, 0xe910f9f9, 0x04060202, 0xfe817f7f,
+0xa0f05050, 0x78443c3c, 0x25ba9f9f, 0x4be3a8a8, 0xa2f35151, 0x5dfea3a3,
+0x80c04040, 0x058a8f8f, 0x3fad9292, 0x21bc9d9d, 0x70483838, 0xf104f5f5,
+0x63dfbcbc, 0x77c1b6b6, 0xaf75dada, 0x42632121, 0x20301010, 0xe51affff,
+0xfd0ef3f3, 0xbf6dd2d2, 0x814ccdcd, 0x18140c0c, 0x26351313, 0xc32fecec,
+0xbee15f5f, 0x35a29797, 0x88cc4444, 0x2e391717, 0x9357c4c4, 0x55f2a7a7,
+0xfc827e7e, 0x7a473d3d, 0xc8ac6464, 0xbae75d5d, 0x322b1919, 0xe6957373,
+0xc0a06060, 0x19988181, 0x9ed14f4f, 0xa37fdcdc, 0x44662222, 0x547e2a2a,
+0x3bab9090, 0x0b838888, 0x8cca4646, 0xc729eeee, 0x6bd3b8b8, 0x283c1414,
+0xa779dede, 0xbce25e5e, 0x161d0b0b, 0xad76dbdb, 0xdb3be0e0, 0x64563232,
+0x744e3a3a, 0x141e0a0a, 0x92db4949, 0x0c0a0606, 0x486c2424, 0xb8e45c5c,
+0x9f5dc2c2, 0xbd6ed3d3, 0x43efacac, 0xc4a66262, 0x39a89191, 0x31a49595,
+0xd337e4e4, 0xf28b7979, 0xd532e7e7, 0x8b43c8c8, 0x6e593737, 0xdab76d6d,
+0x018c8d8d, 0xb164d5d5, 0x9cd24e4e, 0x49e0a9a9, 0xd8b46c6c, 0xacfa5656,
+0xf307f4f4, 0xcf25eaea, 0xcaaf6565, 0xf48e7a7a, 0x47e9aeae, 0x10180808,
+0x6fd5baba, 0xf0887878, 0x4a6f2525, 0x5c722e2e, 0x38241c1c, 0x57f1a6a6,
+0x73c7b4b4, 0x9751c6c6, 0xcb23e8e8, 0xa17cdddd, 0xe89c7474, 0x3e211f1f,
+0x96dd4b4b, 0x61dcbdbd, 0x0d868b8b, 0x0f858a8a, 0xe0907070, 0x7c423e3e,
+0x71c4b5b5, 0xccaa6666, 0x90d84848, 0x06050303, 0xf701f6f6, 0x1c120e0e,
+0xc2a36161, 0x6a5f3535, 0xaef95757, 0x69d0b9b9, 0x17918686, 0x9958c1c1,
+0x3a271d1d, 0x27b99e9e, 0xd938e1e1, 0xeb13f8f8, 0x2bb39898, 0x22331111,
+0xd2bb6969, 0xa970d9d9, 0x07898e8e, 0x33a79494, 0x2db69b9b, 0x3c221e1e,
+0x15928787, 0xc920e9e9, 0x8749cece, 0xaaff5555, 0x50782828, 0xa57adfdf,
+0x038f8c8c, 0x59f8a1a1, 0x09808989, 0x1a170d0d, 0x65dabfbf, 0xd731e6e6,
+0x84c64242, 0xd0b86868, 0x82c34141, 0x29b09999, 0x5a772d2d, 0x1e110f0f,
+0x7bcbb0b0, 0xa8fc5454, 0x6dd6bbbb, 0x2c3a1616  
+};
+#else
+static const PRUint32 _T3[256] = 
+{
+0x6363a5c6, 0x7c7c84f8, 0x777799ee, 0x7b7b8df6, 0xf2f20dff, 0x6b6bbdd6,
+0x6f6fb1de, 0xc5c55491, 0x30305060, 0x01010302, 0x6767a9ce, 0x2b2b7d56,
+0xfefe19e7, 0xd7d762b5, 0xababe64d, 0x76769aec, 0xcaca458f, 0x82829d1f,
+0xc9c94089, 0x7d7d87fa, 0xfafa15ef, 0x5959ebb2, 0x4747c98e, 0xf0f00bfb,
+0xadadec41, 0xd4d467b3, 0xa2a2fd5f, 0xafafea45, 0x9c9cbf23, 0xa4a4f753,
+0x727296e4, 0xc0c05b9b, 0xb7b7c275, 0xfdfd1ce1, 0x9393ae3d, 0x26266a4c,
+0x36365a6c, 0x3f3f417e, 0xf7f702f5, 0xcccc4f83, 0x34345c68, 0xa5a5f451,
+0xe5e534d1, 0xf1f108f9, 0x717193e2, 0xd8d873ab, 0x31315362, 0x15153f2a,
+0x04040c08, 0xc7c75295, 0x23236546, 0xc3c35e9d, 0x18182830, 0x9696a137,
+0x05050f0a, 0x9a9ab52f, 0x0707090e, 0x12123624, 0x80809b1b, 0xe2e23ddf,
+0xebeb26cd, 0x2727694e, 0xb2b2cd7f, 0x75759fea, 0x09091b12, 0x83839e1d,
+0x2c2c7458, 0x1a1a2e34, 0x1b1b2d36, 0x6e6eb2dc, 0x5a5aeeb4, 0xa0a0fb5b,
+0x5252f6a4, 0x3b3b4d76, 0xd6d661b7, 0xb3b3ce7d, 0x29297b52, 0xe3e33edd,
+0x2f2f715e, 0x84849713, 0x5353f5a6, 0xd1d168b9, 0x00000000, 0xeded2cc1,
+0x20206040, 0xfcfc1fe3, 0xb1b1c879, 0x5b5bedb6, 0x6a6abed4, 0xcbcb468d,
+0xbebed967, 0x39394b72, 0x4a4ade94, 0x4c4cd498, 0x5858e8b0, 0xcfcf4a85,
+0xd0d06bbb, 0xefef2ac5, 0xaaaae54f, 0xfbfb16ed, 0x4343c586, 0x4d4dd79a,
+0x33335566, 0x85859411, 0x4545cf8a, 0xf9f910e9, 0x02020604, 0x7f7f81fe,
+0x5050f0a0, 0x3c3c4478, 0x9f9fba25, 0xa8a8e34b, 0x5151f3a2, 0xa3a3fe5d,
+0x4040c080, 0x8f8f8a05, 0x9292ad3f, 0x9d9dbc21, 0x38384870, 0xf5f504f1,
+0xbcbcdf63, 0xb6b6c177, 0xdada75af, 0x21216342, 0x10103020, 0xffff1ae5,
+0xf3f30efd, 0xd2d26dbf, 0xcdcd4c81, 0x0c0c1418, 0x13133526, 0xecec2fc3,
+0x5f5fe1be, 0x9797a235, 0x4444cc88, 0x1717392e, 0xc4c45793, 0xa7a7f255,
+0x7e7e82fc, 0x3d3d477a, 0x6464acc8, 0x5d5de7ba, 0x19192b32, 0x737395e6,
+0x6060a0c0, 0x81819819, 0x4f4fd19e, 0xdcdc7fa3, 0x22226644, 0x2a2a7e54,
+0x9090ab3b, 0x8888830b, 0x4646ca8c, 0xeeee29c7, 0xb8b8d36b, 0x14143c28,
+0xdede79a7, 0x5e5ee2bc, 0x0b0b1d16, 0xdbdb76ad, 0xe0e03bdb, 0x32325664,
+0x3a3a4e74, 0x0a0a1e14, 0x4949db92, 0x06060a0c, 0x24246c48, 0x5c5ce4b8,
+0xc2c25d9f, 0xd3d36ebd, 0xacacef43, 0x6262a6c4, 0x9191a839, 0x9595a431,
+0xe4e437d3, 0x79798bf2, 0xe7e732d5, 0xc8c8438b, 0x3737596e, 0x6d6db7da,
+0x8d8d8c01, 0xd5d564b1, 0x4e4ed29c, 0xa9a9e049, 0x6c6cb4d8, 0x5656faac,
+0xf4f407f3, 0xeaea25cf, 0x6565afca, 0x7a7a8ef4, 0xaeaee947, 0x08081810,
+0xbabad56f, 0x787888f0, 0x25256f4a, 0x2e2e725c, 0x1c1c2438, 0xa6a6f157,
+0xb4b4c773, 0xc6c65197, 0xe8e823cb, 0xdddd7ca1, 0x74749ce8, 0x1f1f213e,
+0x4b4bdd96, 0xbdbddc61, 0x8b8b860d, 0x8a8a850f, 0x707090e0, 0x3e3e427c,
+0xb5b5c471, 0x6666aacc, 0x4848d890, 0x03030506, 0xf6f601f7, 0x0e0e121c,
+0x6161a3c2, 0x35355f6a, 0x5757f9ae, 0xb9b9d069, 0x86869117, 0xc1c15899,
+0x1d1d273a, 0x9e9eb927, 0xe1e138d9, 0xf8f813eb, 0x9898b32b, 0x11113322,
+0x6969bbd2, 0xd9d970a9, 0x8e8e8907, 0x9494a733, 0x9b9bb62d, 0x1e1e223c,
+0x87879215, 0xe9e920c9, 0xcece4987, 0x5555ffaa, 0x28287850, 0xdfdf7aa5,
+0x8c8c8f03, 0xa1a1f859, 0x89898009, 0x0d0d171a, 0xbfbfda65, 0xe6e631d7,
+0x4242c684, 0x6868b8d0, 0x4141c382, 0x9999b029, 0x2d2d775a, 0x0f0f111e,
+0xb0b0cb7b, 0x5454fca8, 0xbbbbd66d, 0x16163a2c  
+};
+#endif
+
+#ifdef IS_LITTLE_ENDIAN
+static const PRUint32 _TInv0[256] = 
+{
+0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a, 0xcb6bab3b, 0xf1459d1f,
+0xab58faac, 0x9303e34b, 0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5,
+0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5, 0x495ab1de, 0x671bba25,
+0x980eea45, 0xe1c0fe5d, 0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b,
+0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295, 0x2d83bed4, 0xd3217458,
+0x2969e049, 0x44c8c98e, 0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927,
+0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d, 0x184adf63, 0x82311ae5,
+0x60335197, 0x457f5362, 0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9,
+0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52, 0x23d373ab, 0xe2024b72,
+0x578f1fe3, 0x2aab5566, 0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3,
+0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed, 0x2b1ccf8a, 0x92b479a7,
+0xf0f207f3, 0xa1e2694e, 0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4,
+0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4, 0x39ec830b, 0xaaef6040,
+0x069f715e, 0x51106ebd, 0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d,
+0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060, 0x24fb9819, 0x97e9bdd6,
+0xcc434089, 0x779ed967, 0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879,
+0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000, 0x83868009, 0x48ed2b32,
+0xac70111e, 0x4e725a6c, 0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36,
+0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624, 0xb1670a0c, 0x0fe75793,
+0xd296eeb4, 0x9e919b1b, 0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c,
+0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12, 0x0b0d090e, 0xadc78bf2,
+0xb9a8b62d, 0xc8a91e14, 0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3,
+0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b, 0x7629438b, 0xdcc623cb,
+0x68fcedb6, 0x63f1e4b8, 0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684,
+0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7, 0x4b2f9e1d, 0xf330b2dc,
+0xec52860d, 0xd0e3c177, 0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947,
+0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322, 0xc74e4987, 0xc1d138d9,
+0xfea2ca8c, 0x360bd498, 0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f,
+0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54, 0xc2138df6, 0xe8b8d890,
+0x5ef7392e, 0xf5afc382, 0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf,
+0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb, 0x097826cd, 0xf418596e,
+0x01b79aec, 0xa89a4f83, 0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef,
+0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029, 0xafb2a431, 0x31233f2a,
+0x3094a5c6, 0xc066a235, 0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733,
+0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117, 0x8dd64d76, 0x4db0ef43,
+0x544daacc, 0xdf0496e4, 0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546,
+0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb, 0x5a1d67b3, 0x52d2db92,
+0x335610e9, 0x1347d66d, 0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb,
+0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a, 0x59dfd29c, 0x3f73f255,
+0x79ce1418, 0xbf37c773, 0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478,
+0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2, 0x72c31d16, 0x0c25e2bc,
+0x8b493c28, 0x41950dff, 0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664,
+0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0  
+};
+#else
+static const PRUint32 _TInv0[256] = 
+{
+0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96, 0x3bab6bcb, 0x1f9d45f1,
+0xacfa58ab, 0x4be30393, 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25,
+0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f, 0xdeb15a49, 0x25ba1b67,
+0x45ea0e98, 0x5dfec0e1, 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6,
+0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da, 0xd4be832d, 0x587421d3,
+0x49e06929, 0x8ec9c844, 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd,
+0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4, 0x63df4a18, 0xe51a3182,
+0x97513360, 0x62537f45, 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94,
+0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7, 0xab73d323, 0x724b02e2,
+0xe31f8f57, 0x6655ab2a, 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5,
+0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c, 0x8acf1c2b, 0xa779b492,
+0xf307f2f0, 0x4e69e2a1, 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a,
+0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75, 0x0b83ec39, 0x4060efaa,
+0x5e719f06, 0xbd6e1051, 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46,
+0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff, 0x1998fb24, 0xd6bde997,
+0x894043cc, 0x67d99e77, 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb,
+0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000, 0x09808683, 0x322bed48,
+0x1e1170ac, 0x6c5a724e, 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927,
+0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a, 0x0c0a67b1, 0x9357e70f,
+0xb4ee96d2, 0x1b9b919e, 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16,
+0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d, 0x0e090d0b, 0xf28bc7ad,
+0x2db6a8b9, 0x141ea9c8, 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd,
+0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34, 0x8b432976, 0xcb23c6dc,
+0xb6edfc68, 0xb8e4f163, 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120,
+0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d, 0x1d9e2f4b, 0xdcb230f3,
+0x0d8652ec, 0x77c1e3d0, 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422,
+0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef, 0x87494ec7, 0xd938d1c1,
+0x8ccaa2fe, 0x98d40b36, 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4,
+0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662, 0xf68d13c2, 0x90d8b8e8,
+0x2e39f75e, 0x82c3aff5, 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3,
+0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b, 0xcd267809, 0x6e5918f4,
+0xec9ab701, 0x834f9aa8, 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6,
+0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6, 0x31a4b2af, 0x2a3f2331,
+0xc6a59430, 0x35a266c0, 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815,
+0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f, 0x764dd68d, 0x43efb04d,
+0xccaa4d54, 0xe49604df, 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f,
+0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e, 0xb3671d5a, 0x92dbd252,
+0xe9105633, 0x6dd64713, 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89,
+0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c, 0x9cd2df59, 0x55f2733f,
+0x1814ce79, 0x73c737bf, 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86,
+0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f, 0x161dc372, 0xbce2250c,
+0x283c498b, 0xff0d9541, 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190,
+0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742  
+};
+#endif
+
+#ifdef IS_LITTLE_ENDIAN
+static const PRUint32 _TInv1[256] = 
+{
+0xa7f45150, 0x65417e53, 0xa4171ac3, 0x5e273a96, 0x6bab3bcb, 0x459d1ff1,
+0x58faacab, 0x03e34b93, 0xfa302055, 0x6d76adf6, 0x76cc8891, 0x4c02f525,
+0xd7e54ffc, 0xcb2ac5d7, 0x44352680, 0xa362b58f, 0x5ab1de49, 0x1bba2567,
+0x0eea4598, 0xc0fe5de1, 0x752fc302, 0xf04c8112, 0x97468da3, 0xf9d36bc6,
+0x5f8f03e7, 0x9c921595, 0x7a6dbfeb, 0x595295da, 0x83bed42d, 0x217458d3,
+0x69e04929, 0xc8c98e44, 0x89c2756a, 0x798ef478, 0x3e58996b, 0x71b927dd,
+0x4fe1beb6, 0xad88f017, 0xac20c966, 0x3ace7db4, 0x4adf6318, 0x311ae582,
+0x33519760, 0x7f536245, 0x7764b1e0, 0xae6bbb84, 0xa081fe1c, 0x2b08f994,
+0x68487058, 0xfd458f19, 0x6cde9487, 0xf87b52b7, 0xd373ab23, 0x024b72e2,
+0x8f1fe357, 0xab55662a, 0x28ebb207, 0xc2b52f03, 0x7bc5869a, 0x0837d3a5,
+0x872830f2, 0xa5bf23b2, 0x6a0302ba, 0x8216ed5c, 0x1ccf8a2b, 0xb479a792,
+0xf207f3f0, 0xe2694ea1, 0xf4da65cd, 0xbe0506d5, 0x6234d11f, 0xfea6c48a,
+0x532e349d, 0x55f3a2a0, 0xe18a0532, 0xebf6a475, 0xec830b39, 0xef6040aa,
+0x9f715e06, 0x106ebd51, 0x8a213ef9, 0x06dd963d, 0x053eddae, 0xbde64d46,
+0x8d5491b5, 0x5dc47105, 0xd406046f, 0x155060ff, 0xfb981924, 0xe9bdd697,
+0x434089cc, 0x9ed96777, 0x42e8b0bd, 0x8b890788, 0x5b19e738, 0xeec879db,
+0x0a7ca147, 0x0f427ce9, 0x1e84f8c9, 0x00000000, 0x86800983, 0xed2b3248,
+0x70111eac, 0x725a6c4e, 0xff0efdfb, 0x38850f56, 0xd5ae3d1e, 0x392d3627,
+0xd90f0a64, 0xa65c6821, 0x545b9bd1, 0x2e36243a, 0x670a0cb1, 0xe757930f,
+0x96eeb4d2, 0x919b1b9e, 0xc5c0804f, 0x20dc61a2, 0x4b775a69, 0x1a121c16,
+0xba93e20a, 0x2aa0c0e5, 0xe0223c43, 0x171b121d, 0x0d090e0b, 0xc78bf2ad,
+0xa8b62db9, 0xa91e14c8, 0x19f15785, 0x0775af4c, 0xdd99eebb, 0x607fa3fd,
+0x2601f79f, 0xf5725cbc, 0x3b6644c5, 0x7efb5b34, 0x29438b76, 0xc623cbdc,
+0xfcedb668, 0xf1e4b863, 0xdc31d7ca, 0x85634210, 0x22971340, 0x11c68420,
+0x244a857d, 0x3dbbd2f8, 0x32f9ae11, 0xa129c76d, 0x2f9e1d4b, 0x30b2dcf3,
+0x52860dec, 0xe3c177d0, 0x16b32b6c, 0xb970a999, 0x489411fa, 0x64e94722,
+0x8cfca8c4, 0x3ff0a01a, 0x2c7d56d8, 0x903322ef, 0x4e4987c7, 0xd138d9c1,
+0xa2ca8cfe, 0x0bd49836, 0x81f5a6cf, 0xde7aa528, 0x8eb7da26, 0xbfad3fa4,
+0x9d3a2ce4, 0x9278500d, 0xcc5f6a9b, 0x467e5462, 0x138df6c2, 0xb8d890e8,
+0xf7392e5e, 0xafc382f5, 0x805d9fbe, 0x93d0697c, 0x2dd56fa9, 0x1225cfb3,
+0x99acc83b, 0x7d1810a7, 0x639ce86e, 0xbb3bdb7b, 0x7826cd09, 0x18596ef4,
+0xb79aec01, 0x9a4f83a8, 0x6e95e665, 0xe6ffaa7e, 0xcfbc2108, 0xe815efe6,
+0x9be7bad9, 0x366f4ace, 0x099fead4, 0x7cb029d6, 0xb2a431af, 0x233f2a31,
+0x94a5c630, 0x66a235c0, 0xbc4e7437, 0xca82fca6, 0xd090e0b0, 0xd8a73315,
+0x9804f14a, 0xdaec41f7, 0x50cd7f0e, 0xf691172f, 0xd64d768d, 0xb0ef434d,
+0x4daacc54, 0x0496e4df, 0xb5d19ee3, 0x886a4c1b, 0x1f2cc1b8, 0x5165467f,
+0xea5e9d04, 0x358c015d, 0x7487fa73, 0x410bfb2e, 0x1d67b35a, 0xd2db9252,
+0x5610e933, 0x47d66d13, 0x61d79a8c, 0x0ca1377a, 0x14f8598e, 0x3c13eb89,
+0x27a9ceee, 0xc961b735, 0xe51ce1ed, 0xb1477a3c, 0xdfd29c59, 0x73f2553f,
+0xce141879, 0x37c773bf, 0xcdf753ea, 0xaafd5f5b, 0x6f3ddf14, 0xdb447886,
+0xf3afca81, 0xc468b93e, 0x3424382c, 0x40a3c25f, 0xc31d1672, 0x25e2bc0c,
+0x493c288b, 0x950dff41, 0x01a83971, 0xb30c08de, 0xe4b4d89c, 0xc1566490,
+0x84cb7b61, 0xb632d570, 0x5c6c4874, 0x57b8d042  
+};
+#else
+static const PRUint32 _TInv1[256] = 
+{
+0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e, 0xcb3bab6b, 0xf11f9d45,
+0xabacfa58, 0x934be303, 0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c,
+0xfc4fe5d7, 0xd7c52acb, 0x80263544, 0x8fb562a3, 0x49deb15a, 0x6725ba1b,
+0x9845ea0e, 0xe15dfec0, 0x02c32f75, 0x12814cf0, 0xa38d4697, 0xc66bd3f9,
+0xe7038f5f, 0x9515929c, 0xebbf6d7a, 0xda955259, 0x2dd4be83, 0xd3587421,
+0x2949e069, 0x448ec9c8, 0x6a75c289, 0x78f48e79, 0x6b99583e, 0xdd27b971,
+0xb6bee14f, 0x17f088ad, 0x66c920ac, 0xb47dce3a, 0x1863df4a, 0x82e51a31,
+0x60975133, 0x4562537f, 0xe0b16477, 0x84bb6bae, 0x1cfe81a0, 0x94f9082b,
+0x58704868, 0x198f45fd, 0x8794de6c, 0xb7527bf8, 0x23ab73d3, 0xe2724b02,
+0x57e31f8f, 0x2a6655ab, 0x07b2eb28, 0x032fb5c2, 0x9a86c57b, 0xa5d33708,
+0xf2302887, 0xb223bfa5, 0xba02036a, 0x5ced1682, 0x2b8acf1c, 0x92a779b4,
+0xf0f307f2, 0xa14e69e2, 0xcd65daf4, 0xd50605be, 0x1fd13462, 0x8ac4a6fe,
+0x9d342e53, 0xa0a2f355, 0x32058ae1, 0x75a4f6eb, 0x390b83ec, 0xaa4060ef,
+0x065e719f, 0x51bd6e10, 0xf93e218a, 0x3d96dd06, 0xaedd3e05, 0x464de6bd,
+0xb591548d, 0x0571c45d, 0x6f0406d4, 0xff605015, 0x241998fb, 0x97d6bde9,
+0xcc894043, 0x7767d99e, 0xbdb0e842, 0x8807898b, 0x38e7195b, 0xdb79c8ee,
+0x47a17c0a, 0xe97c420f, 0xc9f8841e, 0x00000000, 0x83098086, 0x48322bed,
+0xac1e1170, 0x4e6c5a72, 0xfbfd0eff, 0x560f8538, 0x1e3daed5, 0x27362d39,
+0x640a0fd9, 0x21685ca6, 0xd19b5b54, 0x3a24362e, 0xb10c0a67, 0x0f9357e7,
+0xd2b4ee96, 0x9e1b9b91, 0x4f80c0c5, 0xa261dc20, 0x695a774b, 0x161c121a,
+0x0ae293ba, 0xe5c0a02a, 0x433c22e0, 0x1d121b17, 0x0b0e090d, 0xadf28bc7,
+0xb92db6a8, 0xc8141ea9, 0x8557f119, 0x4caf7507, 0xbbee99dd, 0xfda37f60,
+0x9ff70126, 0xbc5c72f5, 0xc544663b, 0x345bfb7e, 0x768b4329, 0xdccb23c6,
+0x68b6edfc, 0x63b8e4f1, 0xcad731dc, 0x10426385, 0x40139722, 0x2084c611,
+0x7d854a24, 0xf8d2bb3d, 0x11aef932, 0x6dc729a1, 0x4b1d9e2f, 0xf3dcb230,
+0xec0d8652, 0xd077c1e3, 0x6c2bb316, 0x99a970b9, 0xfa119448, 0x2247e964,
+0xc4a8fc8c, 0x1aa0f03f, 0xd8567d2c, 0xef223390, 0xc787494e, 0xc1d938d1,
+0xfe8ccaa2, 0x3698d40b, 0xcfa6f581, 0x28a57ade, 0x26dab78e, 0xa43fadbf,
+0xe42c3a9d, 0x0d507892, 0x9b6a5fcc, 0x62547e46, 0xc2f68d13, 0xe890d8b8,
+0x5e2e39f7, 0xf582c3af, 0xbe9f5d80, 0x7c69d093, 0xa96fd52d, 0xb3cf2512,
+0x3bc8ac99, 0xa710187d, 0x6ee89c63, 0x7bdb3bbb, 0x09cd2678, 0xf46e5918,
+0x01ec9ab7, 0xa8834f9a, 0x65e6956e, 0x7eaaffe6, 0x0821bccf, 0xe6ef15e8,
+0xd9bae79b, 0xce4a6f36, 0xd4ea9f09, 0xd629b07c, 0xaf31a4b2, 0x312a3f23,
+0x30c6a594, 0xc035a266, 0x37744ebc, 0xa6fc82ca, 0xb0e090d0, 0x1533a7d8,
+0x4af10498, 0xf741ecda, 0x0e7fcd50, 0x2f1791f6, 0x8d764dd6, 0x4d43efb0,
+0x54ccaa4d, 0xdfe49604, 0xe39ed1b5, 0x1b4c6a88, 0xb8c12c1f, 0x7f466551,
+0x049d5eea, 0x5d018c35, 0x73fa8774, 0x2efb0b41, 0x5ab3671d, 0x5292dbd2,
+0x33e91056, 0x136dd647, 0x8c9ad761, 0x7a37a10c, 0x8e59f814, 0x89eb133c,
+0xeecea927, 0x35b761c9, 0xede11ce5, 0x3c7a47b1, 0x599cd2df, 0x3f55f273,
+0x791814ce, 0xbf73c737, 0xea53f7cd, 0x5b5ffdaa, 0x14df3d6f, 0x867844db,
+0x81caaff3, 0x3eb968c4, 0x2c382434, 0x5fc2a340, 0x72161dc3, 0x0cbce225,
+0x8b283c49, 0x41ff0d95, 0x7139a801, 0xde080cb3, 0x9cd8b4e4, 0x906456c1,
+0x617bcb84, 0x70d532b6, 0x74486c5c, 0x42d0b857  
+};
+#endif
+
+#ifdef IS_LITTLE_ENDIAN
+static const PRUint32 _TInv2[256] = 
+{
+0xf45150a7, 0x417e5365, 0x171ac3a4, 0x273a965e, 0xab3bcb6b, 0x9d1ff145,
+0xfaacab58, 0xe34b9303, 0x302055fa, 0x76adf66d, 0xcc889176, 0x02f5254c,
+0xe54ffcd7, 0x2ac5d7cb, 0x35268044, 0x62b58fa3, 0xb1de495a, 0xba25671b,
+0xea45980e, 0xfe5de1c0, 0x2fc30275, 0x4c8112f0, 0x468da397, 0xd36bc6f9,
+0x8f03e75f, 0x9215959c, 0x6dbfeb7a, 0x5295da59, 0xbed42d83, 0x7458d321,
+0xe0492969, 0xc98e44c8, 0xc2756a89, 0x8ef47879, 0x58996b3e, 0xb927dd71,
+0xe1beb64f, 0x88f017ad, 0x20c966ac, 0xce7db43a, 0xdf63184a, 0x1ae58231,
+0x51976033, 0x5362457f, 0x64b1e077, 0x6bbb84ae, 0x81fe1ca0, 0x08f9942b,
+0x48705868, 0x458f19fd, 0xde94876c, 0x7b52b7f8, 0x73ab23d3, 0x4b72e202,
+0x1fe3578f, 0x55662aab, 0xebb20728, 0xb52f03c2, 0xc5869a7b, 0x37d3a508,
+0x2830f287, 0xbf23b2a5, 0x0302ba6a, 0x16ed5c82, 0xcf8a2b1c, 0x79a792b4,
+0x07f3f0f2, 0x694ea1e2, 0xda65cdf4, 0x0506d5be, 0x34d11f62, 0xa6c48afe,
+0x2e349d53, 0xf3a2a055, 0x8a0532e1, 0xf6a475eb, 0x830b39ec, 0x6040aaef,
+0x715e069f, 0x6ebd5110, 0x213ef98a, 0xdd963d06, 0x3eddae05, 0xe64d46bd,
+0x5491b58d, 0xc471055d, 0x06046fd4, 0x5060ff15, 0x981924fb, 0xbdd697e9,
+0x4089cc43, 0xd967779e, 0xe8b0bd42, 0x8907888b, 0x19e7385b, 0xc879dbee,
+0x7ca1470a, 0x427ce90f, 0x84f8c91e, 0x00000000, 0x80098386, 0x2b3248ed,
+0x111eac70, 0x5a6c4e72, 0x0efdfbff, 0x850f5638, 0xae3d1ed5, 0x2d362739,
+0x0f0a64d9, 0x5c6821a6, 0x5b9bd154, 0x36243a2e, 0x0a0cb167, 0x57930fe7,
+0xeeb4d296, 0x9b1b9e91, 0xc0804fc5, 0xdc61a220, 0x775a694b, 0x121c161a,
+0x93e20aba, 0xa0c0e52a, 0x223c43e0, 0x1b121d17, 0x090e0b0d, 0x8bf2adc7,
+0xb62db9a8, 0x1e14c8a9, 0xf1578519, 0x75af4c07, 0x99eebbdd, 0x7fa3fd60,
+0x01f79f26, 0x725cbcf5, 0x6644c53b, 0xfb5b347e, 0x438b7629, 0x23cbdcc6,
+0xedb668fc, 0xe4b863f1, 0x31d7cadc, 0x63421085, 0x97134022, 0xc6842011,
+0x4a857d24, 0xbbd2f83d, 0xf9ae1132, 0x29c76da1, 0x9e1d4b2f, 0xb2dcf330,
+0x860dec52, 0xc177d0e3, 0xb32b6c16, 0x70a999b9, 0x9411fa48, 0xe9472264,
+0xfca8c48c, 0xf0a01a3f, 0x7d56d82c, 0x3322ef90, 0x4987c74e, 0x38d9c1d1,
+0xca8cfea2, 0xd498360b, 0xf5a6cf81, 0x7aa528de, 0xb7da268e, 0xad3fa4bf,
+0x3a2ce49d, 0x78500d92, 0x5f6a9bcc, 0x7e546246, 0x8df6c213, 0xd890e8b8,
+0x392e5ef7, 0xc382f5af, 0x5d9fbe80, 0xd0697c93, 0xd56fa92d, 0x25cfb312,
+0xacc83b99, 0x1810a77d, 0x9ce86e63, 0x3bdb7bbb, 0x26cd0978, 0x596ef418,
+0x9aec01b7, 0x4f83a89a, 0x95e6656e, 0xffaa7ee6, 0xbc2108cf, 0x15efe6e8,
+0xe7bad99b, 0x6f4ace36, 0x9fead409, 0xb029d67c, 0xa431afb2, 0x3f2a3123,
+0xa5c63094, 0xa235c066, 0x4e7437bc, 0x82fca6ca, 0x90e0b0d0, 0xa73315d8,
+0x04f14a98, 0xec41f7da, 0xcd7f0e50, 0x91172ff6, 0x4d768dd6, 0xef434db0,
+0xaacc544d, 0x96e4df04, 0xd19ee3b5, 0x6a4c1b88, 0x2cc1b81f, 0x65467f51,
+0x5e9d04ea, 0x8c015d35, 0x87fa7374, 0x0bfb2e41, 0x67b35a1d, 0xdb9252d2,
+0x10e93356, 0xd66d1347, 0xd79a8c61, 0xa1377a0c, 0xf8598e14, 0x13eb893c,
+0xa9ceee27, 0x61b735c9, 0x1ce1ede5, 0x477a3cb1, 0xd29c59df, 0xf2553f73,
+0x141879ce, 0xc773bf37, 0xf753eacd, 0xfd5f5baa, 0x3ddf146f, 0x447886db,
+0xafca81f3, 0x68b93ec4, 0x24382c34, 0xa3c25f40, 0x1d1672c3, 0xe2bc0c25,
+0x3c288b49, 0x0dff4195, 0xa8397101, 0x0c08deb3, 0xb4d89ce4, 0x566490c1,
+0xcb7b6184, 0x32d570b6, 0x6c48745c, 0xb8d04257  
+};
+#else
+static const PRUint32 _TInv2[256] = 
+{
+0xa75051f4, 0x65537e41, 0xa4c31a17, 0x5e963a27, 0x6bcb3bab, 0x45f11f9d,
+0x58abacfa, 0x03934be3, 0xfa552030, 0x6df6ad76, 0x769188cc, 0x4c25f502,
+0xd7fc4fe5, 0xcbd7c52a, 0x44802635, 0xa38fb562, 0x5a49deb1, 0x1b6725ba,
+0x0e9845ea, 0xc0e15dfe, 0x7502c32f, 0xf012814c, 0x97a38d46, 0xf9c66bd3,
+0x5fe7038f, 0x9c951592, 0x7aebbf6d, 0x59da9552, 0x832dd4be, 0x21d35874,
+0x692949e0, 0xc8448ec9, 0x896a75c2, 0x7978f48e, 0x3e6b9958, 0x71dd27b9,
+0x4fb6bee1, 0xad17f088, 0xac66c920, 0x3ab47dce, 0x4a1863df, 0x3182e51a,
+0x33609751, 0x7f456253, 0x77e0b164, 0xae84bb6b, 0xa01cfe81, 0x2b94f908,
+0x68587048, 0xfd198f45, 0x6c8794de, 0xf8b7527b, 0xd323ab73, 0x02e2724b,
+0x8f57e31f, 0xab2a6655, 0x2807b2eb, 0xc2032fb5, 0x7b9a86c5, 0x08a5d337,
+0x87f23028, 0xa5b223bf, 0x6aba0203, 0x825ced16, 0x1c2b8acf, 0xb492a779,
+0xf2f0f307, 0xe2a14e69, 0xf4cd65da, 0xbed50605, 0x621fd134, 0xfe8ac4a6,
+0x539d342e, 0x55a0a2f3, 0xe132058a, 0xeb75a4f6, 0xec390b83, 0xefaa4060,
+0x9f065e71, 0x1051bd6e, 0x8af93e21, 0x063d96dd, 0x05aedd3e, 0xbd464de6,
+0x8db59154, 0x5d0571c4, 0xd46f0406, 0x15ff6050, 0xfb241998, 0xe997d6bd,
+0x43cc8940, 0x9e7767d9, 0x42bdb0e8, 0x8b880789, 0x5b38e719, 0xeedb79c8,
+0x0a47a17c, 0x0fe97c42, 0x1ec9f884, 0x00000000, 0x86830980, 0xed48322b,
+0x70ac1e11, 0x724e6c5a, 0xfffbfd0e, 0x38560f85, 0xd51e3dae, 0x3927362d,
+0xd9640a0f, 0xa621685c, 0x54d19b5b, 0x2e3a2436, 0x67b10c0a, 0xe70f9357,
+0x96d2b4ee, 0x919e1b9b, 0xc54f80c0, 0x20a261dc, 0x4b695a77, 0x1a161c12,
+0xba0ae293, 0x2ae5c0a0, 0xe0433c22, 0x171d121b, 0x0d0b0e09, 0xc7adf28b,
+0xa8b92db6, 0xa9c8141e, 0x198557f1, 0x074caf75, 0xddbbee99, 0x60fda37f,
+0x269ff701, 0xf5bc5c72, 0x3bc54466, 0x7e345bfb, 0x29768b43, 0xc6dccb23,
+0xfc68b6ed, 0xf163b8e4, 0xdccad731, 0x85104263, 0x22401397, 0x112084c6,
+0x247d854a, 0x3df8d2bb, 0x3211aef9, 0xa16dc729, 0x2f4b1d9e, 0x30f3dcb2,
+0x52ec0d86, 0xe3d077c1, 0x166c2bb3, 0xb999a970, 0x48fa1194, 0x642247e9,
+0x8cc4a8fc, 0x3f1aa0f0, 0x2cd8567d, 0x90ef2233, 0x4ec78749, 0xd1c1d938,
+0xa2fe8cca, 0x0b3698d4, 0x81cfa6f5, 0xde28a57a, 0x8e26dab7, 0xbfa43fad,
+0x9de42c3a, 0x920d5078, 0xcc9b6a5f, 0x4662547e, 0x13c2f68d, 0xb8e890d8,
+0xf75e2e39, 0xaff582c3, 0x80be9f5d, 0x937c69d0, 0x2da96fd5, 0x12b3cf25,
+0x993bc8ac, 0x7da71018, 0x636ee89c, 0xbb7bdb3b, 0x7809cd26, 0x18f46e59,
+0xb701ec9a, 0x9aa8834f, 0x6e65e695, 0xe67eaaff, 0xcf0821bc, 0xe8e6ef15,
+0x9bd9bae7, 0x36ce4a6f, 0x09d4ea9f, 0x7cd629b0, 0xb2af31a4, 0x23312a3f,
+0x9430c6a5, 0x66c035a2, 0xbc37744e, 0xcaa6fc82, 0xd0b0e090, 0xd81533a7,
+0x984af104, 0xdaf741ec, 0x500e7fcd, 0xf62f1791, 0xd68d764d, 0xb04d43ef,
+0x4d54ccaa, 0x04dfe496, 0xb5e39ed1, 0x881b4c6a, 0x1fb8c12c, 0x517f4665,
+0xea049d5e, 0x355d018c, 0x7473fa87, 0x412efb0b, 0x1d5ab367, 0xd25292db,
+0x5633e910, 0x47136dd6, 0x618c9ad7, 0x0c7a37a1, 0x148e59f8, 0x3c89eb13,
+0x27eecea9, 0xc935b761, 0xe5ede11c, 0xb13c7a47, 0xdf599cd2, 0x733f55f2,
+0xce791814, 0x37bf73c7, 0xcdea53f7, 0xaa5b5ffd, 0x6f14df3d, 0xdb867844,
+0xf381caaf, 0xc43eb968, 0x342c3824, 0x405fc2a3, 0xc372161d, 0x250cbce2,
+0x498b283c, 0x9541ff0d, 0x017139a8, 0xb3de080c, 0xe49cd8b4, 0xc1906456,
+0x84617bcb, 0xb670d532, 0x5c74486c, 0x5742d0b8  
+};
+#endif
+
+#ifdef IS_LITTLE_ENDIAN
+static const PRUint32 _TInv3[256] = 
+{
+0x5150a7f4, 0x7e536541, 0x1ac3a417, 0x3a965e27, 0x3bcb6bab, 0x1ff1459d,
+0xacab58fa, 0x4b9303e3, 0x2055fa30, 0xadf66d76, 0x889176cc, 0xf5254c02,
+0x4ffcd7e5, 0xc5d7cb2a, 0x26804435, 0xb58fa362, 0xde495ab1, 0x25671bba,
+0x45980eea, 0x5de1c0fe, 0xc302752f, 0x8112f04c, 0x8da39746, 0x6bc6f9d3,
+0x03e75f8f, 0x15959c92, 0xbfeb7a6d, 0x95da5952, 0xd42d83be, 0x58d32174,
+0x492969e0, 0x8e44c8c9, 0x756a89c2, 0xf478798e, 0x996b3e58, 0x27dd71b9,
+0xbeb64fe1, 0xf017ad88, 0xc966ac20, 0x7db43ace, 0x63184adf, 0xe582311a,
+0x97603351, 0x62457f53, 0xb1e07764, 0xbb84ae6b, 0xfe1ca081, 0xf9942b08,
+0x70586848, 0x8f19fd45, 0x94876cde, 0x52b7f87b, 0xab23d373, 0x72e2024b,
+0xe3578f1f, 0x662aab55, 0xb20728eb, 0x2f03c2b5, 0x869a7bc5, 0xd3a50837,
+0x30f28728, 0x23b2a5bf, 0x02ba6a03, 0xed5c8216, 0x8a2b1ccf, 0xa792b479,
+0xf3f0f207, 0x4ea1e269, 0x65cdf4da, 0x06d5be05, 0xd11f6234, 0xc48afea6,
+0x349d532e, 0xa2a055f3, 0x0532e18a, 0xa475ebf6, 0x0b39ec83, 0x40aaef60,
+0x5e069f71, 0xbd51106e, 0x3ef98a21, 0x963d06dd, 0xddae053e, 0x4d46bde6,
+0x91b58d54, 0x71055dc4, 0x046fd406, 0x60ff1550, 0x1924fb98, 0xd697e9bd,
+0x89cc4340, 0x67779ed9, 0xb0bd42e8, 0x07888b89, 0xe7385b19, 0x79dbeec8,
+0xa1470a7c, 0x7ce90f42, 0xf8c91e84, 0x00000000, 0x09838680, 0x3248ed2b,
+0x1eac7011, 0x6c4e725a, 0xfdfbff0e, 0x0f563885, 0x3d1ed5ae, 0x3627392d,
+0x0a64d90f, 0x6821a65c, 0x9bd1545b, 0x243a2e36, 0x0cb1670a, 0x930fe757,
+0xb4d296ee, 0x1b9e919b, 0x804fc5c0, 0x61a220dc, 0x5a694b77, 0x1c161a12,
+0xe20aba93, 0xc0e52aa0, 0x3c43e022, 0x121d171b, 0x0e0b0d09, 0xf2adc78b,
+0x2db9a8b6, 0x14c8a91e, 0x578519f1, 0xaf4c0775, 0xeebbdd99, 0xa3fd607f,
+0xf79f2601, 0x5cbcf572, 0x44c53b66, 0x5b347efb, 0x8b762943, 0xcbdcc623,
+0xb668fced, 0xb863f1e4, 0xd7cadc31, 0x42108563, 0x13402297, 0x842011c6,
+0x857d244a, 0xd2f83dbb, 0xae1132f9, 0xc76da129, 0x1d4b2f9e, 0xdcf330b2,
+0x0dec5286, 0x77d0e3c1, 0x2b6c16b3, 0xa999b970, 0x11fa4894, 0x472264e9,
+0xa8c48cfc, 0xa01a3ff0, 0x56d82c7d, 0x22ef9033, 0x87c74e49, 0xd9c1d138,
+0x8cfea2ca, 0x98360bd4, 0xa6cf81f5, 0xa528de7a, 0xda268eb7, 0x3fa4bfad,
+0x2ce49d3a, 0x500d9278, 0x6a9bcc5f, 0x5462467e, 0xf6c2138d, 0x90e8b8d8,
+0x2e5ef739, 0x82f5afc3, 0x9fbe805d, 0x697c93d0, 0x6fa92dd5, 0xcfb31225,
+0xc83b99ac, 0x10a77d18, 0xe86e639c, 0xdb7bbb3b, 0xcd097826, 0x6ef41859,
+0xec01b79a, 0x83a89a4f, 0xe6656e95, 0xaa7ee6ff, 0x2108cfbc, 0xefe6e815,
+0xbad99be7, 0x4ace366f, 0xead4099f, 0x29d67cb0, 0x31afb2a4, 0x2a31233f,
+0xc63094a5, 0x35c066a2, 0x7437bc4e, 0xfca6ca82, 0xe0b0d090, 0x3315d8a7,
+0xf14a9804, 0x41f7daec, 0x7f0e50cd, 0x172ff691, 0x768dd64d, 0x434db0ef,
+0xcc544daa, 0xe4df0496, 0x9ee3b5d1, 0x4c1b886a, 0xc1b81f2c, 0x467f5165,
+0x9d04ea5e, 0x015d358c, 0xfa737487, 0xfb2e410b, 0xb35a1d67, 0x9252d2db,
+0xe9335610, 0x6d1347d6, 0x9a8c61d7, 0x377a0ca1, 0x598e14f8, 0xeb893c13,
+0xceee27a9, 0xb735c961, 0xe1ede51c, 0x7a3cb147, 0x9c59dfd2, 0x553f73f2,
+0x1879ce14, 0x73bf37c7, 0x53eacdf7, 0x5f5baafd, 0xdf146f3d, 0x7886db44,
+0xca81f3af, 0xb93ec468, 0x382c3424, 0xc25f40a3, 0x1672c31d, 0xbc0c25e2,
+0x288b493c, 0xff41950d, 0x397101a8, 0x08deb30c, 0xd89ce4b4, 0x6490c156,
+0x7b6184cb, 0xd570b632, 0x48745c6c, 0xd04257b8  
+};
+#else
+static const PRUint32 _TInv3[256] = 
+{
+0xf4a75051, 0x4165537e, 0x17a4c31a, 0x275e963a, 0xab6bcb3b, 0x9d45f11f,
+0xfa58abac, 0xe303934b, 0x30fa5520, 0x766df6ad, 0xcc769188, 0x024c25f5,
+0xe5d7fc4f, 0x2acbd7c5, 0x35448026, 0x62a38fb5, 0xb15a49de, 0xba1b6725,
+0xea0e9845, 0xfec0e15d, 0x2f7502c3, 0x4cf01281, 0x4697a38d, 0xd3f9c66b,
+0x8f5fe703, 0x929c9515, 0x6d7aebbf, 0x5259da95, 0xbe832dd4, 0x7421d358,
+0xe0692949, 0xc9c8448e, 0xc2896a75, 0x8e7978f4, 0x583e6b99, 0xb971dd27,
+0xe14fb6be, 0x88ad17f0, 0x20ac66c9, 0xce3ab47d, 0xdf4a1863, 0x1a3182e5,
+0x51336097, 0x537f4562, 0x6477e0b1, 0x6bae84bb, 0x81a01cfe, 0x082b94f9,
+0x48685870, 0x45fd198f, 0xde6c8794, 0x7bf8b752, 0x73d323ab, 0x4b02e272,
+0x1f8f57e3, 0x55ab2a66, 0xeb2807b2, 0xb5c2032f, 0xc57b9a86, 0x3708a5d3,
+0x2887f230, 0xbfa5b223, 0x036aba02, 0x16825ced, 0xcf1c2b8a, 0x79b492a7,
+0x07f2f0f3, 0x69e2a14e, 0xdaf4cd65, 0x05bed506, 0x34621fd1, 0xa6fe8ac4,
+0x2e539d34, 0xf355a0a2, 0x8ae13205, 0xf6eb75a4, 0x83ec390b, 0x60efaa40,
+0x719f065e, 0x6e1051bd, 0x218af93e, 0xdd063d96, 0x3e05aedd, 0xe6bd464d,
+0x548db591, 0xc45d0571, 0x06d46f04, 0x5015ff60, 0x98fb2419, 0xbde997d6,
+0x4043cc89, 0xd99e7767, 0xe842bdb0, 0x898b8807, 0x195b38e7, 0xc8eedb79,
+0x7c0a47a1, 0x420fe97c, 0x841ec9f8, 0x00000000, 0x80868309, 0x2bed4832,
+0x1170ac1e, 0x5a724e6c, 0x0efffbfd, 0x8538560f, 0xaed51e3d, 0x2d392736,
+0x0fd9640a, 0x5ca62168, 0x5b54d19b, 0x362e3a24, 0x0a67b10c, 0x57e70f93,
+0xee96d2b4, 0x9b919e1b, 0xc0c54f80, 0xdc20a261, 0x774b695a, 0x121a161c,
+0x93ba0ae2, 0xa02ae5c0, 0x22e0433c, 0x1b171d12, 0x090d0b0e, 0x8bc7adf2,
+0xb6a8b92d, 0x1ea9c814, 0xf1198557, 0x75074caf, 0x99ddbbee, 0x7f60fda3,
+0x01269ff7, 0x72f5bc5c, 0x663bc544, 0xfb7e345b, 0x4329768b, 0x23c6dccb,
+0xedfc68b6, 0xe4f163b8, 0x31dccad7, 0x63851042, 0x97224013, 0xc6112084,
+0x4a247d85, 0xbb3df8d2, 0xf93211ae, 0x29a16dc7, 0x9e2f4b1d, 0xb230f3dc,
+0x8652ec0d, 0xc1e3d077, 0xb3166c2b, 0x70b999a9, 0x9448fa11, 0xe9642247,
+0xfc8cc4a8, 0xf03f1aa0, 0x7d2cd856, 0x3390ef22, 0x494ec787, 0x38d1c1d9,
+0xcaa2fe8c, 0xd40b3698, 0xf581cfa6, 0x7ade28a5, 0xb78e26da, 0xadbfa43f,
+0x3a9de42c, 0x78920d50, 0x5fcc9b6a, 0x7e466254, 0x8d13c2f6, 0xd8b8e890,
+0x39f75e2e, 0xc3aff582, 0x5d80be9f, 0xd0937c69, 0xd52da96f, 0x2512b3cf,
+0xac993bc8, 0x187da710, 0x9c636ee8, 0x3bbb7bdb, 0x267809cd, 0x5918f46e,
+0x9ab701ec, 0x4f9aa883, 0x956e65e6, 0xffe67eaa, 0xbccf0821, 0x15e8e6ef,
+0xe79bd9ba, 0x6f36ce4a, 0x9f09d4ea, 0xb07cd629, 0xa4b2af31, 0x3f23312a,
+0xa59430c6, 0xa266c035, 0x4ebc3774, 0x82caa6fc, 0x90d0b0e0, 0xa7d81533,
+0x04984af1, 0xecdaf741, 0xcd500e7f, 0x91f62f17, 0x4dd68d76, 0xefb04d43,
+0xaa4d54cc, 0x9604dfe4, 0xd1b5e39e, 0x6a881b4c, 0x2c1fb8c1, 0x65517f46,
+0x5eea049d, 0x8c355d01, 0x877473fa, 0x0b412efb, 0x671d5ab3, 0xdbd25292,
+0x105633e9, 0xd647136d, 0xd7618c9a, 0xa10c7a37, 0xf8148e59, 0x133c89eb,
+0xa927eece, 0x61c935b7, 0x1ce5ede1, 0x47b13c7a, 0xd2df599c, 0xf2733f55,
+0x14ce7918, 0xc737bf73, 0xf7cdea53, 0xfdaa5b5f, 0x3d6f14df, 0x44db8678,
+0xaff381ca, 0x68c43eb9, 0x24342c38, 0xa3405fc2, 0x1dc37216, 0xe2250cbc,
+0x3c498b28, 0x0d9541ff, 0xa8017139, 0x0cb3de08, 0xb4e49cd8, 0x56c19064,
+0xcb84617b, 0x32b670d5, 0x6c5c7448, 0xb85742d0  
+};
+#endif
+
+#ifdef IS_LITTLE_ENDIAN
+static const PRUint32 _IMXC0[256] = 
+{
+0x00000000, 0x0b0d090e, 0x161a121c, 0x1d171b12, 0x2c342438, 0x27392d36,
+0x3a2e3624, 0x31233f2a, 0x58684870, 0x5365417e, 0x4e725a6c, 0x457f5362,
+0x745c6c48, 0x7f516546, 0x62467e54, 0x694b775a, 0xb0d090e0, 0xbbdd99ee,
+0xa6ca82fc, 0xadc78bf2, 0x9ce4b4d8, 0x97e9bdd6, 0x8afea6c4, 0x81f3afca,
+0xe8b8d890, 0xe3b5d19e, 0xfea2ca8c, 0xf5afc382, 0xc48cfca8, 0xcf81f5a6,
+0xd296eeb4, 0xd99be7ba, 0x7bbb3bdb, 0x70b632d5, 0x6da129c7, 0x66ac20c9,
+0x578f1fe3, 0x5c8216ed, 0x41950dff, 0x4a9804f1, 0x23d373ab, 0x28de7aa5,
+0x35c961b7, 0x3ec468b9, 0x0fe75793, 0x04ea5e9d, 0x19fd458f, 0x12f04c81,
+0xcb6bab3b, 0xc066a235, 0xdd71b927, 0xd67cb029, 0xe75f8f03, 0xec52860d,
+0xf1459d1f, 0xfa489411, 0x9303e34b, 0x980eea45, 0x8519f157, 0x8e14f859,
+0xbf37c773, 0xb43ace7d, 0xa92dd56f, 0xa220dc61, 0xf66d76ad, 0xfd607fa3,
+0xe07764b1, 0xeb7a6dbf, 0xda595295, 0xd1545b9b, 0xcc434089, 0xc74e4987,
+0xae053edd, 0xa50837d3, 0xb81f2cc1, 0xb31225cf, 0x82311ae5, 0x893c13eb,
+0x942b08f9, 0x9f2601f7, 0x46bde64d, 0x4db0ef43, 0x50a7f451, 0x5baafd5f,
+0x6a89c275, 0x6184cb7b, 0x7c93d069, 0x779ed967, 0x1ed5ae3d, 0x15d8a733,
+0x08cfbc21, 0x03c2b52f, 0x32e18a05, 0x39ec830b, 0x24fb9819, 0x2ff69117,
+0x8dd64d76, 0x86db4478, 0x9bcc5f6a, 0x90c15664, 0xa1e2694e, 0xaaef6040,
+0xb7f87b52, 0xbcf5725c, 0xd5be0506, 0xdeb30c08, 0xc3a4171a, 0xc8a91e14,
+0xf98a213e, 0xf2872830, 0xef903322, 0xe49d3a2c, 0x3d06dd96, 0x360bd498,
+0x2b1ccf8a, 0x2011c684, 0x1132f9ae, 0x1a3ff0a0, 0x0728ebb2, 0x0c25e2bc,
+0x656e95e6, 0x6e639ce8, 0x737487fa, 0x78798ef4, 0x495ab1de, 0x4257b8d0,
+0x5f40a3c2, 0x544daacc, 0xf7daec41, 0xfcd7e54f, 0xe1c0fe5d, 0xeacdf753,
+0xdbeec879, 0xd0e3c177, 0xcdf4da65, 0xc6f9d36b, 0xafb2a431, 0xa4bfad3f,
+0xb9a8b62d, 0xb2a5bf23, 0x83868009, 0x888b8907, 0x959c9215, 0x9e919b1b,
+0x470a7ca1, 0x4c0775af, 0x51106ebd, 0x5a1d67b3, 0x6b3e5899, 0x60335197,
+0x7d244a85, 0x7629438b, 0x1f6234d1, 0x146f3ddf, 0x097826cd, 0x02752fc3,
+0x335610e9, 0x385b19e7, 0x254c02f5, 0x2e410bfb, 0x8c61d79a, 0x876cde94,
+0x9a7bc586, 0x9176cc88, 0xa055f3a2, 0xab58faac, 0xb64fe1be, 0xbd42e8b0,
+0xd4099fea, 0xdf0496e4, 0xc2138df6, 0xc91e84f8, 0xf83dbbd2, 0xf330b2dc,
+0xee27a9ce, 0xe52aa0c0, 0x3cb1477a, 0x37bc4e74, 0x2aab5566, 0x21a65c68,
+0x10856342, 0x1b886a4c, 0x069f715e, 0x0d927850, 0x64d90f0a, 0x6fd40604,
+0x72c31d16, 0x79ce1418, 0x48ed2b32, 0x43e0223c, 0x5ef7392e, 0x55fa3020,
+0x01b79aec, 0x0aba93e2, 0x17ad88f0, 0x1ca081fe, 0x2d83bed4, 0x268eb7da,
+0x3b99acc8, 0x3094a5c6, 0x59dfd29c, 0x52d2db92, 0x4fc5c080, 0x44c8c98e,
+0x75ebf6a4, 0x7ee6ffaa, 0x63f1e4b8, 0x68fcedb6, 0xb1670a0c, 0xba6a0302,
+0xa77d1810, 0xac70111e, 0x9d532e34, 0x965e273a, 0x8b493c28, 0x80443526,
+0xe90f427c, 0xe2024b72, 0xff155060, 0xf418596e, 0xc53b6644, 0xce366f4a,
+0xd3217458, 0xd82c7d56, 0x7a0ca137, 0x7101a839, 0x6c16b32b, 0x671bba25,
+0x5638850f, 0x5d358c01, 0x40229713, 0x4b2f9e1d, 0x2264e947, 0x2969e049,
+0x347efb5b, 0x3f73f255, 0x0e50cd7f, 0x055dc471, 0x184adf63, 0x1347d66d,
+0xcadc31d7, 0xc1d138d9, 0xdcc623cb, 0xd7cb2ac5, 0xe6e815ef, 0xede51ce1,
+0xf0f207f3, 0xfbff0efd, 0x92b479a7, 0x99b970a9, 0x84ae6bbb, 0x8fa362b5,
+0xbe805d9f, 0xb58d5491, 0xa89a4f83, 0xa397468d  
+};
+#else
+static const PRUint32 _IMXC0[256] = 
+{
+0x00000000, 0x0e090d0b, 0x1c121a16, 0x121b171d, 0x3824342c, 0x362d3927,
+0x24362e3a, 0x2a3f2331, 0x70486858, 0x7e416553, 0x6c5a724e, 0x62537f45,
+0x486c5c74, 0x4665517f, 0x547e4662, 0x5a774b69, 0xe090d0b0, 0xee99ddbb,
+0xfc82caa6, 0xf28bc7ad, 0xd8b4e49c, 0xd6bde997, 0xc4a6fe8a, 0xcaaff381,
+0x90d8b8e8, 0x9ed1b5e3, 0x8ccaa2fe, 0x82c3aff5, 0xa8fc8cc4, 0xa6f581cf,
+0xb4ee96d2, 0xbae79bd9, 0xdb3bbb7b, 0xd532b670, 0xc729a16d, 0xc920ac66,
+0xe31f8f57, 0xed16825c, 0xff0d9541, 0xf104984a, 0xab73d323, 0xa57ade28,
+0xb761c935, 0xb968c43e, 0x9357e70f, 0x9d5eea04, 0x8f45fd19, 0x814cf012,
+0x3bab6bcb, 0x35a266c0, 0x27b971dd, 0x29b07cd6, 0x038f5fe7, 0x0d8652ec,
+0x1f9d45f1, 0x119448fa, 0x4be30393, 0x45ea0e98, 0x57f11985, 0x59f8148e,
+0x73c737bf, 0x7dce3ab4, 0x6fd52da9, 0x61dc20a2, 0xad766df6, 0xa37f60fd,
+0xb16477e0, 0xbf6d7aeb, 0x955259da, 0x9b5b54d1, 0x894043cc, 0x87494ec7,
+0xdd3e05ae, 0xd33708a5, 0xc12c1fb8, 0xcf2512b3, 0xe51a3182, 0xeb133c89,
+0xf9082b94, 0xf701269f, 0x4de6bd46, 0x43efb04d, 0x51f4a750, 0x5ffdaa5b,
+0x75c2896a, 0x7bcb8461, 0x69d0937c, 0x67d99e77, 0x3daed51e, 0x33a7d815,
+0x21bccf08, 0x2fb5c203, 0x058ae132, 0x0b83ec39, 0x1998fb24, 0x1791f62f,
+0x764dd68d, 0x7844db86, 0x6a5fcc9b, 0x6456c190, 0x4e69e2a1, 0x4060efaa,
+0x527bf8b7, 0x5c72f5bc, 0x0605bed5, 0x080cb3de, 0x1a17a4c3, 0x141ea9c8,
+0x3e218af9, 0x302887f2, 0x223390ef, 0x2c3a9de4, 0x96dd063d, 0x98d40b36,
+0x8acf1c2b, 0x84c61120, 0xaef93211, 0xa0f03f1a, 0xb2eb2807, 0xbce2250c,
+0xe6956e65, 0xe89c636e, 0xfa877473, 0xf48e7978, 0xdeb15a49, 0xd0b85742,
+0xc2a3405f, 0xccaa4d54, 0x41ecdaf7, 0x4fe5d7fc, 0x5dfec0e1, 0x53f7cdea,
+0x79c8eedb, 0x77c1e3d0, 0x65daf4cd, 0x6bd3f9c6, 0x31a4b2af, 0x3fadbfa4,
+0x2db6a8b9, 0x23bfa5b2, 0x09808683, 0x07898b88, 0x15929c95, 0x1b9b919e,
+0xa17c0a47, 0xaf75074c, 0xbd6e1051, 0xb3671d5a, 0x99583e6b, 0x97513360,
+0x854a247d, 0x8b432976, 0xd134621f, 0xdf3d6f14, 0xcd267809, 0xc32f7502,
+0xe9105633, 0xe7195b38, 0xf5024c25, 0xfb0b412e, 0x9ad7618c, 0x94de6c87,
+0x86c57b9a, 0x88cc7691, 0xa2f355a0, 0xacfa58ab, 0xbee14fb6, 0xb0e842bd,
+0xea9f09d4, 0xe49604df, 0xf68d13c2, 0xf8841ec9, 0xd2bb3df8, 0xdcb230f3,
+0xcea927ee, 0xc0a02ae5, 0x7a47b13c, 0x744ebc37, 0x6655ab2a, 0x685ca621,
+0x42638510, 0x4c6a881b, 0x5e719f06, 0x5078920d, 0x0a0fd964, 0x0406d46f,
+0x161dc372, 0x1814ce79, 0x322bed48, 0x3c22e043, 0x2e39f75e, 0x2030fa55,
+0xec9ab701, 0xe293ba0a, 0xf088ad17, 0xfe81a01c, 0xd4be832d, 0xdab78e26,
+0xc8ac993b, 0xc6a59430, 0x9cd2df59, 0x92dbd252, 0x80c0c54f, 0x8ec9c844,
+0xa4f6eb75, 0xaaffe67e, 0xb8e4f163, 0xb6edfc68, 0x0c0a67b1, 0x02036aba,
+0x10187da7, 0x1e1170ac, 0x342e539d, 0x3a275e96, 0x283c498b, 0x26354480,
+0x7c420fe9, 0x724b02e2, 0x605015ff, 0x6e5918f4, 0x44663bc5, 0x4a6f36ce,
+0x587421d3, 0x567d2cd8, 0x37a10c7a, 0x39a80171, 0x2bb3166c, 0x25ba1b67,
+0x0f853856, 0x018c355d, 0x13972240, 0x1d9e2f4b, 0x47e96422, 0x49e06929,
+0x5bfb7e34, 0x55f2733f, 0x7fcd500e, 0x71c45d05, 0x63df4a18, 0x6dd64713,
+0xd731dcca, 0xd938d1c1, 0xcb23c6dc, 0xc52acbd7, 0xef15e8e6, 0xe11ce5ed,
+0xf307f2f0, 0xfd0efffb, 0xa779b492, 0xa970b999, 0xbb6bae84, 0xb562a38f,
+0x9f5d80be, 0x91548db5, 0x834f9aa8, 0x8d4697a3  
+};
+#endif
+
+#ifdef IS_LITTLE_ENDIAN
+static const PRUint32 _IMXC1[256] = 
+{
+0x00000000, 0x0d090e0b, 0x1a121c16, 0x171b121d, 0x3424382c, 0x392d3627,
+0x2e36243a, 0x233f2a31, 0x68487058, 0x65417e53, 0x725a6c4e, 0x7f536245,
+0x5c6c4874, 0x5165467f, 0x467e5462, 0x4b775a69, 0xd090e0b0, 0xdd99eebb,
+0xca82fca6, 0xc78bf2ad, 0xe4b4d89c, 0xe9bdd697, 0xfea6c48a, 0xf3afca81,
+0xb8d890e8, 0xb5d19ee3, 0xa2ca8cfe, 0xafc382f5, 0x8cfca8c4, 0x81f5a6cf,
+0x96eeb4d2, 0x9be7bad9, 0xbb3bdb7b, 0xb632d570, 0xa129c76d, 0xac20c966,
+0x8f1fe357, 0x8216ed5c, 0x950dff41, 0x9804f14a, 0xd373ab23, 0xde7aa528,
+0xc961b735, 0xc468b93e, 0xe757930f, 0xea5e9d04, 0xfd458f19, 0xf04c8112,
+0x6bab3bcb, 0x66a235c0, 0x71b927dd, 0x7cb029d6, 0x5f8f03e7, 0x52860dec,
+0x459d1ff1, 0x489411fa, 0x03e34b93, 0x0eea4598, 0x19f15785, 0x14f8598e,
+0x37c773bf, 0x3ace7db4, 0x2dd56fa9, 0x20dc61a2, 0x6d76adf6, 0x607fa3fd,
+0x7764b1e0, 0x7a6dbfeb, 0x595295da, 0x545b9bd1, 0x434089cc, 0x4e4987c7,
+0x053eddae, 0x0837d3a5, 0x1f2cc1b8, 0x1225cfb3, 0x311ae582, 0x3c13eb89,
+0x2b08f994, 0x2601f79f, 0xbde64d46, 0xb0ef434d, 0xa7f45150, 0xaafd5f5b,
+0x89c2756a, 0x84cb7b61, 0x93d0697c, 0x9ed96777, 0xd5ae3d1e, 0xd8a73315,
+0xcfbc2108, 0xc2b52f03, 0xe18a0532, 0xec830b39, 0xfb981924, 0xf691172f,
+0xd64d768d, 0xdb447886, 0xcc5f6a9b, 0xc1566490, 0xe2694ea1, 0xef6040aa,
+0xf87b52b7, 0xf5725cbc, 0xbe0506d5, 0xb30c08de, 0xa4171ac3, 0xa91e14c8,
+0x8a213ef9, 0x872830f2, 0x903322ef, 0x9d3a2ce4, 0x06dd963d, 0x0bd49836,
+0x1ccf8a2b, 0x11c68420, 0x32f9ae11, 0x3ff0a01a, 0x28ebb207, 0x25e2bc0c,
+0x6e95e665, 0x639ce86e, 0x7487fa73, 0x798ef478, 0x5ab1de49, 0x57b8d042,
+0x40a3c25f, 0x4daacc54, 0xdaec41f7, 0xd7e54ffc, 0xc0fe5de1, 0xcdf753ea,
+0xeec879db, 0xe3c177d0, 0xf4da65cd, 0xf9d36bc6, 0xb2a431af, 0xbfad3fa4,
+0xa8b62db9, 0xa5bf23b2, 0x86800983, 0x8b890788, 0x9c921595, 0x919b1b9e,
+0x0a7ca147, 0x0775af4c, 0x106ebd51, 0x1d67b35a, 0x3e58996b, 0x33519760,
+0x244a857d, 0x29438b76, 0x6234d11f, 0x6f3ddf14, 0x7826cd09, 0x752fc302,
+0x5610e933, 0x5b19e738, 0x4c02f525, 0x410bfb2e, 0x61d79a8c, 0x6cde9487,
+0x7bc5869a, 0x76cc8891, 0x55f3a2a0, 0x58faacab, 0x4fe1beb6, 0x42e8b0bd,
+0x099fead4, 0x0496e4df, 0x138df6c2, 0x1e84f8c9, 0x3dbbd2f8, 0x30b2dcf3,
+0x27a9ceee, 0x2aa0c0e5, 0xb1477a3c, 0xbc4e7437, 0xab55662a, 0xa65c6821,
+0x85634210, 0x886a4c1b, 0x9f715e06, 0x9278500d, 0xd90f0a64, 0xd406046f,
+0xc31d1672, 0xce141879, 0xed2b3248, 0xe0223c43, 0xf7392e5e, 0xfa302055,
+0xb79aec01, 0xba93e20a, 0xad88f017, 0xa081fe1c, 0x83bed42d, 0x8eb7da26,
+0x99acc83b, 0x94a5c630, 0xdfd29c59, 0xd2db9252, 0xc5c0804f, 0xc8c98e44,
+0xebf6a475, 0xe6ffaa7e, 0xf1e4b863, 0xfcedb668, 0x670a0cb1, 0x6a0302ba,
+0x7d1810a7, 0x70111eac, 0x532e349d, 0x5e273a96, 0x493c288b, 0x44352680,
+0x0f427ce9, 0x024b72e2, 0x155060ff, 0x18596ef4, 0x3b6644c5, 0x366f4ace,
+0x217458d3, 0x2c7d56d8, 0x0ca1377a, 0x01a83971, 0x16b32b6c, 0x1bba2567,
+0x38850f56, 0x358c015d, 0x22971340, 0x2f9e1d4b, 0x64e94722, 0x69e04929,
+0x7efb5b34, 0x73f2553f, 0x50cd7f0e, 0x5dc47105, 0x4adf6318, 0x47d66d13,
+0xdc31d7ca, 0xd138d9c1, 0xc623cbdc, 0xcb2ac5d7, 0xe815efe6, 0xe51ce1ed,
+0xf207f3f0, 0xff0efdfb, 0xb479a792, 0xb970a999, 0xae6bbb84, 0xa362b58f,
+0x805d9fbe, 0x8d5491b5, 0x9a4f83a8, 0x97468da3  
+};
+#else
+static const PRUint32 _IMXC1[256] = 
+{
+0x00000000, 0x0b0e090d, 0x161c121a, 0x1d121b17, 0x2c382434, 0x27362d39,
+0x3a24362e, 0x312a3f23, 0x58704868, 0x537e4165, 0x4e6c5a72, 0x4562537f,
+0x74486c5c, 0x7f466551, 0x62547e46, 0x695a774b, 0xb0e090d0, 0xbbee99dd,
+0xa6fc82ca, 0xadf28bc7, 0x9cd8b4e4, 0x97d6bde9, 0x8ac4a6fe, 0x81caaff3,
+0xe890d8b8, 0xe39ed1b5, 0xfe8ccaa2, 0xf582c3af, 0xc4a8fc8c, 0xcfa6f581,
+0xd2b4ee96, 0xd9bae79b, 0x7bdb3bbb, 0x70d532b6, 0x6dc729a1, 0x66c920ac,
+0x57e31f8f, 0x5ced1682, 0x41ff0d95, 0x4af10498, 0x23ab73d3, 0x28a57ade,
+0x35b761c9, 0x3eb968c4, 0x0f9357e7, 0x049d5eea, 0x198f45fd, 0x12814cf0,
+0xcb3bab6b, 0xc035a266, 0xdd27b971, 0xd629b07c, 0xe7038f5f, 0xec0d8652,
+0xf11f9d45, 0xfa119448, 0x934be303, 0x9845ea0e, 0x8557f119, 0x8e59f814,
+0xbf73c737, 0xb47dce3a, 0xa96fd52d, 0xa261dc20, 0xf6ad766d, 0xfda37f60,
+0xe0b16477, 0xebbf6d7a, 0xda955259, 0xd19b5b54, 0xcc894043, 0xc787494e,
+0xaedd3e05, 0xa5d33708, 0xb8c12c1f, 0xb3cf2512, 0x82e51a31, 0x89eb133c,
+0x94f9082b, 0x9ff70126, 0x464de6bd, 0x4d43efb0, 0x5051f4a7, 0x5b5ffdaa,
+0x6a75c289, 0x617bcb84, 0x7c69d093, 0x7767d99e, 0x1e3daed5, 0x1533a7d8,
+0x0821bccf, 0x032fb5c2, 0x32058ae1, 0x390b83ec, 0x241998fb, 0x2f1791f6,
+0x8d764dd6, 0x867844db, 0x9b6a5fcc, 0x906456c1, 0xa14e69e2, 0xaa4060ef,
+0xb7527bf8, 0xbc5c72f5, 0xd50605be, 0xde080cb3, 0xc31a17a4, 0xc8141ea9,
+0xf93e218a, 0xf2302887, 0xef223390, 0xe42c3a9d, 0x3d96dd06, 0x3698d40b,
+0x2b8acf1c, 0x2084c611, 0x11aef932, 0x1aa0f03f, 0x07b2eb28, 0x0cbce225,
+0x65e6956e, 0x6ee89c63, 0x73fa8774, 0x78f48e79, 0x49deb15a, 0x42d0b857,
+0x5fc2a340, 0x54ccaa4d, 0xf741ecda, 0xfc4fe5d7, 0xe15dfec0, 0xea53f7cd,
+0xdb79c8ee, 0xd077c1e3, 0xcd65daf4, 0xc66bd3f9, 0xaf31a4b2, 0xa43fadbf,
+0xb92db6a8, 0xb223bfa5, 0x83098086, 0x8807898b, 0x9515929c, 0x9e1b9b91,
+0x47a17c0a, 0x4caf7507, 0x51bd6e10, 0x5ab3671d, 0x6b99583e, 0x60975133,
+0x7d854a24, 0x768b4329, 0x1fd13462, 0x14df3d6f, 0x09cd2678, 0x02c32f75,
+0x33e91056, 0x38e7195b, 0x25f5024c, 0x2efb0b41, 0x8c9ad761, 0x8794de6c,
+0x9a86c57b, 0x9188cc76, 0xa0a2f355, 0xabacfa58, 0xb6bee14f, 0xbdb0e842,
+0xd4ea9f09, 0xdfe49604, 0xc2f68d13, 0xc9f8841e, 0xf8d2bb3d, 0xf3dcb230,
+0xeecea927, 0xe5c0a02a, 0x3c7a47b1, 0x37744ebc, 0x2a6655ab, 0x21685ca6,
+0x10426385, 0x1b4c6a88, 0x065e719f, 0x0d507892, 0x640a0fd9, 0x6f0406d4,
+0x72161dc3, 0x791814ce, 0x48322bed, 0x433c22e0, 0x5e2e39f7, 0x552030fa,
+0x01ec9ab7, 0x0ae293ba, 0x17f088ad, 0x1cfe81a0, 0x2dd4be83, 0x26dab78e,
+0x3bc8ac99, 0x30c6a594, 0x599cd2df, 0x5292dbd2, 0x4f80c0c5, 0x448ec9c8,
+0x75a4f6eb, 0x7eaaffe6, 0x63b8e4f1, 0x68b6edfc, 0xb10c0a67, 0xba02036a,
+0xa710187d, 0xac1e1170, 0x9d342e53, 0x963a275e, 0x8b283c49, 0x80263544,
+0xe97c420f, 0xe2724b02, 0xff605015, 0xf46e5918, 0xc544663b, 0xce4a6f36,
+0xd3587421, 0xd8567d2c, 0x7a37a10c, 0x7139a801, 0x6c2bb316, 0x6725ba1b,
+0x560f8538, 0x5d018c35, 0x40139722, 0x4b1d9e2f, 0x2247e964, 0x2949e069,
+0x345bfb7e, 0x3f55f273, 0x0e7fcd50, 0x0571c45d, 0x1863df4a, 0x136dd647,
+0xcad731dc, 0xc1d938d1, 0xdccb23c6, 0xd7c52acb, 0xe6ef15e8, 0xede11ce5,
+0xf0f307f2, 0xfbfd0eff, 0x92a779b4, 0x99a970b9, 0x84bb6bae, 0x8fb562a3,
+0xbe9f5d80, 0xb591548d, 0xa8834f9a, 0xa38d4697  
+};
+#endif
+
+#ifdef IS_LITTLE_ENDIAN
+static const PRUint32 _IMXC2[256] = 
+{
+0x00000000, 0x090e0b0d, 0x121c161a, 0x1b121d17, 0x24382c34, 0x2d362739,
+0x36243a2e, 0x3f2a3123, 0x48705868, 0x417e5365, 0x5a6c4e72, 0x5362457f,
+0x6c48745c, 0x65467f51, 0x7e546246, 0x775a694b, 0x90e0b0d0, 0x99eebbdd,
+0x82fca6ca, 0x8bf2adc7, 0xb4d89ce4, 0xbdd697e9, 0xa6c48afe, 0xafca81f3,
+0xd890e8b8, 0xd19ee3b5, 0xca8cfea2, 0xc382f5af, 0xfca8c48c, 0xf5a6cf81,
+0xeeb4d296, 0xe7bad99b, 0x3bdb7bbb, 0x32d570b6, 0x29c76da1, 0x20c966ac,
+0x1fe3578f, 0x16ed5c82, 0x0dff4195, 0x04f14a98, 0x73ab23d3, 0x7aa528de,
+0x61b735c9, 0x68b93ec4, 0x57930fe7, 0x5e9d04ea, 0x458f19fd, 0x4c8112f0,
+0xab3bcb6b, 0xa235c066, 0xb927dd71, 0xb029d67c, 0x8f03e75f, 0x860dec52,
+0x9d1ff145, 0x9411fa48, 0xe34b9303, 0xea45980e, 0xf1578519, 0xf8598e14,
+0xc773bf37, 0xce7db43a, 0xd56fa92d, 0xdc61a220, 0x76adf66d, 0x7fa3fd60,
+0x64b1e077, 0x6dbfeb7a, 0x5295da59, 0x5b9bd154, 0x4089cc43, 0x4987c74e,
+0x3eddae05, 0x37d3a508, 0x2cc1b81f, 0x25cfb312, 0x1ae58231, 0x13eb893c,
+0x08f9942b, 0x01f79f26, 0xe64d46bd, 0xef434db0, 0xf45150a7, 0xfd5f5baa,
+0xc2756a89, 0xcb7b6184, 0xd0697c93, 0xd967779e, 0xae3d1ed5, 0xa73315d8,
+0xbc2108cf, 0xb52f03c2, 0x8a0532e1, 0x830b39ec, 0x981924fb, 0x91172ff6,
+0x4d768dd6, 0x447886db, 0x5f6a9bcc, 0x566490c1, 0x694ea1e2, 0x6040aaef,
+0x7b52b7f8, 0x725cbcf5, 0x0506d5be, 0x0c08deb3, 0x171ac3a4, 0x1e14c8a9,
+0x213ef98a, 0x2830f287, 0x3322ef90, 0x3a2ce49d, 0xdd963d06, 0xd498360b,
+0xcf8a2b1c, 0xc6842011, 0xf9ae1132, 0xf0a01a3f, 0xebb20728, 0xe2bc0c25,
+0x95e6656e, 0x9ce86e63, 0x87fa7374, 0x8ef47879, 0xb1de495a, 0xb8d04257,
+0xa3c25f40, 0xaacc544d, 0xec41f7da, 0xe54ffcd7, 0xfe5de1c0, 0xf753eacd,
+0xc879dbee, 0xc177d0e3, 0xda65cdf4, 0xd36bc6f9, 0xa431afb2, 0xad3fa4bf,
+0xb62db9a8, 0xbf23b2a5, 0x80098386, 0x8907888b, 0x9215959c, 0x9b1b9e91,
+0x7ca1470a, 0x75af4c07, 0x6ebd5110, 0x67b35a1d, 0x58996b3e, 0x51976033,
+0x4a857d24, 0x438b7629, 0x34d11f62, 0x3ddf146f, 0x26cd0978, 0x2fc30275,
+0x10e93356, 0x19e7385b, 0x02f5254c, 0x0bfb2e41, 0xd79a8c61, 0xde94876c,
+0xc5869a7b, 0xcc889176, 0xf3a2a055, 0xfaacab58, 0xe1beb64f, 0xe8b0bd42,
+0x9fead409, 0x96e4df04, 0x8df6c213, 0x84f8c91e, 0xbbd2f83d, 0xb2dcf330,
+0xa9ceee27, 0xa0c0e52a, 0x477a3cb1, 0x4e7437bc, 0x55662aab, 0x5c6821a6,
+0x63421085, 0x6a4c1b88, 0x715e069f, 0x78500d92, 0x0f0a64d9, 0x06046fd4,
+0x1d1672c3, 0x141879ce, 0x2b3248ed, 0x223c43e0, 0x392e5ef7, 0x302055fa,
+0x9aec01b7, 0x93e20aba, 0x88f017ad, 0x81fe1ca0, 0xbed42d83, 0xb7da268e,
+0xacc83b99, 0xa5c63094, 0xd29c59df, 0xdb9252d2, 0xc0804fc5, 0xc98e44c8,
+0xf6a475eb, 0xffaa7ee6, 0xe4b863f1, 0xedb668fc, 0x0a0cb167, 0x0302ba6a,
+0x1810a77d, 0x111eac70, 0x2e349d53, 0x273a965e, 0x3c288b49, 0x35268044,
+0x427ce90f, 0x4b72e202, 0x5060ff15, 0x596ef418, 0x6644c53b, 0x6f4ace36,
+0x7458d321, 0x7d56d82c, 0xa1377a0c, 0xa8397101, 0xb32b6c16, 0xba25671b,
+0x850f5638, 0x8c015d35, 0x97134022, 0x9e1d4b2f, 0xe9472264, 0xe0492969,
+0xfb5b347e, 0xf2553f73, 0xcd7f0e50, 0xc471055d, 0xdf63184a, 0xd66d1347,
+0x31d7cadc, 0x38d9c1d1, 0x23cbdcc6, 0x2ac5d7cb, 0x15efe6e8, 0x1ce1ede5,
+0x07f3f0f2, 0x0efdfbff, 0x79a792b4, 0x70a999b9, 0x6bbb84ae, 0x62b58fa3,
+0x5d9fbe80, 0x5491b58d, 0x4f83a89a, 0x468da397  
+};
+#else
+static const PRUint32 _IMXC2[256] = 
+{
+0x00000000, 0x0d0b0e09, 0x1a161c12, 0x171d121b, 0x342c3824, 0x3927362d,
+0x2e3a2436, 0x23312a3f, 0x68587048, 0x65537e41, 0x724e6c5a, 0x7f456253,
+0x5c74486c, 0x517f4665, 0x4662547e, 0x4b695a77, 0xd0b0e090, 0xddbbee99,
+0xcaa6fc82, 0xc7adf28b, 0xe49cd8b4, 0xe997d6bd, 0xfe8ac4a6, 0xf381caaf,
+0xb8e890d8, 0xb5e39ed1, 0xa2fe8cca, 0xaff582c3, 0x8cc4a8fc, 0x81cfa6f5,
+0x96d2b4ee, 0x9bd9bae7, 0xbb7bdb3b, 0xb670d532, 0xa16dc729, 0xac66c920,
+0x8f57e31f, 0x825ced16, 0x9541ff0d, 0x984af104, 0xd323ab73, 0xde28a57a,
+0xc935b761, 0xc43eb968, 0xe70f9357, 0xea049d5e, 0xfd198f45, 0xf012814c,
+0x6bcb3bab, 0x66c035a2, 0x71dd27b9, 0x7cd629b0, 0x5fe7038f, 0x52ec0d86,
+0x45f11f9d, 0x48fa1194, 0x03934be3, 0x0e9845ea, 0x198557f1, 0x148e59f8,
+0x37bf73c7, 0x3ab47dce, 0x2da96fd5, 0x20a261dc, 0x6df6ad76, 0x60fda37f,
+0x77e0b164, 0x7aebbf6d, 0x59da9552, 0x54d19b5b, 0x43cc8940, 0x4ec78749,
+0x05aedd3e, 0x08a5d337, 0x1fb8c12c, 0x12b3cf25, 0x3182e51a, 0x3c89eb13,
+0x2b94f908, 0x269ff701, 0xbd464de6, 0xb04d43ef, 0xa75051f4, 0xaa5b5ffd,
+0x896a75c2, 0x84617bcb, 0x937c69d0, 0x9e7767d9, 0xd51e3dae, 0xd81533a7,
+0xcf0821bc, 0xc2032fb5, 0xe132058a, 0xec390b83, 0xfb241998, 0xf62f1791,
+0xd68d764d, 0xdb867844, 0xcc9b6a5f, 0xc1906456, 0xe2a14e69, 0xefaa4060,
+0xf8b7527b, 0xf5bc5c72, 0xbed50605, 0xb3de080c, 0xa4c31a17, 0xa9c8141e,
+0x8af93e21, 0x87f23028, 0x90ef2233, 0x9de42c3a, 0x063d96dd, 0x0b3698d4,
+0x1c2b8acf, 0x112084c6, 0x3211aef9, 0x3f1aa0f0, 0x2807b2eb, 0x250cbce2,
+0x6e65e695, 0x636ee89c, 0x7473fa87, 0x7978f48e, 0x5a49deb1, 0x5742d0b8,
+0x405fc2a3, 0x4d54ccaa, 0xdaf741ec, 0xd7fc4fe5, 0xc0e15dfe, 0xcdea53f7,
+0xeedb79c8, 0xe3d077c1, 0xf4cd65da, 0xf9c66bd3, 0xb2af31a4, 0xbfa43fad,
+0xa8b92db6, 0xa5b223bf, 0x86830980, 0x8b880789, 0x9c951592, 0x919e1b9b,
+0x0a47a17c, 0x074caf75, 0x1051bd6e, 0x1d5ab367, 0x3e6b9958, 0x33609751,
+0x247d854a, 0x29768b43, 0x621fd134, 0x6f14df3d, 0x7809cd26, 0x7502c32f,
+0x5633e910, 0x5b38e719, 0x4c25f502, 0x412efb0b, 0x618c9ad7, 0x6c8794de,
+0x7b9a86c5, 0x769188cc, 0x55a0a2f3, 0x58abacfa, 0x4fb6bee1, 0x42bdb0e8,
+0x09d4ea9f, 0x04dfe496, 0x13c2f68d, 0x1ec9f884, 0x3df8d2bb, 0x30f3dcb2,
+0x27eecea9, 0x2ae5c0a0, 0xb13c7a47, 0xbc37744e, 0xab2a6655, 0xa621685c,
+0x85104263, 0x881b4c6a, 0x9f065e71, 0x920d5078, 0xd9640a0f, 0xd46f0406,
+0xc372161d, 0xce791814, 0xed48322b, 0xe0433c22, 0xf75e2e39, 0xfa552030,
+0xb701ec9a, 0xba0ae293, 0xad17f088, 0xa01cfe81, 0x832dd4be, 0x8e26dab7,
+0x993bc8ac, 0x9430c6a5, 0xdf599cd2, 0xd25292db, 0xc54f80c0, 0xc8448ec9,
+0xeb75a4f6, 0xe67eaaff, 0xf163b8e4, 0xfc68b6ed, 0x67b10c0a, 0x6aba0203,
+0x7da71018, 0x70ac1e11, 0x539d342e, 0x5e963a27, 0x498b283c, 0x44802635,
+0x0fe97c42, 0x02e2724b, 0x15ff6050, 0x18f46e59, 0x3bc54466, 0x36ce4a6f,
+0x21d35874, 0x2cd8567d, 0x0c7a37a1, 0x017139a8, 0x166c2bb3, 0x1b6725ba,
+0x38560f85, 0x355d018c, 0x22401397, 0x2f4b1d9e, 0x642247e9, 0x692949e0,
+0x7e345bfb, 0x733f55f2, 0x500e7fcd, 0x5d0571c4, 0x4a1863df, 0x47136dd6,
+0xdccad731, 0xd1c1d938, 0xc6dccb23, 0xcbd7c52a, 0xe8e6ef15, 0xe5ede11c,
+0xf2f0f307, 0xfffbfd0e, 0xb492a779, 0xb999a970, 0xae84bb6b, 0xa38fb562,
+0x80be9f5d, 0x8db59154, 0x9aa8834f, 0x97a38d46  
+};
+#endif
+
+#ifdef IS_LITTLE_ENDIAN
+static const PRUint32 _IMXC3[256] = 
+{
+0x00000000, 0x0e0b0d09, 0x1c161a12, 0x121d171b, 0x382c3424, 0x3627392d,
+0x243a2e36, 0x2a31233f, 0x70586848, 0x7e536541, 0x6c4e725a, 0x62457f53,
+0x48745c6c, 0x467f5165, 0x5462467e, 0x5a694b77, 0xe0b0d090, 0xeebbdd99,
+0xfca6ca82, 0xf2adc78b, 0xd89ce4b4, 0xd697e9bd, 0xc48afea6, 0xca81f3af,
+0x90e8b8d8, 0x9ee3b5d1, 0x8cfea2ca, 0x82f5afc3, 0xa8c48cfc, 0xa6cf81f5,
+0xb4d296ee, 0xbad99be7, 0xdb7bbb3b, 0xd570b632, 0xc76da129, 0xc966ac20,
+0xe3578f1f, 0xed5c8216, 0xff41950d, 0xf14a9804, 0xab23d373, 0xa528de7a,
+0xb735c961, 0xb93ec468, 0x930fe757, 0x9d04ea5e, 0x8f19fd45, 0x8112f04c,
+0x3bcb6bab, 0x35c066a2, 0x27dd71b9, 0x29d67cb0, 0x03e75f8f, 0x0dec5286,
+0x1ff1459d, 0x11fa4894, 0x4b9303e3, 0x45980eea, 0x578519f1, 0x598e14f8,
+0x73bf37c7, 0x7db43ace, 0x6fa92dd5, 0x61a220dc, 0xadf66d76, 0xa3fd607f,
+0xb1e07764, 0xbfeb7a6d, 0x95da5952, 0x9bd1545b, 0x89cc4340, 0x87c74e49,
+0xddae053e, 0xd3a50837, 0xc1b81f2c, 0xcfb31225, 0xe582311a, 0xeb893c13,
+0xf9942b08, 0xf79f2601, 0x4d46bde6, 0x434db0ef, 0x5150a7f4, 0x5f5baafd,
+0x756a89c2, 0x7b6184cb, 0x697c93d0, 0x67779ed9, 0x3d1ed5ae, 0x3315d8a7,
+0x2108cfbc, 0x2f03c2b5, 0x0532e18a, 0x0b39ec83, 0x1924fb98, 0x172ff691,
+0x768dd64d, 0x7886db44, 0x6a9bcc5f, 0x6490c156, 0x4ea1e269, 0x40aaef60,
+0x52b7f87b, 0x5cbcf572, 0x06d5be05, 0x08deb30c, 0x1ac3a417, 0x14c8a91e,
+0x3ef98a21, 0x30f28728, 0x22ef9033, 0x2ce49d3a, 0x963d06dd, 0x98360bd4,
+0x8a2b1ccf, 0x842011c6, 0xae1132f9, 0xa01a3ff0, 0xb20728eb, 0xbc0c25e2,
+0xe6656e95, 0xe86e639c, 0xfa737487, 0xf478798e, 0xde495ab1, 0xd04257b8,
+0xc25f40a3, 0xcc544daa, 0x41f7daec, 0x4ffcd7e5, 0x5de1c0fe, 0x53eacdf7,
+0x79dbeec8, 0x77d0e3c1, 0x65cdf4da, 0x6bc6f9d3, 0x31afb2a4, 0x3fa4bfad,
+0x2db9a8b6, 0x23b2a5bf, 0x09838680, 0x07888b89, 0x15959c92, 0x1b9e919b,
+0xa1470a7c, 0xaf4c0775, 0xbd51106e, 0xb35a1d67, 0x996b3e58, 0x97603351,
+0x857d244a, 0x8b762943, 0xd11f6234, 0xdf146f3d, 0xcd097826, 0xc302752f,
+0xe9335610, 0xe7385b19, 0xf5254c02, 0xfb2e410b, 0x9a8c61d7, 0x94876cde,
+0x869a7bc5, 0x889176cc, 0xa2a055f3, 0xacab58fa, 0xbeb64fe1, 0xb0bd42e8,
+0xead4099f, 0xe4df0496, 0xf6c2138d, 0xf8c91e84, 0xd2f83dbb, 0xdcf330b2,
+0xceee27a9, 0xc0e52aa0, 0x7a3cb147, 0x7437bc4e, 0x662aab55, 0x6821a65c,
+0x42108563, 0x4c1b886a, 0x5e069f71, 0x500d9278, 0x0a64d90f, 0x046fd406,
+0x1672c31d, 0x1879ce14, 0x3248ed2b, 0x3c43e022, 0x2e5ef739, 0x2055fa30,
+0xec01b79a, 0xe20aba93, 0xf017ad88, 0xfe1ca081, 0xd42d83be, 0xda268eb7,
+0xc83b99ac, 0xc63094a5, 0x9c59dfd2, 0x9252d2db, 0x804fc5c0, 0x8e44c8c9,
+0xa475ebf6, 0xaa7ee6ff, 0xb863f1e4, 0xb668fced, 0x0cb1670a, 0x02ba6a03,
+0x10a77d18, 0x1eac7011, 0x349d532e, 0x3a965e27, 0x288b493c, 0x26804435,
+0x7ce90f42, 0x72e2024b, 0x60ff1550, 0x6ef41859, 0x44c53b66, 0x4ace366f,
+0x58d32174, 0x56d82c7d, 0x377a0ca1, 0x397101a8, 0x2b6c16b3, 0x25671bba,
+0x0f563885, 0x015d358c, 0x13402297, 0x1d4b2f9e, 0x472264e9, 0x492969e0,
+0x5b347efb, 0x553f73f2, 0x7f0e50cd, 0x71055dc4, 0x63184adf, 0x6d1347d6,
+0xd7cadc31, 0xd9c1d138, 0xcbdcc623, 0xc5d7cb2a, 0xefe6e815, 0xe1ede51c,
+0xf3f0f207, 0xfdfbff0e, 0xa792b479, 0xa999b970, 0xbb84ae6b, 0xb58fa362,
+0x9fbe805d, 0x91b58d54, 0x83a89a4f, 0x8da39746  
+};
+#else
+static const PRUint32 _IMXC3[256] = 
+{
+0x00000000, 0x090d0b0e, 0x121a161c, 0x1b171d12, 0x24342c38, 0x2d392736,
+0x362e3a24, 0x3f23312a, 0x48685870, 0x4165537e, 0x5a724e6c, 0x537f4562,
+0x6c5c7448, 0x65517f46, 0x7e466254, 0x774b695a, 0x90d0b0e0, 0x99ddbbee,
+0x82caa6fc, 0x8bc7adf2, 0xb4e49cd8, 0xbde997d6, 0xa6fe8ac4, 0xaff381ca,
+0xd8b8e890, 0xd1b5e39e, 0xcaa2fe8c, 0xc3aff582, 0xfc8cc4a8, 0xf581cfa6,
+0xee96d2b4, 0xe79bd9ba, 0x3bbb7bdb, 0x32b670d5, 0x29a16dc7, 0x20ac66c9,
+0x1f8f57e3, 0x16825ced, 0x0d9541ff, 0x04984af1, 0x73d323ab, 0x7ade28a5,
+0x61c935b7, 0x68c43eb9, 0x57e70f93, 0x5eea049d, 0x45fd198f, 0x4cf01281,
+0xab6bcb3b, 0xa266c035, 0xb971dd27, 0xb07cd629, 0x8f5fe703, 0x8652ec0d,
+0x9d45f11f, 0x9448fa11, 0xe303934b, 0xea0e9845, 0xf1198557, 0xf8148e59,
+0xc737bf73, 0xce3ab47d, 0xd52da96f, 0xdc20a261, 0x766df6ad, 0x7f60fda3,
+0x6477e0b1, 0x6d7aebbf, 0x5259da95, 0x5b54d19b, 0x4043cc89, 0x494ec787,
+0x3e05aedd, 0x3708a5d3, 0x2c1fb8c1, 0x2512b3cf, 0x1a3182e5, 0x133c89eb,
+0x082b94f9, 0x01269ff7, 0xe6bd464d, 0xefb04d43, 0xf4a75051, 0xfdaa5b5f,
+0xc2896a75, 0xcb84617b, 0xd0937c69, 0xd99e7767, 0xaed51e3d, 0xa7d81533,
+0xbccf0821, 0xb5c2032f, 0x8ae13205, 0x83ec390b, 0x98fb2419, 0x91f62f17,
+0x4dd68d76, 0x44db8678, 0x5fcc9b6a, 0x56c19064, 0x69e2a14e, 0x60efaa40,
+0x7bf8b752, 0x72f5bc5c, 0x05bed506, 0x0cb3de08, 0x17a4c31a, 0x1ea9c814,
+0x218af93e, 0x2887f230, 0x3390ef22, 0x3a9de42c, 0xdd063d96, 0xd40b3698,
+0xcf1c2b8a, 0xc6112084, 0xf93211ae, 0xf03f1aa0, 0xeb2807b2, 0xe2250cbc,
+0x956e65e6, 0x9c636ee8, 0x877473fa, 0x8e7978f4, 0xb15a49de, 0xb85742d0,
+0xa3405fc2, 0xaa4d54cc, 0xecdaf741, 0xe5d7fc4f, 0xfec0e15d, 0xf7cdea53,
+0xc8eedb79, 0xc1e3d077, 0xdaf4cd65, 0xd3f9c66b, 0xa4b2af31, 0xadbfa43f,
+0xb6a8b92d, 0xbfa5b223, 0x80868309, 0x898b8807, 0x929c9515, 0x9b919e1b,
+0x7c0a47a1, 0x75074caf, 0x6e1051bd, 0x671d5ab3, 0x583e6b99, 0x51336097,
+0x4a247d85, 0x4329768b, 0x34621fd1, 0x3d6f14df, 0x267809cd, 0x2f7502c3,
+0x105633e9, 0x195b38e7, 0x024c25f5, 0x0b412efb, 0xd7618c9a, 0xde6c8794,
+0xc57b9a86, 0xcc769188, 0xf355a0a2, 0xfa58abac, 0xe14fb6be, 0xe842bdb0,
+0x9f09d4ea, 0x9604dfe4, 0x8d13c2f6, 0x841ec9f8, 0xbb3df8d2, 0xb230f3dc,
+0xa927eece, 0xa02ae5c0, 0x47b13c7a, 0x4ebc3774, 0x55ab2a66, 0x5ca62168,
+0x63851042, 0x6a881b4c, 0x719f065e, 0x78920d50, 0x0fd9640a, 0x06d46f04,
+0x1dc37216, 0x14ce7918, 0x2bed4832, 0x22e0433c, 0x39f75e2e, 0x30fa5520,
+0x9ab701ec, 0x93ba0ae2, 0x88ad17f0, 0x81a01cfe, 0xbe832dd4, 0xb78e26da,
+0xac993bc8, 0xa59430c6, 0xd2df599c, 0xdbd25292, 0xc0c54f80, 0xc9c8448e,
+0xf6eb75a4, 0xffe67eaa, 0xe4f163b8, 0xedfc68b6, 0x0a67b10c, 0x036aba02,
+0x187da710, 0x1170ac1e, 0x2e539d34, 0x275e963a, 0x3c498b28, 0x35448026,
+0x420fe97c, 0x4b02e272, 0x5015ff60, 0x5918f46e, 0x663bc544, 0x6f36ce4a,
+0x7421d358, 0x7d2cd856, 0xa10c7a37, 0xa8017139, 0xb3166c2b, 0xba1b6725,
+0x8538560f, 0x8c355d01, 0x97224013, 0x9e2f4b1d, 0xe9642247, 0xe0692949,
+0xfb7e345b, 0xf2733f55, 0xcd500e7f, 0xc45d0571, 0xdf4a1863, 0xd647136d,
+0x31dccad7, 0x38d1c1d9, 0x23c6dccb, 0x2acbd7c5, 0x15e8e6ef, 0x1ce5ede1,
+0x07f2f0f3, 0x0efffbfd, 0x79b492a7, 0x70b999a9, 0x6bae84bb, 0x62a38fb5,
+0x5d80be9f, 0x548db591, 0x4f9aa883, 0x4697a38d  
+};
+#endif
+
+#endif /* RIJNDAEL_INCLUDE_TABLES */
+
+#ifdef IS_LITTLE_ENDIAN
+static const PRUint32 Rcon[30] = {
+0x00000001, 0x00000002, 0x00000004, 0x00000008, 0x00000010, 0x00000020,
+0x00000040, 0x00000080, 0x0000001b, 0x00000036, 0x0000006c, 0x000000d8,
+0x000000ab, 0x0000004d, 0x0000009a, 0x0000002f, 0x0000005e, 0x000000bc,
+0x00000063, 0x000000c6, 0x00000097, 0x00000035, 0x0000006a, 0x000000d4,
+0x000000b3, 0x0000007d, 0x000000fa, 0x000000ef, 0x000000c5, 0x00000091 
+};
+#else
+static const PRUint32 Rcon[30] = {
+0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x20000000,
+0x40000000, 0x80000000, 0x1b000000, 0x36000000, 0x6c000000, 0xd8000000,
+0xab000000, 0x4d000000, 0x9a000000, 0x2f000000, 0x5e000000, 0xbc000000,
+0x63000000, 0xc6000000, 0x97000000, 0x35000000, 0x6a000000, 0xd4000000,
+0xb3000000, 0x7d000000, 0xfa000000, 0xef000000, 0xc5000000, 0x91000000 
+};
+#endif
+
diff --git a/security/nss/lib/freebl/rijndael_tables.c b/security/nss/lib/freebl/rijndael_tables.c
new file mode 100644
index 000000000..e2ebdeec6
--- /dev/null
+++ b/security/nss/lib/freebl/rijndael_tables.c
@@ -0,0 +1,246 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include "stdio.h"
+#include "prtypes.h"
+#include "blapi.h"
+
+/*
+ * what follows is code thrown together to generate the myriad of tables
+ * used by Rijndael, the AES cipher.
+ */
+
+
+#define WORD_LE(b0, b1, b2, b3) \
+    (((b3) << 24) | ((b2) << 16) | ((b1) << 8) | b0)
+
+#define WORD_BE(b0, b1, b2, b3) \
+    (((b0) << 24) | ((b1) << 16) | ((b2) << 8) | b3)
+
+static const PRUint8 __S[256] = 
+{
+ 99, 124, 119, 123, 242, 107, 111, 197,  48,   1, 103,  43, 254, 215, 171, 118, 
+202, 130, 201, 125, 250,  89,  71, 240, 173, 212, 162, 175, 156, 164, 114, 192, 
+183, 253, 147,  38,  54,  63, 247, 204,  52, 165, 229, 241, 113, 216,  49,  21, 
+  4, 199,  35, 195,  24, 150,   5, 154,   7,  18, 128, 226, 235,  39, 178, 117, 
+  9, 131,  44,  26,  27, 110,  90, 160,  82,  59, 214, 179,  41, 227,  47, 132, 
+ 83, 209,   0, 237,  32, 252, 177,  91, 106, 203, 190,  57,  74,  76,  88, 207, 
+208, 239, 170, 251,  67,  77,  51, 133,  69, 249,   2, 127,  80,  60, 159, 168, 
+ 81, 163,  64, 143, 146, 157,  56, 245, 188, 182, 218,  33,  16, 255, 243, 210, 
+205,  12,  19, 236,  95, 151,  68,  23, 196, 167, 126,  61, 100,  93,  25, 115, 
+ 96, 129,  79, 220,  34,  42, 144, 136,  70, 238, 184,  20, 222,  94,  11, 219, 
+224,  50,  58,  10,  73,   6,  36,  92, 194, 211, 172,  98, 145, 149, 228, 121, 
+231, 200,  55, 109, 141, 213,  78, 169, 108,  86, 244, 234, 101, 122, 174,   8, 
+186, 120,  37,  46,  28, 166, 180, 198, 232, 221, 116,  31,  75, 189, 139, 138, 
+112,  62, 181, 102,  72,   3, 246,  14,  97,  53,  87, 185, 134, 193,  29, 158, 
+225, 248, 152,  17, 105, 217, 142, 148, 155,  30, 135, 233, 206,  85,  40, 223, 
+140, 161, 137,  13, 191, 230,  66, 104,  65, 153,  45,  15, 176,  84, 187,  22, 
+};
+
+static const PRUint8 __SInv[256] = 
+{
+ 82,   9, 106, 213,  48,  54, 165,  56, 191,  64, 163, 158, 129, 243, 215, 251, 
+124, 227,  57, 130, 155,  47, 255, 135,  52, 142,  67,  68, 196, 222, 233, 203, 
+ 84, 123, 148,  50, 166, 194,  35,  61, 238,  76, 149,  11,  66, 250, 195,  78, 
+  8,  46, 161, 102,  40, 217,  36, 178, 118,  91, 162,  73, 109, 139, 209,  37, 
+114, 248, 246, 100, 134, 104, 152,  22, 212, 164,  92, 204,  93, 101, 182, 146, 
+108, 112,  72,  80, 253, 237, 185, 218,  94,  21,  70,  87, 167, 141, 157, 132, 
+144, 216, 171,   0, 140, 188, 211,  10, 247, 228,  88,   5, 184, 179,  69,   6, 
+208,  44,  30, 143, 202,  63,  15,   2, 193, 175, 189,   3,   1,  19, 138, 107, 
+ 58, 145,  17,  65,  79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115, 
+150, 172, 116,  34, 231, 173,  53, 133, 226, 249,  55, 232,  28, 117, 223, 110, 
+ 71, 241,  26, 113,  29,  41, 197, 137, 111, 183,  98,  14, 170,  24, 190,  27, 
+252,  86,  62,  75, 198, 210, 121,  32, 154, 219, 192, 254, 120, 205,  90, 244, 
+ 31, 221, 168,  51, 136,   7, 199,  49, 177,  18,  16,  89,  39, 128, 236,  95, 
+ 96,  81, 127, 169,  25, 181,  74,  13,  45, 229, 122, 159, 147, 201, 156, 239, 
+160, 224,  59,  77, 174,  42, 245, 176, 200, 235, 187,  60, 131,  83, 153,  97, 
+ 23,  43,   4, 126, 186, 119, 214,  38, 225, 105,  20,  99,  85,  33,  12, 125
+};
+
+/* GF_MULTIPLY
+ *
+ * multiply two bytes represented in GF(2**8), mod (x**4 + 1)
+ */
+PRUint8 gf_multiply(PRUint8 a, PRUint8 b)
+{
+    PRUint8 res = 0;
+    while (b > 0) {
+	res = (b & 0x01) ? res ^ a : res;
+	a = (a & 0x80) ? ((a << 1) ^ 0x1b) : (a << 1);
+	b >>= 1;
+    }
+    return res;
+}
+
+void
+make_T_Table(char *table, const PRUint8 Sx[256], FILE *file,
+             unsigned char m0, unsigned char m1, 
+             unsigned char m2, unsigned char m3)
+{
+    PRUint32 Ti;
+    int i;
+    fprintf(file, "#ifdef IS_LITTLE_ENDIAN\n");
+    fprintf(file, "static const PRUint32 _T%s[256] = \n{\n", table);
+    for (i=0; i<256; i++) {
+	Ti = WORD_LE( gf_multiply(Sx[i], m0),
+	              gf_multiply(Sx[i], m1),
+	              gf_multiply(Sx[i], m2),
+	              gf_multiply(Sx[i], m3) );
+	if (Ti == 0)
+	    fprintf(file, "0x00000000%c%c", (i==255)?' ':',',
+	                                    (i%6==5)?'\n':' ');
+	else
+	    fprintf(file, "%#.8x%c%c", Ti, (i==255)?' ':',',
+	                                   (i%6==5)?'\n':' ');
+    }
+    fprintf(file, "\n};\n");
+    fprintf(file, "#else\n");
+    fprintf(file, "static const PRUint32 _T%s[256] = \n{\n", table);
+    for (i=0; i<256; i++) {
+	Ti = WORD_BE( gf_multiply(Sx[i], m0),
+	              gf_multiply(Sx[i], m1),
+	              gf_multiply(Sx[i], m2),
+	              gf_multiply(Sx[i], m3) );
+	if (Ti == 0)
+	    fprintf(file, "0x00000000%c%c", (i==255)?' ':',',
+	                                    (i%6==5)?'\n':' ');
+	else
+	    fprintf(file, "%#.8x%c%c", Ti, (i==255)?' ':',',
+	                                   (i%6==5)?'\n':' ');
+    }
+    fprintf(file, "\n};\n");
+    fprintf(file, "#endif\n\n");
+}
+
+void make_InvMixCol_Table(int num, FILE *file, PRUint8 m0, PRUint8 m1, PRUint8 m2, PRUint8 m3)
+{
+    PRUint16 i;
+    PRUint8 b0, b1, b2, b3;
+    fprintf(file, "#ifdef IS_LITTLE_ENDIAN\n");
+    fprintf(file, "static const PRUint32 _IMXC%d[256] = \n{\n", num);
+    for (i=0; i<256; i++) {
+	b0 = gf_multiply(i, m0);
+	b1 = gf_multiply(i, m1);
+	b2 = gf_multiply(i, m2);
+	b3 = gf_multiply(i, m3);
+	fprintf(file, "0x%.2x%.2x%.2x%.2x%c%c", b3, b2, b1, b0, (i==255)?' ':',', (i%6==5)?'\n':' ');
+    }
+    fprintf(file, "\n};\n");
+    fprintf(file, "#else\n");
+    fprintf(file, "static const PRUint32 _IMXC%d[256] = \n{\n", num);
+    for (i=0; i<256; i++) {
+	b0 = gf_multiply(i, m0);
+	b1 = gf_multiply(i, m1);
+	b2 = gf_multiply(i, m2);
+	b3 = gf_multiply(i, m3);
+	fprintf(file, "0x%.2x%.2x%.2x%.2x%c%c", b0, b1, b2, b3, (i==255)?' ':',', (i%6==5)?'\n':' ');
+    }
+    fprintf(file, "\n};\n");
+    fprintf(file, "#endif\n\n");
+}
+
+int main()
+{
+    int i, j;
+    PRUint8 cur, last;
+    PRUint32 tmp;
+    FILE *optfile;
+    optfile = fopen("rijndael32.tab", "w");
+    /* output S, if there are no T tables */
+    fprintf(optfile, "#ifndef RIJNDAEL_INCLUDE_TABLES\n");
+    fprintf(optfile, "static const PRUint8 _S[256] = \n{\n");
+    for (i=0; i<256; i++) {
+	fprintf(optfile, "%3d%c%c", __S[i],(i==255)?' ':',', 
+	                            (i%16==15)?'\n':' ');
+    }
+    fprintf(optfile, "};\n#endif /* not RIJNDAEL_INCLUDE_TABLES */\n\n");
+    /* output S**-1 */
+    fprintf(optfile, "static const PRUint8 _SInv[256] = \n{\n");
+    for (i=0; i<256; i++) {
+	fprintf(optfile, "%3d%c%c", __SInv[i],(i==255)?' ':',', 
+	                            (i%16==15)?'\n':' ');
+    }
+    fprintf(optfile, "};\n\n");
+    fprintf(optfile, "#ifdef RIJNDAEL_INCLUDE_TABLES\n");
+    /* The 32-bit word tables for optimized implementation */
+    /* T0 = [ S[a] * 02, S[a], S[a], S[a] * 03 ] */
+    make_T_Table("0", __S, optfile, 0x02, 0x01, 0x01, 0x03);
+    /* T1 = [ S[a] * 03, S[a] * 02, S[a], S[a] ] */
+    make_T_Table("1", __S, optfile, 0x03, 0x02, 0x01, 0x01);
+    /* T2 = [ S[a], S[a] * 03, S[a] * 02, S[a] ] */
+    make_T_Table("2", __S, optfile, 0x01, 0x03, 0x02, 0x01);
+    /* T3 = [ S[a], S[a], S[a] * 03, S[a] * 02 ] */
+    make_T_Table("3", __S, optfile, 0x01, 0x01, 0x03, 0x02);
+    /* TInv0 = [ Si[a] * 0E, Si[a] * 09, Si[a] * 0D, Si[a] * 0B ] */
+    make_T_Table("Inv0", __SInv, optfile, 0x0e, 0x09, 0x0d, 0x0b);
+    /* TInv1 = [ Si[a] * 0B, Si[a] * 0E, Si[a] * 09, Si[a] * 0D ] */
+    make_T_Table("Inv1", __SInv, optfile, 0x0b, 0x0e, 0x09, 0x0d);
+    /* TInv2 = [ Si[a] * 0D, Si[a] * 0B, Si[a] * 0E, Si[a] * 09 ] */
+    make_T_Table("Inv2", __SInv, optfile, 0x0d, 0x0b, 0x0e, 0x09);
+    /* TInv3 = [ Si[a] * 09, Si[a] * 0D, Si[a] * 0B, Si[a] * 0E ] */
+    make_T_Table("Inv3", __SInv, optfile, 0x09, 0x0d, 0x0b, 0x0e);
+    /* byte multiply tables for inverse key expansion (mimics InvMixColumn) */
+    make_InvMixCol_Table(0, optfile, 0x0e, 0x09, 0x0d, 0x0b);
+    make_InvMixCol_Table(1, optfile, 0x0b, 0x0E, 0x09, 0x0d);
+    make_InvMixCol_Table(2, optfile, 0x0d, 0x0b, 0x0e, 0x09);
+    make_InvMixCol_Table(3, optfile, 0x09, 0x0d, 0x0b, 0x0e);
+    fprintf(optfile, "#endif /* RIJNDAEL_INCLUDE_TABLES */\n\n");
+    /* round constants for key expansion */
+    fprintf(optfile, "#ifdef IS_LITTLE_ENDIAN\n");
+    fprintf(optfile, "static const PRUint32 Rcon[30] = {\n");
+    cur = 0x01;
+    for (i=0; i<30; i++) {
+	fprintf(optfile, "%#.8x%c%c", WORD_LE(cur, 0, 0, 0), 
+	                                (i==29)?' ':',', (i%6==5)?'\n':' ');
+	last = cur;
+	cur = gf_multiply(last, 0x02);
+    }
+    fprintf(optfile, "};\n");
+    fprintf(optfile, "#else\n");
+    fprintf(optfile, "static const PRUint32 Rcon[30] = {\n");
+    cur = 0x01;
+    for (i=0; i<30; i++) {
+	fprintf(optfile, "%#.8x%c%c", WORD_BE(cur, 0, 0, 0), 
+	                                (i==29)?' ':',', (i%6==5)?'\n':' ');
+	last = cur;
+	cur = gf_multiply(last, 0x02);
+    }
+    fprintf(optfile, "};\n");
+    fprintf(optfile, "#endif\n\n");
+    fclose(optfile);
+    return 0;
+}
diff --git a/security/nss/lib/freebl/rsa.c b/security/nss/lib/freebl/rsa.c
new file mode 100644
index 000000000..171d55696
--- /dev/null
+++ b/security/nss/lib/freebl/rsa.c
@@ -0,0 +1,957 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+/*
+ * RSA key generation, public key op, private key op.
+ *
+ * $Id$
+ */
+
+#include "secerr.h"
+
+#include "prclist.h"
+#include "nssilock.h"
+#include "prinit.h"
+#include "blapi.h"
+#include "mpi.h"
+#include "mpprime.h"
+#include "mplogic.h"
+#include "secmpi.h"
+#include "secitem.h"
+
+/*
+** Number of times to attempt to generate a prime (p or q) from a random
+** seed (the seed changes for each iteration).
+*/
+#define MAX_PRIME_GEN_ATTEMPTS 10
+/*
+** Number of times to attempt to generate a key.  The primes p and q change
+** for each attempt.
+*/
+#define MAX_KEY_GEN_ATTEMPTS 10
+
+/* exponent should not be greater than modulus */
+#define BAD_RSA_KEY_SIZE(modLen, expLen) \
+    ((expLen) > (modLen) || (modLen) > RSA_MAX_MODULUS_BITS/8 || \
+    (expLen) > RSA_MAX_EXPONENT_BITS/8)
+
+/*
+** RSABlindingParamsStr
+**
+** For discussion of Paul Kocher's timing attack against an RSA private key
+** operation, see http://www.cryptography.com/timingattack/paper.html.  The 
+** countermeasure to this attack, known as blinding, is also discussed in 
+** the Handbook of Applied Cryptography, 11.118-11.119.
+*/
+struct RSABlindingParamsStr
+{
+    /* Blinding-specific parameters */
+    PRCList   link;                  /* link to list of structs            */
+    SECItem   modulus;               /* list element "key"                 */
+    mp_int    f, g;                  /* Blinding parameters                */
+    int       counter;               /* number of remaining uses of (f, g) */
+};
+
+/*
+** RSABlindingParamsListStr
+**
+** List of key-specific blinding params.  The arena holds the volatile pool
+** of memory for each entry and the list itself.  The lock is for list
+** operations, in this case insertions and iterations, as well as control
+** of the counter for each set of blinding parameters.
+*/
+struct RSABlindingParamsListStr
+{
+    PZLock  *lock;   /* Lock for the list   */
+    PRCList  head;   /* Pointer to the list */
+};
+
+/*
+** The master blinding params list.
+*/
+static struct RSABlindingParamsListStr blindingParamsList = { 0 };
+
+/* Number of times to reuse (f, g).  Suggested by Paul Kocher */
+#define RSA_BLINDING_PARAMS_MAX_REUSE 50
+
+/* Global, allows optional use of blinding.  On by default. */
+/* Cannot be changed at the moment, due to thread-safety issues. */
+static PRBool nssRSAUseBlinding = PR_TRUE;
+
+static SECStatus
+rsa_keygen_from_primes(mp_int *p, mp_int *q, mp_int *e, RSAPrivateKey *key,
+                       unsigned int keySizeInBits)
+{
+    mp_int n, d, phi;
+    mp_int psub1, qsub1, tmp;
+    mp_err   err = MP_OKAY;
+    SECStatus rv = SECSuccess;
+    MP_DIGITS(&n)     = 0;
+    MP_DIGITS(&d)     = 0;
+    MP_DIGITS(&phi)   = 0;
+    MP_DIGITS(&psub1) = 0;
+    MP_DIGITS(&qsub1) = 0;
+    MP_DIGITS(&tmp)   = 0;
+    CHECK_MPI_OK( mp_init(&n)     );
+    CHECK_MPI_OK( mp_init(&d)     );
+    CHECK_MPI_OK( mp_init(&phi)   );
+    CHECK_MPI_OK( mp_init(&psub1) );
+    CHECK_MPI_OK( mp_init(&qsub1) );
+    CHECK_MPI_OK( mp_init(&tmp)   );
+    /* 1.  Compute n = p*q */
+    CHECK_MPI_OK( mp_mul(p, q, &n) );
+    /*     verify that the modulus has the desired number of bits */
+    if ((unsigned)mpl_significant_bits(&n) != keySizeInBits) {
+	PORT_SetError(SEC_ERROR_NEED_RANDOM);
+	rv = SECFailure;
+	goto cleanup;
+    }
+    /* 2.  Compute phi = (p-1)*(q-1) */
+    CHECK_MPI_OK( mp_sub_d(p, 1, &psub1) );
+    CHECK_MPI_OK( mp_sub_d(q, 1, &qsub1) );
+    CHECK_MPI_OK( mp_mul(&psub1, &qsub1, &phi) );
+    /* 3.  Compute d = e**-1 mod(phi) */
+    err = mp_invmod(e, &phi, &d);
+    /*     Verify that phi(n) and e have no common divisors */
+    if (err != MP_OKAY) {
+	if (err == MP_UNDEF) {
+	    PORT_SetError(SEC_ERROR_NEED_RANDOM);
+	    err = MP_OKAY; /* to keep PORT_SetError from being called again */
+	    rv = SECFailure;
+	}
+	goto cleanup;
+    }
+    MPINT_TO_SECITEM(&n, &key->modulus, key->arena);
+    MPINT_TO_SECITEM(&d, &key->privateExponent, key->arena);
+    /* 4.  Compute exponent1 = d mod (p-1) */
+    CHECK_MPI_OK( mp_mod(&d, &psub1, &tmp) );
+    MPINT_TO_SECITEM(&tmp, &key->exponent1, key->arena);
+    /* 5.  Compute exponent2 = d mod (q-1) */
+    CHECK_MPI_OK( mp_mod(&d, &qsub1, &tmp) );
+    MPINT_TO_SECITEM(&tmp, &key->exponent2, key->arena);
+    /* 6.  Compute coefficient = q**-1 mod p */
+    CHECK_MPI_OK( mp_invmod(q, p, &tmp) );
+    MPINT_TO_SECITEM(&tmp, &key->coefficient, key->arena);
+cleanup:
+    mp_clear(&n);
+    mp_clear(&d);
+    mp_clear(&phi);
+    mp_clear(&psub1);
+    mp_clear(&qsub1);
+    mp_clear(&tmp);
+    if (err) {
+	MP_TO_SEC_ERROR(err);
+	rv = SECFailure;
+    }
+    return rv;
+}
+static SECStatus
+generate_prime(mp_int *prime, int primeLen)
+{
+    mp_err   err = MP_OKAY;
+    SECStatus rv = SECSuccess;
+    unsigned long counter = 0;
+    int piter;
+    unsigned char *pb = NULL;
+    pb = PORT_Alloc(primeLen);
+    if (!pb) {
+	PORT_SetError(SEC_ERROR_NO_MEMORY);
+	goto cleanup;
+    }
+    for (piter = 0; piter < MAX_PRIME_GEN_ATTEMPTS; piter++) {
+	CHECK_SEC_OK( RNG_GenerateGlobalRandomBytes(pb, primeLen) );
+	pb[0]          |= 0xC0; /* set two high-order bits */
+	pb[primeLen-1] |= 0x01; /* set low-order bit       */
+	CHECK_MPI_OK( mp_read_unsigned_octets(prime, pb, primeLen) );
+	err = mpp_make_prime(prime, primeLen * 8, PR_FALSE, &counter);
+	if (err != MP_NO)
+	    goto cleanup;
+	/* keep going while err == MP_NO */
+    }
+cleanup:
+    if (pb)
+	PORT_ZFree(pb, primeLen);
+    if (err) {
+	MP_TO_SEC_ERROR(err);
+	rv = SECFailure;
+    }
+    return rv;
+}
+
+/*
+** Generate and return a new RSA public and private key.
+**	Both keys are encoded in a single RSAPrivateKey structure.
+**	"cx" is the random number generator context
+**	"keySizeInBits" is the size of the key to be generated, in bits.
+**	   512, 1024, etc.
+**	"publicExponent" when not NULL is a pointer to some data that
+**	   represents the public exponent to use. The data is a byte
+**	   encoded integer, in "big endian" order.
+*/
+RSAPrivateKey *
+RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
+{
+    unsigned int primeLen;
+    mp_int p, q, e;
+    int kiter;
+    mp_err   err = MP_OKAY;
+    SECStatus rv = SECSuccess;
+    int prerr = 0;
+    RSAPrivateKey *key = NULL;
+    PRArenaPool *arena = NULL;
+    /* Require key size to be a multiple of 16 bits. */
+    if (!publicExponent || keySizeInBits % 16 != 0 ||
+	    BAD_RSA_KEY_SIZE(keySizeInBits/8, publicExponent->len)) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return NULL;
+    }
+    /* 1. Allocate arena & key */
+    arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+	PORT_SetError(SEC_ERROR_NO_MEMORY);
+	return NULL;
+    }
+    key = (RSAPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(RSAPrivateKey));
+    if (!key) {
+	PORT_SetError(SEC_ERROR_NO_MEMORY);
+	PORT_FreeArena(arena, PR_TRUE);
+	return NULL;
+    }
+    key->arena = arena;
+    /* length of primes p and q (in bytes) */
+    primeLen = keySizeInBits / (2 * BITS_PER_BYTE);
+    MP_DIGITS(&p) = 0;
+    MP_DIGITS(&q) = 0;
+    MP_DIGITS(&e) = 0;
+    CHECK_MPI_OK( mp_init(&p) );
+    CHECK_MPI_OK( mp_init(&q) );
+    CHECK_MPI_OK( mp_init(&e) );
+    /* 2.  Set the version number (PKCS1 v1.5 says it should be zero) */
+    SECITEM_AllocItem(arena, &key->version, 1);
+    key->version.data[0] = 0;
+    /* 3.  Set the public exponent */
+    SECITEM_CopyItem(arena, &key->publicExponent, publicExponent);
+    SECITEM_TO_MPINT(*publicExponent, &e);
+    kiter = 0;
+    do {
+	prerr = 0;
+	PORT_SetError(0);
+	CHECK_SEC_OK( generate_prime(&p, primeLen) );
+	CHECK_SEC_OK( generate_prime(&q, primeLen) );
+	/* Assure q < p */
+	if (mp_cmp(&p, &q) < 0)
+	    mp_exch(&p, &q);
+	/* Attempt to use these primes to generate a key */
+	rv = rsa_keygen_from_primes(&p, &q, &e, key, keySizeInBits);
+	if (rv == SECSuccess)
+	    break; /* generated two good primes */
+	prerr = PORT_GetError();
+	kiter++;
+	/* loop until have primes */
+    } while (prerr == SEC_ERROR_NEED_RANDOM && kiter < MAX_KEY_GEN_ATTEMPTS);
+    if (prerr)
+	goto cleanup;
+    MPINT_TO_SECITEM(&p, &key->prime1, arena);
+    MPINT_TO_SECITEM(&q, &key->prime2, arena);
+cleanup:
+    mp_clear(&p);
+    mp_clear(&q);
+    mp_clear(&e);
+    if (err) {
+	MP_TO_SEC_ERROR(err);
+	rv = SECFailure;
+    }
+    if (rv && arena) {
+	PORT_FreeArena(arena, PR_TRUE);
+	key = NULL;
+    }
+    return key;
+}
+
+static unsigned int
+rsa_modulusLen(SECItem *modulus)
+{
+    unsigned char byteZero = modulus->data[0];
+    unsigned int modLen = modulus->len - !byteZero;
+    return modLen;
+}
+
+/*
+** Perform a raw public-key operation 
+**	Length of input and output buffers are equal to key's modulus len.
+*/
+SECStatus 
+RSA_PublicKeyOp(RSAPublicKey  *key, 
+                unsigned char *output, 
+                const unsigned char *input)
+{
+    unsigned int modLen, expLen, offset;
+    mp_int n, e, m, c;
+    mp_err err   = MP_OKAY;
+    SECStatus rv = SECSuccess;
+    if (!key || !output || !input) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+    MP_DIGITS(&n) = 0;
+    MP_DIGITS(&e) = 0;
+    MP_DIGITS(&m) = 0;
+    MP_DIGITS(&c) = 0;
+    CHECK_MPI_OK( mp_init(&n) );
+    CHECK_MPI_OK( mp_init(&e) );
+    CHECK_MPI_OK( mp_init(&m) );
+    CHECK_MPI_OK( mp_init(&c) );
+    modLen = rsa_modulusLen(&key->modulus);
+    expLen = rsa_modulusLen(&key->publicExponent);
+    /* 1.  Obtain public key (n, e) */
+    if (BAD_RSA_KEY_SIZE(modLen, expLen)) {
+    	PORT_SetError(SEC_ERROR_INVALID_KEY);
+	rv = SECFailure;
+	goto cleanup;
+    }
+    SECITEM_TO_MPINT(key->modulus, &n);
+    SECITEM_TO_MPINT(key->publicExponent, &e);
+    if (e.used > n.used) {
+	/* exponent should not be greater than modulus */
+    	PORT_SetError(SEC_ERROR_INVALID_KEY);
+	rv = SECFailure;
+	goto cleanup;
+    }
+    /* 2. check input out of range (needs to be in range [0..n-1]) */
+    offset = (key->modulus.data[0] == 0) ? 1 : 0; /* may be leading 0 */
+    if (memcmp(input, key->modulus.data + offset, modLen) >= 0) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        rv = SECFailure;
+        goto cleanup;
+    }
+    /* 2 bis.  Represent message as integer in range [0..n-1] */
+    CHECK_MPI_OK( mp_read_unsigned_octets(&m, input, modLen) );
+    /* 3.  Compute c = m**e mod n */
+#ifdef USE_MPI_EXPT_D
+    /* XXX see which is faster */
+    if (MP_USED(&e) == 1) {
+	CHECK_MPI_OK( mp_exptmod_d(&m, MP_DIGIT(&e, 0), &n, &c) );
+    } else
+#endif
+    CHECK_MPI_OK( mp_exptmod(&m, &e, &n, &c) );
+    /* 4.  result c is ciphertext */
+    err = mp_to_fixlen_octets(&c, output, modLen);
+    if (err >= 0) err = MP_OKAY;
+cleanup:
+    mp_clear(&n);
+    mp_clear(&e);
+    mp_clear(&m);
+    mp_clear(&c);
+    if (err) {
+	MP_TO_SEC_ERROR(err);
+	rv = SECFailure;
+    }
+    return rv;
+}
+
+/*
+**  RSA Private key operation (no CRT).
+*/
+static SECStatus 
+rsa_PrivateKeyOpNoCRT(RSAPrivateKey *key, mp_int *m, mp_int *c, mp_int *n,
+                      unsigned int modLen)
+{
+    mp_int d;
+    mp_err   err = MP_OKAY;
+    SECStatus rv = SECSuccess;
+    MP_DIGITS(&d) = 0;
+    CHECK_MPI_OK( mp_init(&d) );
+    SECITEM_TO_MPINT(key->privateExponent, &d);
+    /* 1. m = c**d mod n */
+    CHECK_MPI_OK( mp_exptmod(c, &d, n, m) );
+cleanup:
+    mp_clear(&d);
+    if (err) {
+	MP_TO_SEC_ERROR(err);
+	rv = SECFailure;
+    }
+    return rv;
+}
+
+/*
+**  RSA Private key operation using CRT.
+*/
+static SECStatus 
+rsa_PrivateKeyOpCRTNoCheck(RSAPrivateKey *key, mp_int *m, mp_int *c)
+{
+    mp_int p, q, d_p, d_q, qInv;
+    mp_int m1, m2, h, ctmp;
+    mp_err   err = MP_OKAY;
+    SECStatus rv = SECSuccess;
+    MP_DIGITS(&p)    = 0;
+    MP_DIGITS(&q)    = 0;
+    MP_DIGITS(&d_p)  = 0;
+    MP_DIGITS(&d_q)  = 0;
+    MP_DIGITS(&qInv) = 0;
+    MP_DIGITS(&m1)   = 0;
+    MP_DIGITS(&m2)   = 0;
+    MP_DIGITS(&h)    = 0;
+    MP_DIGITS(&ctmp) = 0;
+    CHECK_MPI_OK( mp_init(&p)    );
+    CHECK_MPI_OK( mp_init(&q)    );
+    CHECK_MPI_OK( mp_init(&d_p)  );
+    CHECK_MPI_OK( mp_init(&d_q)  );
+    CHECK_MPI_OK( mp_init(&qInv) );
+    CHECK_MPI_OK( mp_init(&m1)   );
+    CHECK_MPI_OK( mp_init(&m2)   );
+    CHECK_MPI_OK( mp_init(&h)    );
+    CHECK_MPI_OK( mp_init(&ctmp) );
+    /* copy private key parameters into mp integers */
+    SECITEM_TO_MPINT(key->prime1,      &p);    /* p */
+    SECITEM_TO_MPINT(key->prime2,      &q);    /* q */
+    SECITEM_TO_MPINT(key->exponent1,   &d_p);  /* d_p  = d mod (p-1) */
+    SECITEM_TO_MPINT(key->exponent2,   &d_q);  /* d_q  = d mod (q-1) */
+    SECITEM_TO_MPINT(key->coefficient, &qInv); /* qInv = q**-1 mod p */
+    /* 1. m1 = c**d_p mod p */
+    CHECK_MPI_OK( mp_mod(c, &p, &ctmp) );
+    CHECK_MPI_OK( mp_exptmod(&ctmp, &d_p, &p, &m1) );
+    /* 2. m2 = c**d_q mod q */
+    CHECK_MPI_OK( mp_mod(c, &q, &ctmp) );
+    CHECK_MPI_OK( mp_exptmod(&ctmp, &d_q, &q, &m2) );
+    /* 3.  h = (m1 - m2) * qInv mod p */
+    CHECK_MPI_OK( mp_submod(&m1, &m2, &p, &h) );
+    CHECK_MPI_OK( mp_mulmod(&h, &qInv, &p, &h)  );
+    /* 4.  m = m2 + h * q */
+    CHECK_MPI_OK( mp_mul(&h, &q, m) );
+    CHECK_MPI_OK( mp_add(m, &m2, m) );
+cleanup:
+    mp_clear(&p);
+    mp_clear(&q);
+    mp_clear(&d_p);
+    mp_clear(&d_q);
+    mp_clear(&qInv);
+    mp_clear(&m1);
+    mp_clear(&m2);
+    mp_clear(&h);
+    mp_clear(&ctmp);
+    if (err) {
+	MP_TO_SEC_ERROR(err);
+	rv = SECFailure;
+    }
+    return rv;
+}
+
+/*
+** An attack against RSA CRT was described by Boneh, DeMillo, and Lipton in:
+** "On the Importance of Eliminating Errors in Cryptographic Computations",
+** http://theory.stanford.edu/~dabo/papers/faults.ps.gz
+**
+** As a defense against the attack, carry out the private key operation, 
+** followed up with a public key operation to invert the result.  
+** Verify that result against the input.
+*/
+static SECStatus 
+rsa_PrivateKeyOpCRTCheckedPubKey(RSAPrivateKey *key, mp_int *m, mp_int *c)
+{
+    mp_int n, e, v;
+    mp_err   err = MP_OKAY;
+    SECStatus rv = SECSuccess;
+    MP_DIGITS(&n) = 0;
+    MP_DIGITS(&e) = 0;
+    MP_DIGITS(&v) = 0;
+    CHECK_MPI_OK( mp_init(&n) );
+    CHECK_MPI_OK( mp_init(&e) );
+    CHECK_MPI_OK( mp_init(&v) );
+    CHECK_SEC_OK( rsa_PrivateKeyOpCRTNoCheck(key, m, c) );
+    SECITEM_TO_MPINT(key->modulus,        &n);
+    SECITEM_TO_MPINT(key->publicExponent, &e);
+    /* Perform a public key operation v = m ** e mod n */
+    CHECK_MPI_OK( mp_exptmod(m, &e, &n, &v) );
+    if (mp_cmp(&v, c) != 0) {
+	rv = SECFailure;
+    }
+cleanup:
+    mp_clear(&n);
+    mp_clear(&e);
+    mp_clear(&v);
+    if (err) {
+	MP_TO_SEC_ERROR(err);
+	rv = SECFailure;
+    }
+    return rv;
+}
+
+static PRCallOnceType coBPInit = { 0, 0, 0 };
+static PRStatus 
+init_blinding_params_list(void)
+{
+    blindingParamsList.lock = PZ_NewLock(nssILockOther);
+    if (!blindingParamsList.lock) {
+	PORT_SetError(SEC_ERROR_NO_MEMORY);
+	return PR_FAILURE;
+    }
+    PR_INIT_CLIST(&blindingParamsList.head);
+    return PR_SUCCESS;
+}
+
+static SECStatus
+generate_blinding_params(struct RSABlindingParamsStr *rsabp, 
+                         RSAPrivateKey *key, mp_int *n, unsigned int modLen)
+{
+    SECStatus rv = SECSuccess;
+    mp_int e, k;
+    mp_err err = MP_OKAY;
+    unsigned char *kb = NULL;
+    MP_DIGITS(&e) = 0;
+    MP_DIGITS(&k) = 0;
+    CHECK_MPI_OK( mp_init(&e) );
+    CHECK_MPI_OK( mp_init(&k) );
+    SECITEM_TO_MPINT(key->publicExponent, &e);
+    /* generate random k < n */
+    kb = PORT_Alloc(modLen);
+    if (!kb) {
+	PORT_SetError(SEC_ERROR_NO_MEMORY);
+	goto cleanup;
+    }
+    CHECK_SEC_OK( RNG_GenerateGlobalRandomBytes(kb, modLen) );
+    CHECK_MPI_OK( mp_read_unsigned_octets(&k, kb, modLen) );
+    /* k < n */
+    CHECK_MPI_OK( mp_mod(&k, n, &k) );
+    /* f = k**e mod n */
+    CHECK_MPI_OK( mp_exptmod(&k, &e, n, &rsabp->f) );
+    /* g = k**-1 mod n */
+    CHECK_MPI_OK( mp_invmod(&k, n, &rsabp->g) );
+    /* Initialize the counter for this (f, g) */
+    rsabp->counter = RSA_BLINDING_PARAMS_MAX_REUSE;
+cleanup:
+    if (kb)
+	PORT_ZFree(kb, modLen);
+    mp_clear(&k);
+    mp_clear(&e);
+    if (err) {
+	MP_TO_SEC_ERROR(err);
+	rv = SECFailure;
+    }
+    return rv;
+}
+
+static SECStatus
+init_blinding_params(struct RSABlindingParamsStr *rsabp, RSAPrivateKey *key,
+                     mp_int *n, unsigned int modLen)
+{
+    SECStatus rv = SECSuccess;
+    mp_err err = MP_OKAY;
+    MP_DIGITS(&rsabp->f) = 0;
+    MP_DIGITS(&rsabp->g) = 0;
+    /* initialize blinding parameters */
+    CHECK_MPI_OK( mp_init(&rsabp->f) );
+    CHECK_MPI_OK( mp_init(&rsabp->g) );
+    /* List elements are keyed using the modulus */
+    SECITEM_CopyItem(NULL, &rsabp->modulus, &key->modulus);
+    CHECK_SEC_OK( generate_blinding_params(rsabp, key, n, modLen) );
+    return SECSuccess;
+cleanup:
+    mp_clear(&rsabp->f);
+    mp_clear(&rsabp->g);
+    if (err) {
+	MP_TO_SEC_ERROR(err);
+	rv = SECFailure;
+    }
+    return rv;
+}
+
+static SECStatus
+get_blinding_params(RSAPrivateKey *key, mp_int *n, unsigned int modLen,
+                    mp_int *f, mp_int *g)
+{
+    SECStatus rv = SECSuccess;
+    mp_err err = MP_OKAY;
+    int cmp;
+    PRCList *el;
+    struct RSABlindingParamsStr *rsabp = NULL;
+    /* Init the list if neccessary (the init function is only called once!) */
+    if (blindingParamsList.lock == NULL) {
+	if (PR_CallOnce(&coBPInit, init_blinding_params_list) != PR_SUCCESS) {
+	    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+	    return SECFailure;
+	}
+    }
+    /* Acquire the list lock */
+    PZ_Lock(blindingParamsList.lock);
+    /* Walk the list looking for the private key */
+    for (el = PR_NEXT_LINK(&blindingParamsList.head);
+         el != &blindingParamsList.head;
+         el = PR_NEXT_LINK(el)) {
+	rsabp = (struct RSABlindingParamsStr *)el;
+	cmp = SECITEM_CompareItem(&rsabp->modulus, &key->modulus);
+	if (cmp == 0) {
+	    /* Check the usage counter for the parameters */
+	    if (--rsabp->counter <= 0) {
+		/* Regenerate the blinding parameters */
+		CHECK_SEC_OK( generate_blinding_params(rsabp, key, n, modLen) );
+	    }
+	    /* Return the parameters */
+	    CHECK_MPI_OK( mp_copy(&rsabp->f, f) );
+	    CHECK_MPI_OK( mp_copy(&rsabp->g, g) );
+	    /* Now that the params are located, release the list lock. */
+	    PZ_Unlock(blindingParamsList.lock); /* XXX when fails? */
+	    return SECSuccess;
+	} else if (cmp > 0) {
+	    /* The key is not in the list.  Break to param creation. */
+	    break;
+	}
+    }
+    /* At this point, the key is not in the list.  el should point to the
+    ** list element that this key should be inserted before.  NOTE: the list
+    ** lock is still held, so there cannot be a race condition here.
+    */
+    rsabp = (struct RSABlindingParamsStr *)
+              PORT_ZAlloc(sizeof(struct RSABlindingParamsStr));
+    if (!rsabp) {
+	PORT_SetError(SEC_ERROR_NO_MEMORY);
+	goto cleanup;
+    }
+    /* Initialize the list pointer for the element */
+    PR_INIT_CLIST(&rsabp->link);
+    /* Initialize the blinding parameters 
+    ** This ties up the list lock while doing some heavy, element-specific
+    ** operations, but we don't want to insert the element until it is valid,
+    ** which requires computing the blinding params.  If this proves costly,
+    ** it could be done after the list lock is released, and then if it fails
+    ** the lock would have to be reobtained and the invalid element removed.
+    */
+    rv = init_blinding_params(rsabp, key, n, modLen);
+    if (rv != SECSuccess) {
+	PORT_ZFree(rsabp, sizeof(struct RSABlindingParamsStr));
+	goto cleanup;
+    }
+    /* Insert the new element into the list
+    ** If inserting in the middle of the list, el points to the link
+    ** to insert before.  Otherwise, the link needs to be appended to
+    ** the end of the list, which is the same as inserting before the
+    ** head (since el would have looped back to the head).
+    */
+    PR_INSERT_BEFORE(&rsabp->link, el);
+    /* Return the parameters */
+    CHECK_MPI_OK( mp_copy(&rsabp->f, f) );
+    CHECK_MPI_OK( mp_copy(&rsabp->g, g) );
+    /* Release the list lock */
+    PZ_Unlock(blindingParamsList.lock); /* XXX when fails? */
+    return SECSuccess;
+cleanup:
+    /* It is possible to reach this after the lock is already released.
+    ** Ignore the error in that case.
+    */
+    PZ_Unlock(blindingParamsList.lock);
+    if (err) {
+	MP_TO_SEC_ERROR(err);
+	rv = SECFailure;
+    }
+    return SECFailure;
+}
+
+/*
+** Perform a raw private-key operation 
+**	Length of input and output buffers are equal to key's modulus len.
+*/
+static SECStatus 
+rsa_PrivateKeyOp(RSAPrivateKey *key, 
+                 unsigned char *output, 
+                 const unsigned char *input,
+                 PRBool check)
+{
+    unsigned int modLen;
+    unsigned int offset;
+    SECStatus rv = SECSuccess;
+    mp_err err;
+    mp_int n, c, m;
+    mp_int f, g;
+    if (!key || !output || !input) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+    /* check input out of range (needs to be in range [0..n-1]) */
+    modLen = rsa_modulusLen(&key->modulus);
+    offset = (key->modulus.data[0] == 0) ? 1 : 0; /* may be leading 0 */
+    if (memcmp(input, key->modulus.data + offset, modLen) >= 0) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+    MP_DIGITS(&n) = 0;
+    MP_DIGITS(&c) = 0;
+    MP_DIGITS(&m) = 0;
+    MP_DIGITS(&f) = 0;
+    MP_DIGITS(&g) = 0;
+    CHECK_MPI_OK( mp_init(&n) );
+    CHECK_MPI_OK( mp_init(&c) );
+    CHECK_MPI_OK( mp_init(&m) );
+    CHECK_MPI_OK( mp_init(&f) );
+    CHECK_MPI_OK( mp_init(&g) );
+    SECITEM_TO_MPINT(key->modulus, &n);
+    OCTETS_TO_MPINT(input, &c, modLen);
+    /* If blinding, compute pre-image of ciphertext by multiplying by
+    ** blinding factor
+    */
+    if (nssRSAUseBlinding) {
+	CHECK_SEC_OK( get_blinding_params(key, &n, modLen, &f, &g) );
+	/* c' = c*f mod n */
+	CHECK_MPI_OK( mp_mulmod(&c, &f, &n, &c) );
+    }
+    /* Do the private key operation m = c**d mod n */
+    if ( key->prime1.len      == 0 ||
+         key->prime2.len      == 0 ||
+         key->exponent1.len   == 0 ||
+         key->exponent2.len   == 0 ||
+         key->coefficient.len == 0) {
+	CHECK_SEC_OK( rsa_PrivateKeyOpNoCRT(key, &m, &c, &n, modLen) );
+    } else if (check) {
+	CHECK_SEC_OK( rsa_PrivateKeyOpCRTCheckedPubKey(key, &m, &c) );
+    } else {
+	CHECK_SEC_OK( rsa_PrivateKeyOpCRTNoCheck(key, &m, &c) );
+    }
+    /* If blinding, compute post-image of plaintext by multiplying by
+    ** blinding factor
+    */
+    if (nssRSAUseBlinding) {
+	/* m = m'*g mod n */
+	CHECK_MPI_OK( mp_mulmod(&m, &g, &n, &m) );
+    }
+    err = mp_to_fixlen_octets(&m, output, modLen);
+    if (err >= 0) err = MP_OKAY;
+cleanup:
+    mp_clear(&n);
+    mp_clear(&c);
+    mp_clear(&m);
+    mp_clear(&f);
+    mp_clear(&g);
+    if (err) {
+	MP_TO_SEC_ERROR(err);
+	rv = SECFailure;
+    }
+    return rv;
+}
+
+SECStatus 
+RSA_PrivateKeyOp(RSAPrivateKey *key, 
+                 unsigned char *output, 
+                 const unsigned char *input)
+{
+    return rsa_PrivateKeyOp(key, output, input, PR_FALSE);
+}
+
+SECStatus 
+RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey *key, 
+                              unsigned char *output, 
+                              const unsigned char *input)
+{
+    return rsa_PrivateKeyOp(key, output, input, PR_TRUE);
+}
+
+static SECStatus
+swap_in_key_value(PRArenaPool *arena, mp_int *mpval, SECItem *buffer)
+{
+    int len;
+    mp_err err = MP_OKAY;
+    memset(buffer->data, 0, buffer->len);
+    len = mp_unsigned_octet_size(mpval);
+    if (len <= 0) return SECFailure;
+    if ((unsigned int)len <= buffer->len) {
+	/* The new value is no longer than the old buffer, so use it */
+	err = mp_to_unsigned_octets(mpval, buffer->data, len);
+	if (err >= 0) err = MP_OKAY;
+	buffer->len = len;
+    } else if (arena) {
+	/* The new value is longer, but working within an arena */
+	(void)SECITEM_AllocItem(arena, buffer, len);
+	err = mp_to_unsigned_octets(mpval, buffer->data, len);
+	if (err >= 0) err = MP_OKAY;
+    } else {
+	/* The new value is longer, no arena, can't handle this key */
+	return SECFailure;
+    }
+    return (err == MP_OKAY) ? SECSuccess : SECFailure;
+}
+
+SECStatus
+RSA_PrivateKeyCheck(RSAPrivateKey *key)
+{
+    mp_int p, q, n, psub1, qsub1, e, d, d_p, d_q, qInv, res;
+    mp_err   err = MP_OKAY;
+    SECStatus rv = SECSuccess;
+    MP_DIGITS(&n)    = 0;
+    MP_DIGITS(&psub1)= 0;
+    MP_DIGITS(&qsub1)= 0;
+    MP_DIGITS(&e)    = 0;
+    MP_DIGITS(&d)    = 0;
+    MP_DIGITS(&d_p)  = 0;
+    MP_DIGITS(&d_q)  = 0;
+    MP_DIGITS(&qInv) = 0;
+    MP_DIGITS(&res)  = 0;
+    CHECK_MPI_OK( mp_init(&n)    );
+    CHECK_MPI_OK( mp_init(&p)    );
+    CHECK_MPI_OK( mp_init(&q)    );
+    CHECK_MPI_OK( mp_init(&psub1));
+    CHECK_MPI_OK( mp_init(&qsub1));
+    CHECK_MPI_OK( mp_init(&e)    );
+    CHECK_MPI_OK( mp_init(&d)    );
+    CHECK_MPI_OK( mp_init(&d_p)  );
+    CHECK_MPI_OK( mp_init(&d_q)  );
+    CHECK_MPI_OK( mp_init(&qInv) );
+    CHECK_MPI_OK( mp_init(&res)  );
+    SECITEM_TO_MPINT(key->modulus,         &n);
+    SECITEM_TO_MPINT(key->prime1,          &p);
+    SECITEM_TO_MPINT(key->prime2,          &q);
+    SECITEM_TO_MPINT(key->publicExponent,  &e);
+    SECITEM_TO_MPINT(key->privateExponent, &d);
+    SECITEM_TO_MPINT(key->exponent1,       &d_p);
+    SECITEM_TO_MPINT(key->exponent2,       &d_q);
+    SECITEM_TO_MPINT(key->coefficient,     &qInv);
+    /* p > q  */
+    if (mp_cmp(&p, &q) <= 0) {
+	/* mind the p's and q's (and d_p's and d_q's) */
+	SECItem tmp;
+	mp_exch(&p, &q);
+	mp_exch(&d_p,&d_q);
+	tmp = key->prime1;
+	key->prime1 = key->prime2;
+	key->prime2 = tmp;
+	tmp = key->exponent1;
+	key->exponent1 = key->exponent2;
+	key->exponent2 = tmp;
+    }
+#define VERIFY_MPI_EQUAL(m1, m2) \
+    if (mp_cmp(m1, m2) != 0) {   \
+	rv = SECFailure;         \
+	goto cleanup;            \
+    }
+#define VERIFY_MPI_EQUAL_1(m)    \
+    if (mp_cmp_d(m, 1) != 0) {   \
+	rv = SECFailure;         \
+	goto cleanup;            \
+    }
+    /*
+     * The following errors cannot be recovered from.
+     */
+    /* n == p * q */
+    CHECK_MPI_OK( mp_mul(&p, &q, &res) );
+    VERIFY_MPI_EQUAL(&res, &n);
+    /* gcd(e, p-1) == 1 */
+    CHECK_MPI_OK( mp_sub_d(&p, 1, &psub1) );
+    CHECK_MPI_OK( mp_gcd(&e, &psub1, &res) );
+    VERIFY_MPI_EQUAL_1(&res);
+    /* gcd(e, q-1) == 1 */
+    CHECK_MPI_OK( mp_sub_d(&q, 1, &qsub1) );
+    CHECK_MPI_OK( mp_gcd(&e, &qsub1, &res) );
+    VERIFY_MPI_EQUAL_1(&res);
+    /* d*e == 1 mod p-1 */
+    CHECK_MPI_OK( mp_mulmod(&d, &e, &psub1, &res) );
+    VERIFY_MPI_EQUAL_1(&res);
+    /* d*e == 1 mod q-1 */
+    CHECK_MPI_OK( mp_mulmod(&d, &e, &qsub1, &res) );
+    VERIFY_MPI_EQUAL_1(&res);
+    /*
+     * The following errors can be recovered from.
+     */
+    /* d_p == d mod p-1 */
+    CHECK_MPI_OK( mp_mod(&d, &psub1, &res) );
+    if (mp_cmp(&d_p, &res) != 0) {
+	/* swap in the correct value */
+	CHECK_SEC_OK( swap_in_key_value(key->arena, &res, &key->exponent1) );
+    }
+    /* d_q == d mod q-1 */
+    CHECK_MPI_OK( mp_mod(&d, &qsub1, &res) );
+    if (mp_cmp(&d_q, &res) != 0) {
+	/* swap in the correct value */
+	CHECK_SEC_OK( swap_in_key_value(key->arena, &res, &key->exponent2) );
+    }
+    /* q * q**-1 == 1 mod p */
+    CHECK_MPI_OK( mp_mulmod(&q, &qInv, &p, &res) );
+    if (mp_cmp_d(&res, 1) != 0) {
+	/* compute the correct value */
+	CHECK_MPI_OK( mp_invmod(&q, &p, &qInv) );
+	CHECK_SEC_OK( swap_in_key_value(key->arena, &qInv, &key->coefficient) );
+    }
+cleanup:
+    mp_clear(&n);
+    mp_clear(&p);
+    mp_clear(&q);
+    mp_clear(&psub1);
+    mp_clear(&qsub1);
+    mp_clear(&e);
+    mp_clear(&d);
+    mp_clear(&d_p);
+    mp_clear(&d_q);
+    mp_clear(&qInv);
+    mp_clear(&res);
+    if (err) {
+	MP_TO_SEC_ERROR(err);
+	rv = SECFailure;
+    }
+    return rv;
+}
+
+/* cleanup at shutdown */
+void RSA_Cleanup(void)
+{
+    if (!coBPInit.initialized)
+	return;
+
+    while (!PR_CLIST_IS_EMPTY(&blindingParamsList.head))
+    {
+	struct RSABlindingParamsStr * rsabp = (struct RSABlindingParamsStr *)
+	    PR_LIST_HEAD(&blindingParamsList.head);
+	PR_REMOVE_LINK(&rsabp->link);
+	mp_clear(&rsabp->f);
+	mp_clear(&rsabp->g);
+	SECITEM_FreeItem(&rsabp->modulus,PR_FALSE);
+	PORT_Free(rsabp);
+    }
+
+    if (blindingParamsList.lock)
+    {
+	PZ_DestroyLock(blindingParamsList.lock);
+	blindingParamsList.lock = NULL;
+    }
+
+    coBPInit.initialized = 0;
+    coBPInit.inProgress = 0;
+    coBPInit.status = 0;
+}
+
+/*
+ * need a central place for this function to free up all the memory that
+ * free_bl may have allocated along the way. Currently only RSA does this,
+ * so I've put it here for now.
+ */
+void BL_Cleanup(void)
+{
+    RSA_Cleanup();
+}
diff --git a/security/nss/lib/freebl/secmpi.h b/security/nss/lib/freebl/secmpi.h
new file mode 100644
index 000000000..e343fb894
--- /dev/null
+++ b/security/nss/lib/freebl/secmpi.h
@@ -0,0 +1,61 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "mpi.h"
+
+#define CHECK_SEC_OK(func) if (SECSuccess != (rv = func)) goto cleanup
+
+#define CHECK_MPI_OK(func) if (MP_OKAY > (err = func)) goto cleanup
+
+#define OCTETS_TO_MPINT(oc, mp, len) \
+    CHECK_MPI_OK(mp_read_unsigned_octets((mp), oc, len))
+
+#define SECITEM_TO_MPINT(it, mp) \
+    CHECK_MPI_OK(mp_read_unsigned_octets((mp), (it).data, (it).len))
+
+#define MPINT_TO_SECITEM(mp, it, arena)                         \
+    SECITEM_AllocItem(arena, (it), mp_unsigned_octet_size(mp)); \
+    if ((it)->data == NULL) {err = MP_MEM; goto cleanup;}       \
+    err = mp_to_unsigned_octets(mp, (it)->data, (it)->len);     \
+    if (err < 0) goto cleanup; else err = MP_OKAY;
+
+#define MP_TO_SEC_ERROR(err)                                          \
+    switch (err) {                                                    \
+    case MP_MEM:    PORT_SetError(SEC_ERROR_NO_MEMORY);       break;  \
+    case MP_RANGE:  PORT_SetError(SEC_ERROR_BAD_DATA);        break;  \
+    case MP_BADARG: PORT_SetError(SEC_ERROR_INVALID_ARGS);    break;  \
+    default:        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); break;  \
+    }
diff --git a/security/nss/lib/freebl/secrng.h b/security/nss/lib/freebl/secrng.h
new file mode 100644
index 000000000..036a3f71a
--- /dev/null
+++ b/security/nss/lib/freebl/secrng.h
@@ -0,0 +1,99 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#ifndef _SECRNG_H_
+#define _SECRNG_H_
+/*
+ * secrng.h - public data structures and prototypes for the secure random
+ *	      number generator
+ *
+ * $Id$
+ */
+
+/******************************************/
+/*
+** Random number generation. A cryptographically strong random number
+** generator.
+*/
+
+#include "blapi.h"
+
+/* the number of bytes to read from the system random number generator */
+#define SYSTEM_RNG_SEED_COUNT 1024
+
+SEC_BEGIN_PROTOS
+
+/*
+** The following functions are provided by the security library
+** but are differently implemented for the UNIX, Win, and OS/2
+** versions
+*/
+
+/*
+** Get the "noisiest" information available on the system.
+** The amount of data returned depends on the system implementation.
+** It will not exceed maxbytes, but may be (much) less.
+** Returns number of noise bytes copied into buf, or zero if error.
+*/
+extern size_t RNG_GetNoise(void *buf, size_t maxbytes);
+
+/*
+** RNG_SystemInfoForRNG should be called before any use of SSL. It
+** gathers up the system specific information to help seed the
+** state of the global random number generator.
+*/
+extern void RNG_SystemInfoForRNG(void);
+
+/* 
+** Use the contents (and stat) of a file to help seed the
+** global random number generator.
+*/
+extern void RNG_FileForRNG(const char *filename);
+
+/*
+** Get maxbytes bytes of random data from the system random number
+** generator.
+** Returns the number of bytes copied into buf -- maxbytes if success
+** or zero if error.
+** Errors:
+**   PR_NOT_IMPLEMENTED_ERROR   There is no system RNG on the platform.
+**   SEC_ERROR_NEED_RANDOM      The system RNG failed.
+*/
+extern size_t RNG_SystemRNG(void *buf, size_t maxbytes);
+
+SEC_END_PROTOS
+
+#endif /* _SECRNG_H_ */
diff --git a/security/nss/lib/freebl/sha-fast-amd64-sun.s b/security/nss/lib/freebl/sha-fast-amd64-sun.s
new file mode 100644
index 000000000..d818bc9aa
--- /dev/null
+++ b/security/nss/lib/freebl/sha-fast-amd64-sun.s
@@ -0,0 +1,2142 @@
+/ ***** BEGIN LICENSE BLOCK *****
+/ Version: MPL 1.1/GPL 2.0/LGPL 2.1
+/
+/ The contents of this file are subject to the Mozilla Public License Version
+/ 1.1 (the "License"); you may not use this file except in compliance with
+/ the License. You may obtain a copy of the License at
+/ http://www.mozilla.org/MPL/
+/
+/ Software distributed under the License is distributed on an "AS IS" basis,
+/ WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+/ for the specific language governing rights and limitations under the
+/ License.
+/
+/ The Original Code is SHA 180-1 Reference Implementation (Optimized).
+/
+/ The Initial Developer of the Original Code is
+/ Paul Kocher of Cryptography Research.
+/ Portions created by the Initial Developer are Copyright (C) 1995-9
+/ the Initial Developer. All Rights Reserved.
+/
+/ Contributor(s):
+/
+/ Alternatively, the contents of this file may be used under the terms of
+/ either the GNU General Public License Version 2 or later (the "GPL"), or
+/ the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+/ in which case the provisions of the GPL or the LGPL are applicable instead
+/ of those above. If you wish to allow use of your version of this file only
+/ under the terms of either the GPL or the LGPL, and not to allow others to
+/ use your version of this file under the terms of the MPL, indicate your
+/ decision by deleting the provisions above and replace them with the notice
+/ and other provisions required by the GPL or the LGPL. If you do not delete
+/ the provisions above, a recipient may use your version of this file under
+/ the terms of any one of the MPL, the GPL or the LGPL.
+/
+/ ***** END LICENSE BLOCK *****
+
+	.file	"sha_fast.c"
+	.text
+	.align 16
+.globl SHA1_Begin
+	.type	SHA1_Begin, @function
+SHA1_Begin:
+.LFB4:
+	movl	$4023233417, %ecx
+	movl	$2562383102, %edx
+	movl	$3285377520, %eax
+	movq	$0, 64(%rdi)
+	movq	$1732584193, 72(%rdi)
+	movq	%rcx, 80(%rdi)
+	movq	%rdx, 88(%rdi)
+	movq	$271733878, 96(%rdi)
+	movq	%rax, 104(%rdi)
+	ret
+.LFE4:
+	.size	SHA1_Begin, .-SHA1_Begin
+	.align 16
+	.type	shaCompress, @function
+shaCompress:
+.LFB7:
+	pushq	%r15
+.LCFI0:
+	pushq	%r14
+.LCFI1:
+	pushq	%r13
+.LCFI2:
+	pushq	%r12
+.LCFI3:
+	movq	-88(%rdi), %r12
+	movq	-80(%rdi), %r10
+	movq	-72(%rdi), %r13
+	movq	-64(%rdi), %r8
+	pushq	%rbx
+.LCFI4:
+	movq	-56(%rdi), %rcx
+	movl	(%rsi), %eax
+	movl	%r12d, %edx
+	movq	%r13, %r9
+	roll	$5, %edx
+	movl	4(%rsi), %ebx
+	xorq	%r8, %r9 
+/APP
+	bswap %eax
+/NO_APP
+	andq	%r10, %r9
+	mov	%eax, %r15d
+	roll	$30, %r10d
+	movq	%r15, -48(%rdi)
+	xorq	%r8, %r9 
+	movq	-48(%rdi), %r14
+	addq	%r9, %rdx
+	movq	%r10, %rax
+	movl	%r12d, %r15d
+	addq	%rcx, %rdx
+	xorq	%r13, %rax 
+	roll	$30, %r15d
+	leaq	1518500249(%rdx,%r14), %rdx
+	andq	%r12, %rax
+	movq	%r15, %r12
+/APP
+	bswap %ebx
+/NO_APP
+	movl	%edx, %ecx
+	mov	%ebx, %r11d
+	xorq	%r13, %rax 
+	movq	%r11, -40(%rdi)
+	roll	$5, %ecx
+	movq	-40(%rdi), %r9
+	addq	%rax, %rcx
+	xorq	%r10, %r12 
+	movl	8(%rsi), %r14d
+	addq	%r8, %rcx
+	andq	%rdx, %r12
+	movl	%edx, %r11d
+	leaq	1518500249(%rcx,%r9), %rcx
+	xorq	%r10, %r12 
+	roll	$30, %r11d
+/APP
+	bswap %r14d
+/NO_APP
+	movl	%ecx, %r8d
+	mov	%r14d, %ebx
+	movl	12(%rsi), %r9d
+	movq	%rbx, -32(%rdi)
+	roll	$5, %r8d
+	movq	-32(%rdi), %rax
+	addq	%r12, %r8
+	movq	%r11, %r12
+	movl	%ecx, %ebx
+	addq	%r13, %r8
+	xorq	%r15, %r12 
+	roll	$30, %ebx
+	leaq	1518500249(%r8,%rax), %r8
+	andq	%rcx, %r12
+	movl	16(%rsi), %eax
+/APP
+	bswap %r9d
+/NO_APP
+	movl	%r8d, %edx
+	mov	%r9d, %r14d
+	xorq	%r15, %r12 
+	movq	%r14, -24(%rdi)
+	roll	$5, %edx
+	movq	-24(%rdi), %r13
+	addq	%r12, %rdx
+	movq	%rbx, %r12
+	movl	%r8d, %r14d
+	addq	%r10, %rdx
+	leaq	1518500249(%rdx,%r13), %rdx
+	movl	20(%rsi), %r13d
+/APP
+	bswap %eax
+/NO_APP
+	movl	%edx, %ecx
+	mov	%eax, %r9d
+	roll	$5, %ecx
+	xorq	%r11, %r12 
+	movq	%r9, -16(%rdi)
+	andq	%r8, %r12
+	movq	-16(%rdi), %r10
+	roll	$30, %r14d
+	xorq	%r11, %r12 
+	movq	%r14, %rax
+	movl	%edx, %r9d
+	addq	%r12, %rcx
+	xorq	%rbx, %rax 
+	roll	$30, %r9d
+	addq	%r15, %rcx
+	andq	%rdx, %rax
+	leaq	1518500249(%rcx,%r10), %rcx
+	xorq	%rbx, %rax 
+	movl	24(%rsi), %r10d
+/APP
+	bswap %r13d
+/NO_APP
+	movl	%ecx, %r8d
+	mov	%r13d, %r15d
+	movq	%r15, -8(%rdi)
+	roll	$5, %r8d
+	movq	-8(%rdi), %r12
+	addq	%rax, %r8
+	movl	%ecx, %r15d
+	addq	%r11, %r8
+	movq	%r9, %r11
+	roll	$30, %r15d
+	leaq	1518500249(%r8,%r12), %r8
+	xorq	%r14, %r11 
+	movl	28(%rsi), %r12d
+/APP
+	bswap %r10d
+/NO_APP
+	andq	%rcx, %r11
+	mov	%r10d, %r13d
+	movl	%r8d, %edx
+	movq	%r13, (%rdi)
+	xorq	%r14, %r11 
+	movq	(%rdi), %rax
+	roll	$5, %edx
+	movq	%r15, %r10
+	movl	%r8d, %r13d
+	addq	%r11, %rdx
+	xorq	%r9, %r10 
+	roll	$30, %r13d
+	addq	%rbx, %rdx
+	andq	%r8, %r10
+	leaq	1518500249(%rdx,%rax), %rdx
+	xorq	%r9, %r10 
+	movl	32(%rsi), %eax
+/APP
+	bswap %r12d
+/NO_APP
+	movl	%edx, %ecx
+	mov	%r12d, %ebx
+	movq	%rbx, 8(%rdi)
+	roll	$5, %ecx
+	movq	8(%rdi), %r11
+	addq	%r10, %rcx
+	movq	%r13, %r10
+	movl	%edx, %ebx
+	addq	%r14, %rcx
+	leaq	1518500249(%rcx,%r11), %rcx
+/APP
+	bswap %eax
+/NO_APP
+	movl	%ecx, %r8d
+	mov	%eax, %r12d
+	roll	$5, %r8d
+	xorq	%r15, %r10 
+	movq	%r12, 16(%rdi)
+	andq	%rdx, %r10
+	movq	16(%rdi), %r14
+	roll	$30, %ebx
+	xorq	%r15, %r10 
+	movq	%rbx, %rax
+	movl	36(%rsi), %r11d
+	addq	%r10, %r8
+	xorq	%r13, %rax 
+	movl	%ecx, %r12d
+	addq	%r9, %r8
+	andq	%rcx, %rax
+	roll	$30, %r12d
+	leaq	1518500249(%r8,%r14), %r8
+	xorq	%r13, %rax 
+	movl	40(%rsi), %r14d
+/APP
+	bswap %r11d
+/NO_APP
+	movl	%r8d, %edx
+	mov	%r11d, %r9d
+	movq	%r12, %r11
+	movq	%r9, 24(%rdi)
+	roll	$5, %edx
+	movq	24(%rdi), %r10
+	addq	%rax, %rdx
+	xorq	%rbx, %r11 
+	movl	%r8d, %r9d
+	addq	%r15, %rdx
+	andq	%r8, %r11
+	roll	$30, %r9d
+	leaq	1518500249(%rdx,%r10), %rdx
+	xorq	%rbx, %r11 
+	movl	44(%rsi), %r10d
+/APP
+	bswap %r14d
+/NO_APP
+	movl	%edx, %ecx
+	mov	%r14d, %r15d
+	movq	%r15, 32(%rdi)
+	roll	$5, %ecx
+	movq	32(%rdi), %rax
+	addq	%r11, %rcx
+	movq	%r9, %r11
+	movl	%edx, %r15d
+	addq	%r13, %rcx
+	xorq	%r12, %r11 
+	roll	$30, %r15d
+	leaq	1518500249(%rcx,%rax), %rcx
+	andq	%rdx, %r11
+	movl	48(%rsi), %eax
+/APP
+	bswap %r10d
+/NO_APP
+	movl	%ecx, %r8d
+	mov	%r10d, %r14d
+	xorq	%r12, %r11 
+	movq	%r14, 40(%rdi)
+	roll	$5, %r8d
+	movq	40(%rdi), %r13
+	addq	%r11, %r8
+	movq	%r15, %r10
+	movl	%ecx, %r14d
+	addq	%rbx, %r8
+	xorq	%r9, %r10 
+	leaq	1518500249(%r8,%r13), %r8
+	movl	52(%rsi), %r13d
+/APP
+	bswap %eax
+/NO_APP
+	movl	%r8d, %edx
+	mov	%eax, %ebx
+	roll	$5, %edx
+	andq	%rcx, %r10
+	movq	%rbx, 48(%rdi)
+	xorq	%r9, %r10 
+	movq	48(%rdi), %r11
+	roll	$30, %r14d
+	addq	%r10, %rdx
+	movq	%r14, %rax
+	movl	%r8d, %ebx
+	addq	%r12, %rdx
+	xorq	%r15, %rax 
+	roll	$30, %ebx
+	leaq	1518500249(%rdx,%r11), %rdx
+	andq	%r8, %rax
+	movl	56(%rsi), %r11d
+/APP
+	bswap %r13d
+/NO_APP
+	movl	%edx, %ecx
+	mov	%r13d, %r12d
+	xorq	%r15, %rax 
+	movq	%r12, 56(%rdi)
+	roll	$5, %ecx
+	movq	56(%rdi), %r10
+	addq	%rax, %rcx
+	movl	%edx, %r12d
+	addq	%r9, %rcx
+	movq	%rbx, %r9
+	roll	$30, %r12d
+	leaq	1518500249(%rcx,%r10), %rcx
+	xorq	%r14, %r9 
+	movl	60(%rsi), %r10d
+/APP
+	bswap %r11d
+/NO_APP
+	andq	%rdx, %r9
+	mov	%r11d, %r13d
+	movl	%ecx, %r8d
+	movq	%r13, 64(%rdi)
+	xorq	%r14, %r9 
+	movq	64(%rdi), %rax
+	roll	$5, %r8d
+	movq	%r12, %r11
+	movl	%ecx, %r13d
+	addq	%r9, %r8
+	xorq	%rbx, %r11 
+	roll	$30, %r13d
+	addq	%r15, %r8
+	andq	%rcx, %r11
+	leaq	1518500249(%r8,%rax), %r8
+	xorq	%rbx, %r11 
+/APP
+	bswap %r10d
+/NO_APP
+	movl	%r8d, %esi
+	mov	%r10d, %r15d
+	movq	%r15, 72(%rdi)
+	roll	$5, %esi
+	movq	72(%rdi), %r9
+	movq	56(%rdi), %r10
+	movq	16(%rdi), %rcx
+	addq	%r11, %rsi
+	movq	-32(%rdi), %rdx
+	addq	%r14, %rsi
+	movq	-48(%rdi), %rax
+	leaq	1518500249(%rsi,%r9), %r14
+	movq	%r13, %r11
+	movl	%r8d, %r15d
+	xorq	%rcx, %r10 
+	xorq	%rdx, %r10 
+	movl	%r14d, %ecx
+	xorl	%eax, %r10d
+	roll	%r10d
+	roll	$5, %ecx
+	xorq	%r12, %r11 
+	andq	%r8, %r11
+	movq	%r10, -48(%rdi)
+	movq	-48(%rdi), %r9
+	xorq	%r12, %r11 
+	roll	$30, %r15d
+	movl	%r14d, %r10d
+	addq	%r11, %rcx
+	movq	64(%rdi), %r11
+	movq	24(%rdi), %rdx
+	addq	%rbx, %rcx
+	movq	-24(%rdi), %rbx
+	movq	-40(%rdi), %rax
+	leaq	1518500249(%rcx,%r9), %rcx
+	movq	%r15, %r8
+	roll	$30, %r10d
+	xorq	%rdx, %r11 
+	xorq	%r13, %r8 
+	xorq	%rbx, %r11 
+	andq	%r14, %r8
+	movl	%ecx, %r9d
+	xorl	%eax, %r11d
+	xorq	%r13, %r8 
+	roll	$5, %r9d
+	roll	%r11d
+	addq	%r8, %r9
+	movq	%r10, %rax
+	movq	%r11, -40(%rdi)
+	movq	-40(%rdi), %rsi
+	addq	%r12, %r9
+	movq	72(%rdi), %rbx
+	movq	32(%rdi), %rdx
+	xorq	%r15, %rax 
+	movq	-16(%rdi), %r14
+	movq	-32(%rdi), %r12
+	andq	%rcx, %rax
+	leaq	1518500249(%r9,%rsi), %r9
+	xorq	%r15, %rax 
+	movl	%ecx, %r11d
+	xorq	%rdx, %rbx 
+	roll	$30, %r11d
+	xorq	%r14, %rbx 
+	movl	%r9d, %esi
+	xorl	%r12d, %ebx
+	roll	$5, %esi
+	roll	%ebx
+	addq	%rax, %rsi
+	movq	%rbx, -32(%rdi)
+	movq	-32(%rdi), %r8
+	addq	%r13, %rsi
+	movq	-48(%rdi), %r12
+	movq	40(%rdi), %rdx
+	movq	%r11, %r13
+	movq	-8(%rdi), %r14
+	movq	-24(%rdi), %rcx
+	movl	%r9d, %ebx
+	leaq	1518500249(%rsi,%r8), %rsi
+	xorq	%rdx, %r12 
+	xorq	%r14, %r12 
+	movl	%esi, %r8d
+	xorl	%ecx, %r12d
+	roll	%r12d
+	roll	$5, %r8d
+	xorq	%r10, %r13 
+	andq	%r9, %r13
+	movq	%r12, -24(%rdi)
+	movq	-24(%rdi), %rax
+	xorq	%r10, %r13 
+	roll	$30, %ebx
+	movl	%esi, %r12d
+	addq	%r13, %r8
+	xorq	%rbx, %rsi 
+	roll	$30, %r12d
+	addq	%r15, %r8
+	movq	-40(%rdi), %r15
+	movq	48(%rdi), %rdx
+	movq	(%rdi), %r14
+	movq	-16(%rdi), %r9
+	leaq	1518500249(%r8,%rax), %r13
+	xorq	%r11, %rsi 
+	xorq	%rdx, %r15 
+	movl	%r13d, %ecx
+	xorq	%r14, %r15 
+	roll	$5, %ecx
+	xorl	%r9d, %r15d
+	addq	%rsi, %rcx
+	roll	%r15d
+	addq	%r10, %rcx
+	movq	%r15, -16(%rdi)
+	movq	-16(%rdi), %rsi
+	movl	%r13d, %r15d
+	movq	-32(%rdi), %r14
+	movq	56(%rdi), %rax
+	xorq	%r12, %r13 
+	movq	8(%rdi), %rdx
+	movq	-8(%rdi), %r10
+	xorq	%rbx, %r13 
+	leaq	1859775393(%rcx,%rsi), %r9
+	roll	$30, %r15d
+	xorq	%rax, %r14 
+	xorq	%rdx, %r14 
+	movl	%r9d, %esi
+	xorl	%r10d, %r14d
+	roll	$5, %esi
+	roll	%r14d
+	addq	%r13, %rsi
+	movq	%r14, -8(%rdi)
+	movq	-8(%rdi), %r8
+	addq	%r11, %rsi
+	movq	-24(%rdi), %r13
+	movq	64(%rdi), %rax
+	movl	%r9d, %r14d
+	movq	16(%rdi), %rdx
+	movq	(%rdi), %r11
+	xorq	%r15, %r9 
+	leaq	1859775393(%rsi,%r8), %r10
+	xorq	%rax, %r13 
+	xorq	%rdx, %r13 
+	movl	%r10d, %r8d
+	xorl	%r11d, %r13d
+	roll	$5, %r8d
+	roll	%r13d
+	xorq	%r12, %r9 
+	roll	$30, %r14d
+	addq	%r9, %r8
+	movq	%r13, (%rdi)
+	movq	(%rdi), %rcx
+	addq	%rbx, %r8
+	movq	-16(%rdi), %rbx
+	movq	72(%rdi), %rax
+	movq	24(%rdi), %rdx
+	movq	8(%rdi), %r9
+	movl	%r10d, %r13d
+	leaq	1859775393(%r8,%rcx), %r11
+	xorq	%r14, %r10 
+	roll	$30, %r13d
+	xorq	%rax, %rbx 
+	xorq	%r15, %r10 
+	xorq	%rdx, %rbx 
+	movl	%r11d, %ecx
+	xorl	%r9d, %ebx
+	roll	$5, %ecx
+	roll	%ebx
+	addq	%r10, %rcx
+	movq	%rbx, 8(%rdi)
+	movq	8(%rdi), %rsi
+	addq	%r12, %rcx
+	movq	-8(%rdi), %r12
+	movq	-48(%rdi), %rax
+	movl	%r11d, %ebx
+	movq	32(%rdi), %rdx
+	movq	16(%rdi), %r9
+	xorq	%r13, %r11 
+	leaq	1859775393(%rcx,%rsi), %r10
+	xorq	%r14, %r11 
+	roll	$30, %ebx
+	xorq	%rax, %r12 
+	xorq	%rdx, %r12 
+	movl	%r10d, %esi
+	xorl	%r9d, %r12d
+	roll	$5, %esi
+	roll	%r12d
+	addq	%r11, %rsi
+	movq	%r12, 16(%rdi)
+	addq	%r15, %rsi
+	movq	16(%rdi), %r8
+	movq	(%rdi), %r15
+	movq	-40(%rdi), %rax
+	movl	%r10d, %r12d
+	movq	40(%rdi), %rdx
+	movq	24(%rdi), %r9
+	xorq	%rbx, %r10 
+	leaq	1859775393(%rsi,%r8), %r11
+	xorq	%r13, %r10 
+	xorq	%rax, %r15 
+	xorq	%rdx, %r15 
+	movl	%r11d, %r8d
+	xorl	%r9d, %r15d
+	roll	$5, %r8d
+	roll	%r15d
+	addq	%r10, %r8
+	movq	%r15, 24(%rdi)
+	movq	24(%rdi), %rcx
+	addq	%r14, %r8
+	movq	8(%rdi), %r14
+	movq	-32(%rdi), %rax
+	roll	$30, %r12d
+	movq	48(%rdi), %rdx
+	movq	32(%rdi), %r10
+	movl	%r11d, %r15d
+	leaq	1859775393(%r8,%rcx), %r9
+	xorq	%r12, %r11 
+	roll	$30, %r15d
+	xorq	%rax, %r14 
+	xorq	%rbx, %r11 
+	xorq	%rdx, %r14 
+	movl	%r9d, %ecx
+	xorl	%r10d, %r14d
+	roll	$5, %ecx
+	roll	%r14d
+	addq	%r11, %rcx
+	movq	%r14, 32(%rdi)
+	addq	%r13, %rcx
+	movq	32(%rdi), %rsi
+	movq	16(%rdi), %r13
+	movq	-24(%rdi), %rax
+	movl	%r9d, %r14d
+	movq	56(%rdi), %rdx
+	movq	40(%rdi), %r11
+	xorq	%r15, %r9 
+	leaq	1859775393(%rcx,%rsi), %r10
+	xorq	%r12, %r9 
+	roll	$30, %r14d
+	xorq	%rax, %r13 
+	xorq	%rdx, %r13 
+	movl	%r10d, %esi
+	xorl	%r11d, %r13d
+	roll	$5, %esi
+	roll	%r13d
+	addq	%r9, %rsi
+	movq	%r13, 40(%rdi)
+	movq	40(%rdi), %r8
+	addq	%rbx, %rsi
+	movq	24(%rdi), %rbx
+	movq	-16(%rdi), %rax
+	movl	%r10d, %r13d
+	movq	64(%rdi), %rdx
+	movq	48(%rdi), %r9
+	xorq	%r14, %r10 
+	leaq	1859775393(%rsi,%r8), %r11
+	xorq	%r15, %r10 
+	roll	$30, %r13d
+	xorq	%rax, %rbx 
+	xorq	%rdx, %rbx 
+	movl	%r11d, %r8d
+	xorl	%r9d, %ebx
+	roll	$5, %r8d
+	roll	%ebx
+	addq	%r10, %r8
+	movq	%rbx, 48(%rdi)
+	addq	%r12, %r8
+	movq	48(%rdi), %rcx
+	movq	32(%rdi), %r12
+	movq	-8(%rdi), %rax
+	movl	%r11d, %ebx
+	movq	72(%rdi), %rdx
+	movq	56(%rdi), %r9
+	leaq	1859775393(%r8,%rcx), %r10
+	xorq	%rax, %r12 
+	xorq	%rdx, %r12 
+	movl	%r10d, %ecx
+	xorl	%r9d, %r12d
+	xorq	%r13, %r11 
+	roll	$5, %ecx
+	xorq	%r14, %r11 
+	roll	%r12d
+	roll	$30, %ebx
+	addq	%r11, %rcx
+	movq	%r12, 56(%rdi)
+	movq	56(%rdi), %rsi
+	addq	%r15, %rcx
+	movq	40(%rdi), %r15
+	movq	(%rdi), %rax
+	movq	-48(%rdi), %rdx
+	movq	64(%rdi), %r9
+	movl	%r10d, %r12d
+	leaq	1859775393(%rcx,%rsi), %r11
+	xorq	%rbx, %r10 
+	roll	$30, %r12d
+	xorq	%rax, %r15 
+	xorq	%r13, %r10 
+	xorq	%rdx, %r15 
+	movl	%r11d, %esi
+	xorl	%r9d, %r15d
+	roll	$5, %esi
+	roll	%r15d
+	addq	%r10, %rsi
+	movq	%r15, 64(%rdi)
+	movq	64(%rdi), %r8
+	addq	%r14, %rsi
+	movq	48(%rdi), %r14
+	movq	8(%rdi), %rax
+	movl	%r11d, %r15d
+	movq	-40(%rdi), %rdx
+	movq	72(%rdi), %r10
+	xorq	%r12, %r11 
+	leaq	1859775393(%rsi,%r8), %r9
+	xorq	%rbx, %r11 
+	roll	$30, %r15d
+	xorq	%rax, %r14 
+	xorq	%rdx, %r14 
+	movl	%r9d, %r8d
+	xorl	%r10d, %r14d
+	roll	$5, %r8d
+	roll	%r14d
+	addq	%r11, %r8
+	movq	%r14, 72(%rdi)
+	addq	%r13, %r8
+	movq	72(%rdi), %rcx
+	movq	56(%rdi), %r13
+	movq	16(%rdi), %rax
+	movl	%r9d, %r14d
+	movq	-32(%rdi), %rdx
+	movq	-48(%rdi), %r11
+	leaq	1859775393(%r8,%rcx), %r10
+	xorq	%rax, %r13 
+	xorq	%rdx, %r13 
+	movl	%r10d, %ecx
+	xorl	%r11d, %r13d
+	roll	$5, %ecx
+	roll	%r13d
+	xorq	%r15, %r9 
+	roll	$30, %r14d
+	xorq	%r12, %r9 
+	movq	%r13, -48(%rdi)
+	movq	-48(%rdi), %rsi
+	addq	%r9, %rcx
+	movl	%r10d, %r13d
+	xorq	%r14, %r10 
+	addq	%rbx, %rcx
+	movq	64(%rdi), %rbx
+	movq	24(%rdi), %rax
+	movq	-24(%rdi), %rdx
+	leaq	1859775393(%rcx,%rsi), %r11
+	movq	-40(%rdi), %r9
+	xorq	%r15, %r10 
+	roll	$30, %r13d
+	xorq	%rax, %rbx 
+	movl	%r11d, %esi
+	xorq	%rdx, %rbx 
+	roll	$5, %esi
+	xorl	%r9d, %ebx
+	addq	%r10, %rsi
+	roll	%ebx
+	addq	%r12, %rsi
+	movq	%rbx, -40(%rdi)
+	movq	-40(%rdi), %r8
+	movl	%r11d, %ebx
+	movq	72(%rdi), %r12
+	movq	32(%rdi), %rax
+	xorq	%r13, %r11 
+	movq	-16(%rdi), %rdx
+	movq	-32(%rdi), %r9
+	xorq	%r14, %r11 
+	leaq	1859775393(%rsi,%r8), %r10
+	roll	$30, %ebx
+	xorq	%rax, %r12 
+	xorq	%rdx, %r12 
+	movl	%r10d, %r8d
+	xorl	%r9d, %r12d
+	roll	$5, %r8d
+	roll	%r12d
+	addq	%r11, %r8
+	movq	%r12, -32(%rdi)
+	movq	-32(%rdi), %rcx
+	addq	%r15, %r8
+	movq	-48(%rdi), %r15
+	movq	40(%rdi), %rax
+	movl	%r10d, %r12d
+	movq	-8(%rdi), %rdx
+	movq	-24(%rdi), %r9
+	xorq	%rbx, %r10 
+	leaq	1859775393(%r8,%rcx), %r11
+	xorq	%r13, %r10 
+	xorq	%rax, %r15 
+	xorq	%rdx, %r15 
+	movl	%r11d, %ecx
+	xorl	%r9d, %r15d
+	roll	$5, %ecx
+	roll	%r15d
+	addq	%r10, %rcx
+	addq	%r14, %rcx
+	movq	%r15, -24(%rdi)
+	movq	-24(%rdi), %rsi
+	movq	-40(%rdi), %r14
+	movq	48(%rdi), %rax
+	roll	$30, %r12d
+	movq	(%rdi), %rdx
+	movq	-16(%rdi), %r10
+	movl	%r11d, %r15d
+	leaq	1859775393(%rcx,%rsi), %r9
+	xorq	%r12, %r11 
+	roll	$30, %r15d
+	xorq	%rax, %r14 
+	xorq	%rbx, %r11 
+	xorq	%rdx, %r14 
+	movl	%r9d, %esi
+	xorl	%r10d, %r14d
+	roll	$5, %esi
+	roll	%r14d
+	addq	%r11, %rsi
+	movq	%r14, -16(%rdi)
+	movq	-16(%rdi), %r8
+	addq	%r13, %rsi
+	movq	-32(%rdi), %r11
+	movq	56(%rdi), %rax
+	movl	%r9d, %r14d
+	movq	8(%rdi), %rdx
+	movq	-8(%rdi), %r10
+	xorq	%r15, %r9 
+	leaq	1859775393(%rsi,%r8), %r13
+	xorq	%r12, %r9 
+	roll	$30, %r14d
+	xorq	%rax, %r11 
+	xorq	%rdx, %r11 
+	movl	%r13d, %r8d
+	xorl	%r10d, %r11d
+	roll	$5, %r8d
+	movl	%r13d, %r10d
+	roll	%r11d
+	addq	%r9, %r8
+	xorq	%r14, %r13 
+	movq	%r11, -8(%rdi)
+	addq	%rbx, %r8
+	movq	-8(%rdi), %rbx
+	movq	-24(%rdi), %r9
+	movq	64(%rdi), %rax
+	xorq	%r15, %r13 
+	movq	16(%rdi), %rdx
+	movq	(%rdi), %rcx
+	leaq	1859775393(%r8,%rbx), %r11
+	xorq	%rax, %r9 
+	xorq	%rdx, %r9 
+	movl	%r11d, %ebx
+	xorl	%ecx, %r9d
+	roll	$5, %ebx
+	roll	%r9d
+	addq	%r13, %rbx
+	movq	%r9, (%rdi)
+	movq	(%rdi), %rsi
+	addq	%r12, %rbx
+	movq	-16(%rdi), %r12
+	movq	72(%rdi), %r13
+	movl	%r11d, %r9d
+	leaq	1859775393(%rbx,%rsi), %rcx
+	movl	%r10d, %ebx
+	movq	24(%rdi), %r10
+	movq	8(%rdi), %rax
+	xorq	%r13, %r12 
+	roll	$30, %ebx
+	movl	%ecx, %esi
+	xorq	%r10, %r12 
+	xorq	%rbx, %r11 
+	roll	$5, %esi
+	xorl	%eax, %r12d
+	xorq	%r14, %r11 
+	roll	$30, %r9d
+	roll	%r12d
+	addq	%r11, %rsi
+	movq	%rcx, %rax
+	movq	%r12, 8(%rdi)
+	movq	8(%rdi), %rdx
+	addq	%r15, %rsi
+	movq	-8(%rdi), %r11
+	movq	-48(%rdi), %r13
+	movl	%ecx, %r12d
+	movq	32(%rdi), %r10
+	movq	16(%rdi), %r8
+	orq	%r9, %rcx
+	leaq	1859775393(%rsi,%rdx), %rsi
+	andq	%rbx, %rcx
+	andq	%r9, %rax
+	xorq	%r13, %r11 
+	orq	%rcx, %rax
+	roll	$30, %r12d
+	xorq	%r10, %r11 
+	movq	%rsi, %r10
+	xorl	%r8d, %r11d
+	movl	%esi, %r8d
+	andq	%r12, %r10
+	roll	%r11d
+	roll	$5, %r8d
+	movq	%r11, 16(%rdi)
+	addq	%rax, %r8
+	movq	16(%rdi), %r15
+	movq	(%rdi), %r13
+	movq	-40(%rdi), %rdx
+	addq	%r14, %r8
+	movq	40(%rdi), %r14
+	movq	24(%rdi), %rcx
+	movl	%esi, %r11d
+	addq	%r15, %r8
+	movl	$2400959708, %r15d
+	orq	%r12, %rsi
+	xorq	%rdx, %r13 
+	addq	%r15, %r8
+	andq	%r9, %rsi
+	xorq	%r14, %r13 
+	orq	%rsi, %r10
+	xorl	%ecx, %r13d
+	movl	%r8d, %ecx
+	roll	%r13d
+	roll	$5, %ecx
+	movq	%r13, 24(%rdi)
+	addq	%r10, %rcx
+	movq	24(%rdi), %rax
+	movq	8(%rdi), %r14
+	movq	-32(%rdi), %rdx
+	addq	%rbx, %rcx
+	movq	48(%rdi), %rbx
+	movq	32(%rdi), %rsi
+	roll	$30, %r11d
+	addq	%rax, %rcx
+	movl	%r8d, %r13d
+	movq	%r8, %r10
+	xorq	%rdx, %r14 
+	addq	%r15, %rcx
+	orq	%r11, %r8
+	xorq	%rbx, %r14 
+	andq	%r12, %r8
+	andq	%r11, %r10
+	xorl	%esi, %r14d
+	movl	%ecx, %esi
+	orq	%r8, %r10
+	roll	$5, %esi
+	roll	%r14d
+	roll	$30, %r13d
+	addq	%r10, %rsi
+	movq	%r14, 32(%rdi)
+	movq	32(%rdi), %rax
+	addq	%r9, %rsi
+	movq	16(%rdi), %r9
+	movq	-24(%rdi), %rdx
+	movq	56(%rdi), %rbx
+	movq	40(%rdi), %r8
+	movl	%ecx, %r14d
+	addq	%rax, %rsi
+	movq	%rcx, %r10
+	orq	%r13, %rcx
+	xorq	%rdx, %r9 
+	addq	%r15, %rsi
+	andq	%r11, %rcx
+	xorq	%rbx, %r9 
+	andq	%r13, %r10
+	roll	$30, %r14d
+	xorl	%r8d, %r9d
+	movl	%esi, %r8d
+	orq	%rcx, %r10
+	roll	%r9d
+	roll	$5, %r8d
+	movq	%r9, 40(%rdi)
+	addq	%r10, %r8
+	movq	40(%rdi), %rax
+	movq	24(%rdi), %r10
+	movq	-16(%rdi), %rdx
+	addq	%r12, %r8
+	movq	64(%rdi), %rbx
+	movq	48(%rdi), %rcx
+	movl	%esi, %r9d
+	addq	%rax, %r8
+	movq	%rsi, %r12
+	xorq	%rdx, %r10 
+	addq	%r15, %r8
+	xorq	%rbx, %r10 
+	orq	%r14, %rsi
+	andq	%r14, %r12
+	andq	%r13, %rsi
+	xorl	%ecx, %r10d
+	movl	%r8d, %ecx
+	orq	%rsi, %r12
+	roll	%r10d
+	roll	$5, %ecx
+	movq	%r10, 48(%rdi)
+	addq	%r12, %rcx
+	movq	48(%rdi), %rax
+	movq	32(%rdi), %r12
+	movq	-8(%rdi), %rdx
+	addq	%r11, %rcx
+	movq	72(%rdi), %rbx
+	movq	56(%rdi), %rsi
+	roll	$30, %r9d
+	addq	%rax, %rcx
+	movl	%r8d, %r10d
+	movq	%r8, %r11
+	xorq	%rdx, %r12 
+	addq	%r15, %rcx
+	orq	%r9, %r8
+	xorq	%rbx, %r12 
+	andq	%r14, %r8
+	andq	%r9, %r11
+	xorl	%esi, %r12d
+	movl	%ecx, %esi
+	orq	%r8, %r11
+	roll	%r12d
+	roll	$5, %esi
+	roll	$30, %r10d
+	movq	%r12, 56(%rdi)
+	addq	%r11, %rsi
+	movq	56(%rdi), %rax
+	movq	40(%rdi), %r11
+	movq	(%rdi), %rdx
+	addq	%r13, %rsi
+	movq	-48(%rdi), %rbx
+	movq	64(%rdi), %r8
+	movq	%rcx, %r13
+	addq	%rax, %rsi
+	andq	%r10, %r13
+	movl	%ecx, %r12d
+	xorq	%rdx, %r11 
+	addq	%r15, %rsi
+	xorq	%rbx, %r11 
+	xorl	%r8d, %r11d
+	movl	%esi, %r8d
+	roll	%r11d
+	roll	$5, %r8d
+	orq	%r10, %rcx
+	andq	%r9, %rcx
+	movq	%r11, 64(%rdi)
+	movq	64(%rdi), %rax
+	orq	%rcx, %r13
+	roll	$30, %r12d
+	movl	%esi, %r11d
+	addq	%r13, %r8
+	movq	48(%rdi), %r13
+	movq	8(%rdi), %rdx
+	movq	-40(%rdi), %rbx
+	addq	%r14, %r8
+	movq	72(%rdi), %rcx
+	addq	%rax, %r8
+	movq	%rsi, %r14
+	orq	%r12, %rsi
+	xorq	%rdx, %r13 
+	addq	%r15, %r8
+	andq	%r10, %rsi
+	xorq	%rbx, %r13 
+	andq	%r12, %r14
+	roll	$30, %r11d
+	xorl	%ecx, %r13d
+	movl	%r8d, %ecx
+	orq	%rsi, %r14
+	roll	%r13d
+	roll	$5, %ecx
+	movq	%r13, 72(%rdi)
+	addq	%r14, %rcx
+	movq	72(%rdi), %rax
+	movq	56(%rdi), %r14
+	movq	16(%rdi), %rdx
+	addq	%r9, %rcx
+	movq	-32(%rdi), %rbx
+	movq	-48(%rdi), %rsi
+	movl	%r8d, %r13d
+	addq	%rax, %rcx
+	movq	%r8, %r9
+	orq	%r11, %r8
+	xorq	%rdx, %r14 
+	addq	%r15, %rcx
+	andq	%r12, %r8
+	xorq	%rbx, %r14 
+	andq	%r11, %r9
+	xorl	%esi, %r14d
+	movl	%ecx, %esi
+	orq	%r8, %r9
+	roll	$5, %esi
+	roll	%r14d
+	addq	%r9, %rsi
+	movq	%r14, -48(%rdi)
+	movq	-48(%rdi), %rax
+	addq	%r10, %rsi
+	movq	64(%rdi), %r10
+	movq	24(%rdi), %rdx
+	movq	-24(%rdi), %rbx
+	movq	-40(%rdi), %r8
+	movl	%ecx, %r14d
+	addq	%rax, %rsi
+	roll	$30, %r13d
+	movq	%rcx, %r9
+	xorq	%rdx, %r10 
+	addq	%r15, %rsi
+	orq	%r13, %rcx
+	xorq	%rbx, %r10 
+	andq	%r11, %rcx
+	andq	%r13, %r9
+	xorl	%r8d, %r10d
+	movl	%esi, %r8d
+	orq	%rcx, %r9
+	roll	$5, %r8d
+	roll	%r10d
+	roll	$30, %r14d
+	addq	%r9, %r8
+	movq	%r10, -40(%rdi)
+	movq	-40(%rdi), %rax
+	addq	%r12, %r8
+	movq	72(%rdi), %r12
+	movq	32(%rdi), %rdx
+	movq	-16(%rdi), %rbx
+	movq	-32(%rdi), %rcx
+	movl	%esi, %r10d
+	addq	%rax, %r8
+	movq	%rsi, %r9
+	orq	%r14, %rsi
+	xorq	%rdx, %r12 
+	addq	%r15, %r8
+	andq	%r13, %rsi
+	xorq	%rbx, %r12 
+	andq	%r14, %r9
+	roll	$30, %r10d
+	xorl	%ecx, %r12d
+	movl	%r8d, %ecx
+	orq	%rsi, %r9
+	roll	$5, %ecx
+	roll	%r12d
+	addq	%r9, %rcx
+	movq	%r12, -32(%rdi)
+	movq	-32(%rdi), %rax
+	addq	%r11, %rcx
+	movq	-48(%rdi), %r11
+	movq	40(%rdi), %rdx
+	movq	-8(%rdi), %rbx
+	movq	-24(%rdi), %rsi
+	movl	%r8d, %r12d
+	addq	%rax, %rcx
+	movq	%r8, %r9
+	xorq	%rdx, %r11 
+	addq	%r15, %rcx
+	xorq	%rbx, %r11 
+	xorl	%esi, %r11d
+	orq	%r10, %r8
+	andq	%r10, %r9
+	andq	%r14, %r8
+	movl	%ecx, %esi
+	roll	%r11d
+	orq	%r8, %r9
+	roll	$5, %esi
+	movq	%r11, -24(%rdi)
+	addq	%r9, %rsi
+	movq	-24(%rdi), %rax
+	roll	$30, %r12d
+	addq	%r13, %rsi
+	movq	-40(%rdi), %r13
+	movq	48(%rdi), %rdx
+	movq	(%rdi), %rbx
+	movq	-16(%rdi), %r8
+	movl	%ecx, %r11d
+	addq	%rax, %rsi
+	movq	%rcx, %r9
+	orq	%r12, %rcx
+	xorq	%rdx, %r13 
+	addq	%r15, %rsi
+	andq	%r10, %rcx
+	xorq	%rbx, %r13 
+	andq	%r12, %r9
+	roll	$30, %r11d
+	xorl	%r8d, %r13d
+	movl	%esi, %r8d
+	orq	%rcx, %r9
+	roll	%r13d
+	roll	$5, %r8d
+	movq	%r13, -16(%rdi)
+	addq	%r9, %r8
+	movq	-16(%rdi), %rax
+	movq	-32(%rdi), %r9
+	movq	56(%rdi), %rdx
+	addq	%r14, %r8
+	movq	8(%rdi), %rcx
+	movq	-8(%rdi), %rbx
+	movl	%esi, %r13d
+	addq	%rax, %r8
+	movq	%rsi, %r14
+	orq	%r11, %rsi
+	xorq	%rdx, %r9 
+	addq	%r15, %r8
+	andq	%r11, %r14
+	xorq	%rcx, %r9 
+	xorl	%ebx, %r9d
+	movl	%r8d, %ebx
+	roll	%r9d
+	roll	$5, %ebx
+	andq	%r12, %rsi
+	orq	%rsi, %r14
+	movq	%r9, -8(%rdi)
+	movq	-8(%rdi), %rax
+	addq	%r14, %rbx
+	movq	-24(%rdi), %r14
+	movq	64(%rdi), %rdx
+	movq	16(%rdi), %rcx
+	addq	%r10, %rbx
+	movq	(%rdi), %rsi
+	roll	$30, %r13d
+	addq	%rax, %rbx
+	movl	%r8d, %r9d
+	xorq	%rdx, %r14 
+	addq	%r15, %rbx
+	movq	%r8, %r10
+	xorq	%rcx, %r14 
+	orq	%r13, %r8
+	andq	%r13, %r10
+	andq	%r11, %r8
+	xorl	%esi, %r14d
+	movl	%ebx, %esi
+	orq	%r8, %r10
+	roll	$5, %esi
+	roll	%r14d
+	addq	%r10, %rsi
+	movq	%r14, (%rdi)
+	movq	(%rdi), %rax
+	addq	%r12, %rsi
+	movq	-16(%rdi), %r12
+	movq	72(%rdi), %rdx
+	movq	24(%rdi), %rcx
+	movq	8(%rdi), %r8
+	roll	$30, %r9d
+	addq	%rax, %rsi
+	movl	%ebx, %r14d
+	movq	%rbx, %r10
+	xorq	%rdx, %r12 
+	addq	%r15, %rsi
+	orq	%r9, %rbx
+	xorq	%rcx, %r12 
+	andq	%r13, %rbx
+	andq	%r9, %r10
+	xorl	%r8d, %r12d
+	movl	%esi, %r8d
+	orq	%rbx, %r10
+	roll	%r12d
+	roll	$5, %r8d
+	movq	%r12, 8(%rdi)
+	movq	8(%rdi), %rax
+	addq	%r10, %r8
+	movq	-8(%rdi), %rbx
+	movq	-48(%rdi), %rdx
+	addq	%r11, %r8
+	movq	32(%rdi), %r11
+	movq	16(%rdi), %rcx
+	movl	%esi, %r12d
+	addq	%rax, %r8
+	movq	%rsi, %r10
+	addq	%r15, %r8
+	xorq	%rdx, %rbx 
+	roll	$30, %r14d
+	xorq	%r11, %rbx 
+	orq	%r14, %rsi
+	andq	%r14, %r10
+	xorl	%ecx, %ebx
+	andq	%r9, %rsi
+	movl	%r8d, %ecx
+	roll	%ebx
+	orq	%rsi, %r10
+	roll	$5, %ecx
+	movq	%rbx, 16(%rdi)
+	movq	16(%rdi), %rsi
+	addq	%r10, %rcx
+	movq	(%rdi), %r11
+	movq	-40(%rdi), %rax
+	addq	%r13, %rcx
+	movq	40(%rdi), %rdx
+	movq	24(%rdi), %r13
+	roll	$30, %r12d
+	addq	%rsi, %rcx
+	movl	%r8d, %ebx
+	movq	%r8, %r10
+	xorq	%rax, %r11 
+	addq	%r15, %rcx
+	orq	%r12, %r8
+	xorq	%rdx, %r11 
+	andq	%r14, %r8
+	andq	%r12, %r10
+	xorl	%r13d, %r11d
+	movl	%ecx, %r13d
+	orq	%r8, %r10
+	roll	%r11d
+	roll	$5, %r13d
+	roll	$30, %ebx
+	movq	%r11, 24(%rdi)
+	addq	%r10, %r13
+	movq	24(%rdi), %rsi
+	movq	8(%rdi), %r10
+	movq	-32(%rdi), %rax
+	addq	%r9, %r13
+	movq	48(%rdi), %rdx
+	movq	32(%rdi), %r8
+	movl	%ecx, %r11d
+	addq	%rsi, %r13
+	movq	%rcx, %r9
+	xorq	%rax, %r10 
+	addq	%r15, %r13
+	xorq	%rdx, %r10 
+	xorl	%r8d, %r10d
+	movl	%r13d, %r8d
+	roll	%r10d
+	orq	%rbx, %rcx
+	andq	%rbx, %r9
+	movq	%r10, 32(%rdi)
+	andq	%r12, %rcx
+	movl	%r13d, %r10d
+	orq	%rcx, %r9
+	roll	$5, %r10d
+	movq	32(%rdi), %rsi
+	addq	%r9, %r10
+	roll	$30, %r11d
+	movq	%r13, %rcx
+	addq	%r14, %r10
+	movq	16(%rdi), %r14
+	movq	-24(%rdi), %rax
+	movq	56(%rdi), %rdx
+	movq	40(%rdi), %r9
+	addq	%rsi, %r10
+	addq	%r15, %r10
+	orq	%r11, %r13
+	andq	%r11, %rcx
+	xorq	%rax, %r14 
+	andq	%rbx, %r13
+	xorq	%rdx, %r14 
+	orq	%r13, %rcx
+	xorl	%r9d, %r14d
+	movl	%r10d, %r9d
+	roll	%r14d
+	roll	$5, %r9d
+	movq	%r14, 40(%rdi)
+	movq	40(%rdi), %rsi
+	addq	%rcx, %r9
+	movq	24(%rdi), %r13
+	addq	%r12, %r9
+	movq	-16(%rdi), %r12
+	movq	64(%rdi), %rax
+	movl	%r10d, %r14d
+	addq	%rsi, %r9
+	movl	%r8d, %esi
+	addq	%r15, %r9
+	movq	48(%rdi), %r15
+	xorq	%r12, %r13 
+	roll	$30, %esi
+	xorq	%rax, %r13 
+	xorq	%rsi, %r10 
+	xorl	%r15d, %r13d
+	movl	%r9d, %r15d
+	xorq	%r11, %r10 
+	roll	$5, %r15d
+	roll	%r13d
+	addq	%r10, %r15
+	movq	%r13, 48(%rdi)
+	movq	48(%rdi), %r10
+	addq	%rbx, %r15
+	movq	32(%rdi), %rbx
+	movq	-8(%rdi), %r8
+	movq	72(%rdi), %rdx
+	movq	56(%rdi), %rcx
+	roll	$30, %r14d
+	addq	%r10, %r15
+	movl	$3395469782, %r10d
+	movl	%r9d, %r13d
+	xorq	%r8, %rbx 
+	addq	%r10, %r15
+	xorq	%r14, %r9 
+	xorq	%rdx, %rbx 
+	xorq	%rsi, %r9 
+	roll	$30, %r13d
+	xorl	%ecx, %ebx
+	movl	%r15d, %ecx
+	roll	%ebx
+	roll	$5, %ecx
+	movq	%rbx, 56(%rdi)
+	addq	%r9, %rcx
+	movq	56(%rdi), %r12
+	movq	40(%rdi), %r9
+	movq	(%rdi), %rax
+	addq	%r11, %rcx
+	movq	-48(%rdi), %r8
+	movq	64(%rdi), %r11
+	movl	%r15d, %ebx
+	addq	%r12, %rcx
+	xorq	%r13, %r15 
+	roll	$30, %ebx
+	xorq	%rax, %r9 
+	addq	%r10, %rcx
+	xorq	%r14, %r15 
+	xorq	%r8, %r9 
+	xorl	%r11d, %r9d
+	movl	%ecx, %r11d
+	roll	%r9d
+	roll	$5, %r11d
+	movq	%r9, 64(%rdi)
+	addq	%r15, %r11
+	movq	64(%rdi), %rdx
+	movq	48(%rdi), %r15
+	movq	8(%rdi), %r12
+	addq	%rsi, %r11
+	movq	-40(%rdi), %rax
+	movq	72(%rdi), %r8
+	movl	%ecx, %r9d
+	addq	%rdx, %r11
+	xorq	%r12, %r15 
+	addq	%r10, %r11
+	xorq	%rax, %r15 
+	xorl	%r8d, %r15d
+	movl	%r11d, %r8d
+	roll	%r15d
+	roll	$5, %r8d
+	xorq	%rbx, %rcx 
+	xorq	%r13, %rcx 
+	movq	%r15, 72(%rdi)
+	movq	72(%rdi), %rsi
+	addq	%rcx, %r8
+	movq	56(%rdi), %r12
+	movq	16(%rdi), %rcx
+	movq	-32(%rdi), %rdx
+	addq	%r14, %r8
+	movq	-48(%rdi), %r14
+	addq	%rsi, %r8
+	roll	$30, %r9d
+	movl	%r11d, %r15d
+	xorq	%rcx, %r12 
+	addq	%r10, %r8
+	xorq	%r9, %r11 
+	xorq	%rdx, %r12 
+	xorq	%rbx, %r11 
+	roll	$30, %r15d
+	xorl	%r14d, %r12d
+	movl	%r8d, %r14d
+	roll	$5, %r14d
+	roll	%r12d
+	addq	%r11, %r14
+	movq	%r12, -48(%rdi)
+	movq	-48(%rdi), %rax
+	addq	%r13, %r14
+	movq	64(%rdi), %r13
+	movq	24(%rdi), %rsi
+	movq	-24(%rdi), %rcx
+	movq	-40(%rdi), %r11
+	movl	%r8d, %r12d
+	addq	%rax, %r14
+	xorq	%r15, %r8 
+	roll	$30, %r12d
+	xorq	%rsi, %r13 
+	addq	%r10, %r14
+	xorq	%r9, %r8 
+	xorq	%rcx, %r13 
+	xorl	%r11d, %r13d
+	movl	%r14d, %r11d
+	roll	$5, %r11d
+	roll	%r13d
+	addq	%r8, %r11
+	movq	%r13, -40(%rdi)
+	movq	-40(%rdi), %rdx
+	addq	%rbx, %r11
+	movq	72(%rdi), %rbx
+	movq	32(%rdi), %rax
+	movq	-16(%rdi), %rsi
+	movq	-32(%rdi), %r8
+	movl	%r14d, %r13d
+	addq	%rdx, %r11
+	xorq	%rax, %rbx 
+	addq	%r10, %r11
+	xorq	%rsi, %rbx 
+	xorl	%r8d, %ebx
+	xorq	%r12, %r14 
+	movl	%r11d, %r8d
+	xorq	%r15, %r14 
+	roll	%ebx
+	roll	$5, %r8d
+	movq	%rbx, -32(%rdi)
+	addq	%r14, %r8
+	movq	-32(%rdi), %rcx
+	movq	-48(%rdi), %r14
+	movq	40(%rdi), %rdx
+	addq	%r9, %r8
+	movq	-8(%rdi), %rax
+	movq	-24(%rdi), %r9
+	roll	$30, %r13d
+	addq	%rcx, %r8
+	movl	%r11d, %ebx
+	xorq	%r13, %r11 
+	xorq	%rdx, %r14 
+	addq	%r10, %r8
+	xorq	%r12, %r11 
+	xorq	%rax, %r14 
+	roll	$30, %ebx
+	xorl	%r9d, %r14d
+	movl	%r8d, %r9d
+	roll	$5, %r9d
+	roll	%r14d
+	addq	%r11, %r9
+	movq	%r14, -24(%rdi)
+	movq	-24(%rdi), %rsi
+	addq	%r15, %r9
+	movq	-40(%rdi), %r15
+	movq	48(%rdi), %rcx
+	movq	(%rdi), %rdx
+	movq	-16(%rdi), %r11
+	movl	%r8d, %r14d
+	addq	%rsi, %r9
+	xorq	%rbx, %r8 
+	xorq	%rcx, %r15 
+	addq	%r10, %r9
+	xorq	%r13, %r8 
+	xorq	%rdx, %r15 
+	xorl	%r11d, %r15d
+	movl	%r9d, %r11d
+	roll	%r15d
+	roll	$5, %r11d
+	movq	%r15, -16(%rdi)
+	addq	%r8, %r11
+	movq	-16(%rdi), %rax
+	addq	%r12, %r11
+	movq	-32(%rdi), %r12
+	movq	56(%rdi), %rsi
+	movq	8(%rdi), %rcx
+	movq	-8(%rdi), %r8
+	movl	%r9d, %r15d
+	addq	%rax, %r11
+	addq	%r10, %r11
+	roll	$30, %r14d
+	xorq	%rsi, %r12 
+	xorq	%rcx, %r12 
+	xorq	%r14, %r9 
+	roll	$30, %r15d
+	xorl	%r8d, %r12d
+	movl	%r11d, %r8d
+	xorq	%rbx, %r9 
+	roll	$5, %r8d
+	roll	%r12d
+	addq	%r9, %r8
+	movq	%r12, -8(%rdi)
+	movq	-8(%rdi), %rdx
+	addq	%r13, %r8
+	movq	-24(%rdi), %r13
+	movq	64(%rdi), %rax
+	movq	16(%rdi), %rsi
+	movq	(%rdi), %rcx
+	movl	%r11d, %r12d
+	addq	%rdx, %r8
+	xorq	%r15, %r11 
+	roll	$30, %r12d
+	xorq	%rax, %r13 
+	addq	%r10, %r8
+	xorq	%r14, %r11 
+	xorq	%rsi, %r13 
+	xorl	%ecx, %r13d
+	movl	%r8d, %ecx
+	roll	$5, %ecx
+	roll	%r13d
+	addq	%r11, %rcx
+	movq	%r13, (%rdi)
+	movq	(%rdi), %r9
+	addq	%rbx, %rcx
+	movq	-16(%rdi), %rbx
+	movq	72(%rdi), %rdx
+	movq	24(%rdi), %rax
+	movq	8(%rdi), %rsi
+	movl	%r8d, %r13d
+	addq	%r9, %rcx
+	xorq	%r12, %r8 
+	xorq	%rdx, %rbx 
+	addq	%r10, %rcx
+	xorq	%r15, %r8 
+	xorq	%rax, %rbx 
+	xorl	%esi, %ebx
+	movl	%ecx, %esi
+	roll	$5, %esi
+	roll	%ebx
+	addq	%r8, %rsi
+	movq	%rbx, 8(%rdi)
+	movq	8(%rdi), %r11
+	addq	%r14, %rsi
+	movq	-8(%rdi), %r14
+	movq	-48(%rdi), %r9
+	movq	32(%rdi), %rdx
+	movq	16(%rdi), %r8
+	roll	$30, %r13d
+	addq	%r11, %rsi
+	movl	%ecx, %ebx
+	xorq	%r13, %rcx 
+	xorq	%r9, %r14 
+	addq	%r10, %rsi
+	xorq	%r12, %rcx 
+	xorq	%rdx, %r14 
+	roll	$30, %ebx
+	xorl	%r8d, %r14d
+	movl	%esi, %r8d
+	roll	$5, %r8d
+	roll	%r14d
+	addq	%rcx, %r8
+	movq	%r14, 16(%rdi)
+	movq	16(%rdi), %rax
+	addq	%r15, %r8
+	movq	(%rdi), %r15
+	movq	-40(%rdi), %r11
+	movq	40(%rdi), %r9
+	movq	24(%rdi), %rcx
+	movl	%esi, %r14d
+	addq	%rax, %r8
+	xorq	%rbx, %rsi 
+	roll	$30, %r14d
+	xorq	%r11, %r15 
+	addq	%r10, %r8
+	xorq	%r13, %rsi 
+	xorq	%r9, %r15 
+	xorl	%ecx, %r15d
+	movl	%r8d, %ecx
+	roll	%r15d
+	roll	$5, %ecx
+	movq	%r15, 24(%rdi)
+	addq	%rsi, %rcx
+	movq	24(%rdi), %rdx
+	movq	8(%rdi), %r11
+	movq	-32(%rdi), %rax
+	addq	%r12, %rcx
+	movq	48(%rdi), %r12
+	movq	32(%rdi), %rsi
+	movl	%r8d, %r15d
+	addq	%rdx, %rcx
+	xorq	%rax, %r11 
+	addq	%r10, %rcx
+	xorq	%r12, %r11 
+	xorl	%esi, %r11d
+	movl	%ecx, %esi
+	roll	%r11d
+	movq	%r11, 32(%rdi)
+	movl	%ecx, %r11d
+	movq	32(%rdi), %r9
+	roll	$5, %r11d
+	xorq	%r14, %r8 
+	movq	16(%rdi), %r12
+	xorq	%rbx, %r8 
+	movq	-24(%rdi), %rdx
+	movq	56(%rdi), %rax
+	addq	%r8, %r11
+	movq	40(%rdi), %r8
+	roll	$30, %r15d
+	addq	%r13, %r11
+	xorq	%r15, %rcx 
+	addq	%r9, %r11
+	xorq	%rdx, %r12 
+	xorq	%r14, %rcx 
+	addq	%r10, %r11
+	xorq	%rax, %r12 
+	xorl	%r8d, %r12d
+	movl	%r11d, %r8d
+	roll	$5, %r8d
+	roll	%r12d
+	addq	%rcx, %r8
+	movq	%r12, 40(%rdi)
+	movq	40(%rdi), %r13
+	addq	%rbx, %r8
+	movq	24(%rdi), %rbx
+	movq	-16(%rdi), %r9
+	movq	64(%rdi), %rdx
+	movq	48(%rdi), %rcx
+	movl	%r11d, %r12d
+	addq	%r13, %r8
+	movl	%esi, %r13d
+	roll	$30, %r12d
+	xorq	%r9, %rbx 
+	addq	%r10, %r8
+	roll	$30, %r13d
+	xorq	%rdx, %rbx 
+	xorq	%r13, %r11 
+	xorl	%ecx, %ebx
+	movl	%r8d, %ecx
+	xorq	%r15, %r11 
+	roll	%ebx
+	roll	$5, %ecx
+	movq	%rbx, 48(%rdi)
+	addq	%r11, %rcx
+	movq	48(%rdi), %rax
+	movq	32(%rdi), %r11
+	movq	-8(%rdi), %rsi
+	addq	%r14, %rcx
+	movq	72(%rdi), %r9
+	movq	56(%rdi), %r14
+	movl	%r8d, %ebx
+	addq	%rax, %rcx
+	xorq	%rsi, %r11 
+	addq	%r10, %rcx
+	xorq	%r9, %r11 
+	xorl	%r14d, %r11d
+	xorq	%r12, %r8 
+	movl	%ecx, %r14d
+	xorq	%r13, %r8 
+	roll	%r11d
+	roll	$5, %r14d
+	movq	%r11, 56(%rdi)
+	addq	%r8, %r14
+	movq	56(%rdi), %rdx
+	movq	40(%rdi), %r8
+	movq	(%rdi), %rax
+	addq	%r15, %r14
+	movq	-48(%rdi), %r15
+	movq	64(%rdi), %rsi
+	roll	$30, %ebx
+	addq	%rdx, %r14
+	movl	%ecx, %r11d
+	xorq	%rbx, %rcx 
+	xorq	%rax, %r8 
+	addq	%r10, %r14
+	xorq	%r12, %rcx 
+	xorq	%r15, %r8 
+	roll	$30, %r11d
+	xorl	%esi, %r8d
+	movl	%r14d, %esi
+	roll	%r8d
+	roll	$5, %esi
+	movq	%r8, 64(%rdi)
+	movq	64(%rdi), %r9
+	addq	%rcx, %rsi
+	movq	48(%rdi), %r15
+	movq	8(%rdi), %rcx
+	addq	%r13, %rsi
+	movq	-40(%rdi), %rdx
+	movq	72(%rdi), %rax
+	movl	%r14d, %r8d
+	addq	%r9, %rsi
+	xorq	%r11, %r14 
+	addq	%r10, %rsi
+	xorq	%rcx, %r15 
+	xorq	%rbx, %r14 
+	xorq	%rdx, %r15 
+	movl	%esi, %r13d
+	xorl	%eax, %r15d
+	roll	$5, %r13d
+	roll	%r15d
+	addq	%r14, %r13
+	movq	%r15, 72(%rdi)
+	addq	%r12, %r13
+	movq	72(%rdi), %r12
+	addq	%r12, %r13
+	addq	%r10, %r13
+	movq	-88(%rdi), %r10
+	roll	$30, %r8d
+	addq	%r13, %r10
+	movq	%r10, -88(%rdi)
+	movq	-80(%rdi), %r9
+	addq	%rsi, %r9
+	movq	%r9, -80(%rdi)
+	movq	-72(%rdi), %rcx
+	addq	%r8, %rcx
+	movq	%rcx, -72(%rdi)
+	movq	-64(%rdi), %rdx
+	addq	%r11, %rdx
+	movq	%rdx, -64(%rdi)
+	movq	-56(%rdi), %rax
+	addq	%rbx, %rax
+	popq	%rbx
+	popq	%r12
+	popq	%r13
+	popq	%r14
+	popq	%r15
+	movq	%rax, -56(%rdi)
+	ret
+.LFE7:
+	.size	shaCompress, .-shaCompress
+	.align 16
+.globl SHA1_Update
+	.type	SHA1_Update, @function
+SHA1_Update:
+.LFB5:
+	pushq	%rbp
+.LCFI5:
+	movq	%rsp, %rbp
+.LCFI6:
+	movq	%r13, -24(%rbp)
+.LCFI7:
+	movq	%r14, -16(%rbp)
+.LCFI8:
+	movl	%edx, %r13d
+	movq	%r15, -8(%rbp)
+.LCFI9:
+	movq	%rbx, -40(%rbp)
+.LCFI10:
+	movq	%rdi, %r15
+	movq	%r12, -32(%rbp)
+.LCFI11:
+	subq	$48, %rsp
+.LCFI12:
+	testl	%edx, %edx
+	movq	%rsi, %r14
+	je	.L243
+	movq	64(%rdi), %rdx
+	mov	%r13d, %ecx
+	leaq	(%rdx,%rcx), %rax
+	movq	%rax, 64(%rdi)
+	movl	%edx, %eax
+	andl	$63, %eax
+	movl	%eax, -44(%rbp)
+	jne	.L256
+.L245:
+	cmpl	$63, %r13d
+	jbe	.L253
+	leaq	160(%r15), %rbx
+	.align 16
+.L250:
+	movq	%r14, %rsi
+	subl	$64, %r13d
+	movq	%rbx, %rdi
+	call	shaCompress
+	addq	$64, %r14
+	cmpl	$63, %r13d
+	ja	.L250
+.L253:
+	testl	%r13d, %r13d
+	je	.L243
+	mov	%r13d, %edx
+	movq	%r14, %rsi
+	movq	%r15, %rdi
+	movq	-40(%rbp), %rbx
+	movq	-32(%rbp), %r12
+	movq	-24(%rbp), %r13
+	movq	-16(%rbp), %r14
+	movq	-8(%rbp), %r15
+	leave
+	jmp	memcpy@PLT
+	.align 16
+.L243:
+	movq	-40(%rbp), %rbx
+	movq	-32(%rbp), %r12
+	movq	-24(%rbp), %r13
+	movq	-16(%rbp), %r14
+	movq	-8(%rbp), %r15
+	leave
+	ret
+.L256:
+	movl	$64, %ebx
+	mov	%eax, %edi
+	subl	%eax, %ebx
+	cmpl	%ebx, %r13d
+	cmovb	%r13d, %ebx
+	addq	%r15, %rdi
+	mov	%ebx, %r12d
+	subl	%ebx, %r13d
+	movq	%r12, %rdx
+	addq	%r12, %r14
+	call	memcpy@PLT
+	addl	-44(%rbp), %ebx
+	andl	$63, %ebx
+	jne	.L245
+	leaq	160(%r15), %rdi
+	movq	%r15, %rsi
+	call	shaCompress
+	jmp	.L245
+.LFE5:
+	.size	SHA1_Update, .-SHA1_Update
+	.section	.rodata
+	.align 32
+	.type	bulk_pad.0, @object
+	.size	bulk_pad.0, 64
+bulk_pad.0:
+	.byte	-128
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.text
+	.align 16
+.globl SHA1_End
+	.type	SHA1_End, @function
+SHA1_End:
+.LFB6:
+	pushq	%rbp
+.LCFI13:
+	movq	%rsp, %rbp
+.LCFI14:
+	movq	%r12, -24(%rbp)
+.LCFI15:
+	movq	%r13, -16(%rbp)
+.LCFI16:
+	movq	%rsi, %r13
+	movq	%r14, -8(%rbp)
+.LCFI17:
+	movq	%rbx, -32(%rbp)
+.LCFI18:
+	subq	$32, %rsp
+.LCFI19:
+	movq	64(%rdi), %rbx
+	movq	%rdx, %r14
+	movl	$119, %edx
+	leaq	bulk_pad.0(%rip), %rsi
+	movq	%rdi, %r12
+	movl	%ebx, %r8d
+	salq	$3, %rbx
+	andl	$63, %r8d
+	subl	%r8d, %edx
+	andl	$63, %edx
+	incl	%edx
+	call	SHA1_Update@PLT
+	movq	%rbx, %rdi
+	movq	%r12, %rsi
+	shrq	$32, %rdi
+/APP
+	bswap %edi
+/NO_APP
+	movl	%edi, 56(%r12)
+	leaq	160(%r12), %rdi
+/APP
+	bswap %ebx
+/NO_APP
+	movl	%ebx, 60(%r12)
+	call	shaCompress
+	movl	72(%r12), %esi
+	movl	80(%r12), %ebx
+	movl	88(%r12), %ecx
+	movl	96(%r12), %edx
+	movl	104(%r12), %eax
+	movq	8(%rsp), %r12
+/APP
+	bswap %ebx
+	bswap %esi
+/NO_APP
+	movl	%ebx, 4(%r13)
+	movl	%esi, (%r13)
+/APP
+	bswap %ecx
+	bswap %edx
+/NO_APP
+	movl	%ecx, 8(%r13)
+	movl	%edx, 12(%r13)
+/APP
+	bswap %eax
+/NO_APP
+	movq	(%rsp), %rbx
+	movl	%eax, 16(%r13)
+	movl	$20, (%r14)
+	movq	16(%rsp), %r13
+	movq	24(%rsp), %r14
+	leave
+	ret
+.LFE6:
+	.size	SHA1_End, .-SHA1_End
+	.align 16
+.globl SHA1_NewContext
+	.type	SHA1_NewContext, @function
+SHA1_NewContext:
+.LFB8:
+	movl	$248, %edi
+	jmp	PORT_Alloc_Util@PLT
+.LFE8:
+	.size	SHA1_NewContext, .-SHA1_NewContext
+	.align 16
+.globl SHA1_DestroyContext
+	.type	SHA1_DestroyContext, @function
+SHA1_DestroyContext:
+.LFB9:
+	pushq	%rbp
+.LCFI20:
+	movl	$248, %edx
+	movq	%rsp, %rbp
+.LCFI21:
+	movq	%rbx, -16(%rbp)
+.LCFI22:
+	movq	%r12, -8(%rbp)
+.LCFI23:
+	movl	%esi, %ebx
+	subq	$16, %rsp
+.LCFI24:
+	xorl	%esi, %esi
+	movq	%rdi, %r12
+	call	memset@PLT
+	testl	%ebx, %ebx
+	jne	.L268
+	movq	(%rsp), %rbx
+	movq	8(%rsp), %r12
+	leave
+	ret
+	.align 16
+.L268:
+	movq	%r12, %rdi
+	movq	(%rsp), %rbx
+	movq	8(%rsp), %r12
+	leave
+	jmp	PORT_Free_Util@PLT
+.LFE9:
+	.size	SHA1_DestroyContext, .-SHA1_DestroyContext
+	.align 16
+.globl SHA1_HashBuf
+	.type	SHA1_HashBuf, @function
+SHA1_HashBuf:
+.LFB10:
+	pushq	%rbp
+.LCFI25:
+	movq	%rsp, %rbp
+.LCFI26:
+	movq	%rbx, -32(%rbp)
+.LCFI27:
+	leaq	-288(%rbp), %rbx
+	movq	%r12, -24(%rbp)
+.LCFI28:
+	movq	%r13, -16(%rbp)
+.LCFI29:
+	movq	%r14, -8(%rbp)
+.LCFI30:
+	movq	%rsi, %r13
+	subq	$304, %rsp
+.LCFI31:
+	movq	%rdi, %r14
+	movl	%edx, %r12d
+	movq	%rbx, %rdi
+	call	SHA1_Begin@PLT
+	movl	%r12d, %edx
+	movq	%r13, %rsi
+	movq	%rbx, %rdi
+	call	SHA1_Update@PLT
+	leaq	-292(%rbp), %rdx
+	movq	%r14, %rsi
+	movq	%rbx, %rdi
+	movl	$20, %ecx
+	call	SHA1_End@PLT
+	movq	-32(%rbp), %rbx
+	movq	-24(%rbp), %r12
+	xorl	%eax, %eax
+	movq	-16(%rbp), %r13
+	movq	-8(%rbp), %r14
+	leave
+	ret
+.LFE10:
+	.size	SHA1_HashBuf, .-SHA1_HashBuf
+	.align 16
+.globl SHA1_Hash
+	.type	SHA1_Hash, @function
+SHA1_Hash:
+.LFB11:
+	pushq	%rbp
+.LCFI32:
+	movq	%rsp, %rbp
+.LCFI33:
+	movq	%rbx, -16(%rbp)
+.LCFI34:
+	movq	%r12, -8(%rbp)
+.LCFI35:
+	movq	%rsi, %rbx
+	subq	$16, %rsp
+.LCFI36:
+	movq	%rdi, %r12
+	movq	%rsi, %rdi
+	call	strlen@PLT
+	movq	%rbx, %rsi
+	movq	%r12, %rdi
+	movq	(%rsp), %rbx
+	movq	8(%rsp), %r12
+	leave
+	movl	%eax, %edx
+	jmp	SHA1_HashBuf@PLT
+.LFE11:
+	.size	SHA1_Hash, .-SHA1_Hash
+	.align 16
+.globl SHA1_FlattenSize
+	.type	SHA1_FlattenSize, @function
+SHA1_FlattenSize:
+.LFB12:
+	movl	$248, %eax
+	ret
+.LFE12:
+	.size	SHA1_FlattenSize, .-SHA1_FlattenSize
+	.align 16
+.globl SHA1_Flatten
+	.type	SHA1_Flatten, @function
+SHA1_Flatten:
+.LFB13:
+	pushq	%rbp
+.LCFI37:
+	movq	%rsi, %rax
+	movl	$248, %edx
+	movq	%rdi, %rsi
+	movq	%rax, %rdi
+	movq	%rsp, %rbp
+.LCFI38:
+	call	memcpy@PLT
+	leave
+	xorl	%eax, %eax
+	ret
+.LFE13:
+	.size	SHA1_Flatten, .-SHA1_Flatten
+	.align 16
+.globl SHA1_Resurrect
+	.type	SHA1_Resurrect, @function
+SHA1_Resurrect:
+.LFB14:
+	pushq	%rbp
+.LCFI39:
+	movq	%rsp, %rbp
+.LCFI40:
+	movq	%rbx, -16(%rbp)
+.LCFI41:
+	movq	%r12, -8(%rbp)
+.LCFI42:
+	subq	$16, %rsp
+.LCFI43:
+	movq	%rdi, %r12
+	call	SHA1_NewContext@PLT
+	movq	%rax, %rbx
+	xorl	%eax, %eax
+	testq	%rbx, %rbx
+	je	.L273
+	movl	$248, %edx
+	movq	%r12, %rsi
+	movq	%rbx, %rdi
+	call	memcpy@PLT
+	movq	%rbx, %rax
+.L273:
+	movq	(%rsp), %rbx
+	movq	8(%rsp), %r12
+	leave
+	ret
+.LFE14:
+	.size	SHA1_Resurrect, .-SHA1_Resurrect
+	.align 16
+.globl SHA1_Clone
+	.type	SHA1_Clone, @function
+SHA1_Clone:
+.LFB15:
+	movl	$248, %edx
+	jmp	memcpy@PLT
+.LFE15:
+	.size	SHA1_Clone, .-SHA1_Clone
+	.align 16
+.globl SHA1_TraceState
+	.type	SHA1_TraceState, @function
+SHA1_TraceState:
+.LFB16:
+	movl	$-5992, %edi
+	jmp	PORT_SetError_Util@PLT
+.LFE16:
+	.size	SHA1_TraceState, .-SHA1_TraceState
diff --git a/security/nss/lib/freebl/sha256.h b/security/nss/lib/freebl/sha256.h
new file mode 100644
index 000000000..f59813257
--- /dev/null
+++ b/security/nss/lib/freebl/sha256.h
@@ -0,0 +1,51 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 2002
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#ifndef _SHA_256_H_
+#define _SHA_256_H_
+
+#include "prtypes.h"
+
+struct SHA256ContextStr {
+    union {
+	PRUint32 w[64];	    /* message schedule, input buffer, plus 48 words */
+	PRUint8  b[256];
+    } u;
+    PRUint32 h[8];		/* 8 state variables */
+    PRUint32 sizeHi,sizeLo;	/* 64-bit count of hashed bytes. */
+};
+
+#endif /* _SHA_256_H_ */
diff --git a/security/nss/lib/freebl/sha512.c b/security/nss/lib/freebl/sha512.c
new file mode 100644
index 000000000..b01b643ad
--- /dev/null
+++ b/security/nss/lib/freebl/sha512.c
@@ -0,0 +1,1386 @@
+/*
+ * sha512.c - implementation of SHA256, SHA384 and SHA512
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 2002
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+#include "prcpucfg.h"
+#if defined(_X86_) || defined(SHA_NO_LONG_LONG)
+#define NOUNROLL512 1
+#undef HAVE_LONG_LONG
+#endif
+#include "prtypes.h"	/* for PRUintXX */
+#include "secport.h"	/* for PORT_XXX */
+#include "blapi.h"
+#include "sha256.h"	/* for struct SHA256ContextStr */
+
+/* ============= Common constants and defines ======================= */
+
+#define W ctx->u.w
+#define B ctx->u.b
+#define H ctx->h
+
+#define SHR(x,n) (x >> n)
+#define SHL(x,n) (x << n)
+#define Ch(x,y,z)  ((x & y) ^ (~x & z))
+#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z))
+
+/* Padding used with all flavors of SHA */
+static const PRUint8 pad[240] = { 
+0x80,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+   0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+   /* compiler will fill the rest in with zeros */
+};
+
+/* ============= SHA256 implemenmtation ================================== */
+
+/* SHA-256 constants, K256. */
+static const PRUint32 K256[64] = {
+    0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 
+    0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
+    0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 
+    0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
+    0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 
+    0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
+    0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 
+    0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
+    0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 
+    0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
+    0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 
+    0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
+    0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 
+    0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
+    0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 
+    0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+};
+
+/* SHA-256 initial hash values */
+static const PRUint32 H256[8] = {
+    0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 
+    0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
+};
+
+#if (_MSC_VER >= 1300)
+#include <stdlib.h>
+#pragma intrinsic(_byteswap_ulong)
+#define SHA_HTONL(x) _byteswap_ulong(x)
+#define BYTESWAP4(x)  x = SHA_HTONL(x)
+#elif defined(_MSC_VER) && defined(_X86_)
+#ifndef FORCEINLINE
+#if (_MSC_VER >= 1200)
+#define FORCEINLINE __forceinline
+#else
+#define FORCEINLINE __inline
+#endif
+#endif
+#define FASTCALL __fastcall
+
+static FORCEINLINE PRUint32 FASTCALL 
+swap4b(PRUint32 dwd) 
+{
+    __asm {
+    	mov   eax,dwd
+	bswap eax
+    }
+}
+
+#define SHA_HTONL(x) swap4b(x)
+#define BYTESWAP4(x)  x = SHA_HTONL(x)
+
+#elif defined(LINUX) && defined(_X86_)
+#undef  __OPTIMIZE__
+#define __OPTIMIZE__ 1
+#undef  __pentium__
+#define __pentium__ 1
+#include <byteswap.h>
+#define SHA_HTONL(x) bswap_32(x)
+#define BYTESWAP4(x)  x = SHA_HTONL(x)
+
+#else /* neither windows nor Linux PC */
+#define SWAP4MASK  0x00FF00FF
+#define SHA_HTONL(x) (t1 = (x), t1 = (t1 << 16) | (t1 >> 16), \
+                      ((t1 & SWAP4MASK) << 8) | ((t1 >> 8) & SWAP4MASK))
+#define BYTESWAP4(x)  x = SHA_HTONL(x)
+#endif
+
+#if defined(_MSC_VER) && defined(_X86_)
+#pragma intrinsic (_lrotr, _lrotl) 
+#define ROTR32(x,n) _lrotr(x,n)
+#define ROTL32(x,n) _lrotl(x,n)
+#else
+#define ROTR32(x,n) ((x >> n) | (x << ((8 * sizeof x) - n)))
+#define ROTL32(x,n) ((x << n) | (x >> ((8 * sizeof x) - n)))
+#endif
+
+/* Capitol Sigma and lower case sigma functions */
+#define S0(x) (ROTR32(x, 2) ^ ROTR32(x,13) ^ ROTR32(x,22))
+#define S1(x) (ROTR32(x, 6) ^ ROTR32(x,11) ^ ROTR32(x,25))
+#define s0(x) (t1 = x, ROTR32(t1, 7) ^ ROTR32(t1,18) ^ SHR(t1, 3))
+#define s1(x) (t2 = x, ROTR32(t2,17) ^ ROTR32(t2,19) ^ SHR(t2,10))
+
+SHA256Context *
+SHA256_NewContext(void)
+{
+    SHA256Context *ctx = PORT_New(SHA256Context);
+    return ctx;
+}
+
+void 
+SHA256_DestroyContext(SHA256Context *ctx, PRBool freeit)
+{
+    if (freeit) {
+        PORT_ZFree(ctx, sizeof *ctx);
+    }
+}
+
+void 
+SHA256_Begin(SHA256Context *ctx)
+{
+    memset(ctx, 0, sizeof *ctx);
+    memcpy(H, H256, sizeof H256);
+}
+
+static void
+SHA256_Compress(SHA256Context *ctx)
+{
+  {
+    register PRUint32 t1, t2;
+
+#if defined(IS_LITTLE_ENDIAN)
+    BYTESWAP4(W[0]);
+    BYTESWAP4(W[1]);
+    BYTESWAP4(W[2]);
+    BYTESWAP4(W[3]);
+    BYTESWAP4(W[4]);
+    BYTESWAP4(W[5]);
+    BYTESWAP4(W[6]);
+    BYTESWAP4(W[7]);
+    BYTESWAP4(W[8]);
+    BYTESWAP4(W[9]);
+    BYTESWAP4(W[10]);
+    BYTESWAP4(W[11]);
+    BYTESWAP4(W[12]);
+    BYTESWAP4(W[13]);
+    BYTESWAP4(W[14]);
+    BYTESWAP4(W[15]);
+#endif
+
+#define INITW(t) W[t] = (s1(W[t-2]) + W[t-7] + s0(W[t-15]) + W[t-16])
+
+    /* prepare the "message schedule"   */
+#ifdef NOUNROLL256
+    {
+	int t;
+	for (t = 16; t < 64; ++t) {
+	    INITW(t);
+	}
+    }
+#else
+    INITW(16);
+    INITW(17);
+    INITW(18);
+    INITW(19);
+
+    INITW(20);
+    INITW(21);
+    INITW(22);
+    INITW(23);
+    INITW(24);
+    INITW(25);
+    INITW(26);
+    INITW(27);
+    INITW(28);
+    INITW(29);
+
+    INITW(30);
+    INITW(31);
+    INITW(32);
+    INITW(33);
+    INITW(34);
+    INITW(35);
+    INITW(36);
+    INITW(37);
+    INITW(38);
+    INITW(39);
+
+    INITW(40);
+    INITW(41);
+    INITW(42);
+    INITW(43);
+    INITW(44);
+    INITW(45);
+    INITW(46);
+    INITW(47);
+    INITW(48);
+    INITW(49);
+
+    INITW(50);
+    INITW(51);
+    INITW(52);
+    INITW(53);
+    INITW(54);
+    INITW(55);
+    INITW(56);
+    INITW(57);
+    INITW(58);
+    INITW(59);
+
+    INITW(60);
+    INITW(61);
+    INITW(62);
+    INITW(63);
+
+#endif
+#undef INITW
+  }
+  {
+    PRUint32 a, b, c, d, e, f, g, h;
+
+    a = H[0];
+    b = H[1];
+    c = H[2];
+    d = H[3];
+    e = H[4];
+    f = H[5];
+    g = H[6];
+    h = H[7];
+
+#define ROUND(n,a,b,c,d,e,f,g,h) \
+    h += S1(e) + Ch(e,f,g) + K256[n] + W[n]; \
+    d += h; \
+    h += S0(a) + Maj(a,b,c); 
+
+#ifdef NOUNROLL256
+    {
+	int t;
+	for (t = 0; t < 64; t+= 8) {
+	    ROUND(t+0,a,b,c,d,e,f,g,h)
+	    ROUND(t+1,h,a,b,c,d,e,f,g)
+	    ROUND(t+2,g,h,a,b,c,d,e,f)
+	    ROUND(t+3,f,g,h,a,b,c,d,e)
+	    ROUND(t+4,e,f,g,h,a,b,c,d)
+	    ROUND(t+5,d,e,f,g,h,a,b,c)
+	    ROUND(t+6,c,d,e,f,g,h,a,b)
+	    ROUND(t+7,b,c,d,e,f,g,h,a)
+	}
+    }
+#else
+    ROUND( 0,a,b,c,d,e,f,g,h)
+    ROUND( 1,h,a,b,c,d,e,f,g)
+    ROUND( 2,g,h,a,b,c,d,e,f)
+    ROUND( 3,f,g,h,a,b,c,d,e)
+    ROUND( 4,e,f,g,h,a,b,c,d)
+    ROUND( 5,d,e,f,g,h,a,b,c)
+    ROUND( 6,c,d,e,f,g,h,a,b)
+    ROUND( 7,b,c,d,e,f,g,h,a)
+
+    ROUND( 8,a,b,c,d,e,f,g,h)
+    ROUND( 9,h,a,b,c,d,e,f,g)
+    ROUND(10,g,h,a,b,c,d,e,f)
+    ROUND(11,f,g,h,a,b,c,d,e)
+    ROUND(12,e,f,g,h,a,b,c,d)
+    ROUND(13,d,e,f,g,h,a,b,c)
+    ROUND(14,c,d,e,f,g,h,a,b)
+    ROUND(15,b,c,d,e,f,g,h,a)
+
+    ROUND(16,a,b,c,d,e,f,g,h)
+    ROUND(17,h,a,b,c,d,e,f,g)
+    ROUND(18,g,h,a,b,c,d,e,f)
+    ROUND(19,f,g,h,a,b,c,d,e)
+    ROUND(20,e,f,g,h,a,b,c,d)
+    ROUND(21,d,e,f,g,h,a,b,c)
+    ROUND(22,c,d,e,f,g,h,a,b)
+    ROUND(23,b,c,d,e,f,g,h,a)
+
+    ROUND(24,a,b,c,d,e,f,g,h)
+    ROUND(25,h,a,b,c,d,e,f,g)
+    ROUND(26,g,h,a,b,c,d,e,f)
+    ROUND(27,f,g,h,a,b,c,d,e)
+    ROUND(28,e,f,g,h,a,b,c,d)
+    ROUND(29,d,e,f,g,h,a,b,c)
+    ROUND(30,c,d,e,f,g,h,a,b)
+    ROUND(31,b,c,d,e,f,g,h,a)
+
+    ROUND(32,a,b,c,d,e,f,g,h)
+    ROUND(33,h,a,b,c,d,e,f,g)
+    ROUND(34,g,h,a,b,c,d,e,f)
+    ROUND(35,f,g,h,a,b,c,d,e)
+    ROUND(36,e,f,g,h,a,b,c,d)
+    ROUND(37,d,e,f,g,h,a,b,c)
+    ROUND(38,c,d,e,f,g,h,a,b)
+    ROUND(39,b,c,d,e,f,g,h,a)
+
+    ROUND(40,a,b,c,d,e,f,g,h)
+    ROUND(41,h,a,b,c,d,e,f,g)
+    ROUND(42,g,h,a,b,c,d,e,f)
+    ROUND(43,f,g,h,a,b,c,d,e)
+    ROUND(44,e,f,g,h,a,b,c,d)
+    ROUND(45,d,e,f,g,h,a,b,c)
+    ROUND(46,c,d,e,f,g,h,a,b)
+    ROUND(47,b,c,d,e,f,g,h,a)
+
+    ROUND(48,a,b,c,d,e,f,g,h)
+    ROUND(49,h,a,b,c,d,e,f,g)
+    ROUND(50,g,h,a,b,c,d,e,f)
+    ROUND(51,f,g,h,a,b,c,d,e)
+    ROUND(52,e,f,g,h,a,b,c,d)
+    ROUND(53,d,e,f,g,h,a,b,c)
+    ROUND(54,c,d,e,f,g,h,a,b)
+    ROUND(55,b,c,d,e,f,g,h,a)
+
+    ROUND(56,a,b,c,d,e,f,g,h)
+    ROUND(57,h,a,b,c,d,e,f,g)
+    ROUND(58,g,h,a,b,c,d,e,f)
+    ROUND(59,f,g,h,a,b,c,d,e)
+    ROUND(60,e,f,g,h,a,b,c,d)
+    ROUND(61,d,e,f,g,h,a,b,c)
+    ROUND(62,c,d,e,f,g,h,a,b)
+    ROUND(63,b,c,d,e,f,g,h,a)
+#endif
+
+    H[0] += a;
+    H[1] += b;
+    H[2] += c;
+    H[3] += d;
+    H[4] += e;
+    H[5] += f;
+    H[6] += g;
+    H[7] += h;
+  }
+#undef ROUND
+}
+
+#undef s0
+#undef s1
+#undef S0
+#undef S1
+
+void 
+SHA256_Update(SHA256Context *ctx, const unsigned char *input,
+		    unsigned int inputLen)
+{
+    unsigned int inBuf = ctx->sizeLo & 0x3f;
+    if (!inputLen)
+    	return;
+
+    /* Add inputLen into the count of bytes processed, before processing */
+    if ((ctx->sizeLo += inputLen) < inputLen)
+    	ctx->sizeHi++;
+
+    /* if data already in buffer, attemp to fill rest of buffer */
+    if (inBuf) {
+    	unsigned int todo = SHA256_BLOCK_LENGTH - inBuf;
+	if (inputLen < todo)
+	    todo = inputLen;
+	memcpy(B + inBuf, input, todo);
+	input    += todo;
+	inputLen -= todo;
+	if (inBuf + todo == SHA256_BLOCK_LENGTH)
+	    SHA256_Compress(ctx);
+    }
+
+    /* if enough data to fill one or more whole buffers, process them. */
+    while (inputLen >= SHA256_BLOCK_LENGTH) {
+    	memcpy(B, input, SHA256_BLOCK_LENGTH);
+	input    += SHA256_BLOCK_LENGTH;
+	inputLen -= SHA256_BLOCK_LENGTH;
+	SHA256_Compress(ctx);
+    }
+    /* if data left over, fill it into buffer */
+    if (inputLen) 
+    	memcpy(B, input, inputLen);
+}
+
+void 
+SHA256_End(SHA256Context *ctx, unsigned char *digest,
+           unsigned int *digestLen, unsigned int maxDigestLen)
+{
+    unsigned int inBuf = ctx->sizeLo & 0x3f;
+    unsigned int padLen = (inBuf < 56) ? (56 - inBuf) : (56 + 64 - inBuf);
+    PRUint32 hi, lo;
+#ifdef SWAP4MASK
+    PRUint32 t1;
+#endif
+
+    hi = (ctx->sizeHi << 3) | (ctx->sizeLo >> 29);
+    lo = (ctx->sizeLo << 3);
+
+    SHA256_Update(ctx, pad, padLen);
+
+#if defined(IS_LITTLE_ENDIAN)
+    W[14] = SHA_HTONL(hi);
+    W[15] = SHA_HTONL(lo);
+#else
+    W[14] = hi;
+    W[15] = lo;
+#endif
+    SHA256_Compress(ctx);
+
+    /* now output the answer */
+#if defined(IS_LITTLE_ENDIAN)
+    BYTESWAP4(H[0]);
+    BYTESWAP4(H[1]);
+    BYTESWAP4(H[2]);
+    BYTESWAP4(H[3]);
+    BYTESWAP4(H[4]);
+    BYTESWAP4(H[5]);
+    BYTESWAP4(H[6]);
+    BYTESWAP4(H[7]);
+#endif
+    padLen = PR_MIN(SHA256_LENGTH, maxDigestLen);
+    memcpy(digest, H, padLen);
+    if (digestLen)
+	*digestLen = padLen;
+}
+
+SECStatus 
+SHA256_HashBuf(unsigned char *dest, const unsigned char *src, 
+               uint32 src_length)
+{
+    SHA256Context ctx;
+    unsigned int outLen;
+
+    SHA256_Begin(&ctx);
+    SHA256_Update(&ctx, src, src_length);
+    SHA256_End(&ctx, dest, &outLen, SHA256_LENGTH);
+
+    return SECSuccess;
+}
+
+
+SECStatus 
+SHA256_Hash(unsigned char *dest, const char *src)
+{
+    return SHA256_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
+}
+
+
+void SHA256_TraceState(SHA256Context *ctx) { }
+
+unsigned int 
+SHA256_FlattenSize(SHA256Context *ctx)
+{
+    return sizeof *ctx;
+}
+
+SECStatus 
+SHA256_Flatten(SHA256Context *ctx,unsigned char *space)
+{
+    PORT_Memcpy(space, ctx, sizeof *ctx);
+    return SECSuccess;
+}
+
+SHA256Context * 
+SHA256_Resurrect(unsigned char *space, void *arg)
+{
+    SHA256Context *ctx = SHA256_NewContext();
+    if (ctx) 
+	PORT_Memcpy(ctx, space, sizeof *ctx);
+    return ctx;
+}
+
+void SHA256_Clone(SHA256Context *dest, SHA256Context *src) 
+{
+    memcpy(dest, src, sizeof *dest);
+}
+
+
+/* ======= SHA512 and SHA384 common constants and defines ================= */
+
+/* common #defines for SHA512 and SHA384 */
+#if defined(HAVE_LONG_LONG)
+#define ROTR64(x,n) ((x >> n) | (x << (64 - n)))
+#define ROTL64(x,n) ((x << n) | (x >> (64 - n)))
+
+#define S0(x) (ROTR64(x,28) ^ ROTR64(x,34) ^ ROTR64(x,39))
+#define S1(x) (ROTR64(x,14) ^ ROTR64(x,18) ^ ROTR64(x,41))
+#define s0(x) (t1 = x, ROTR64(t1, 1) ^ ROTR64(t1, 8) ^ SHR(t1,7))
+#define s1(x) (t2 = x, ROTR64(t2,19) ^ ROTR64(t2,61) ^ SHR(t2,6))
+
+#if PR_BYTES_PER_LONG == 8
+#define ULLC(hi,lo) 0x ## hi ## lo ## UL
+#elif defined(_MSC_VER)
+#define ULLC(hi,lo) 0x ## hi ## lo ## ui64
+#else
+#define ULLC(hi,lo) 0x ## hi ## lo ## ULL
+#endif
+
+#define SHA_MASK16 ULLC(0000FFFF,0000FFFF)
+#define SHA_MASK8  ULLC(00FF00FF,00FF00FF)
+#define SHA_HTONLL(x) (t1 = x, \
+  t1 = ((t1 & SHA_MASK8 ) <<  8) | ((t1 >>  8) & SHA_MASK8 ), \
+  t1 = ((t1 & SHA_MASK16) << 16) | ((t1 >> 16) & SHA_MASK16), \
+  (t1 >> 32) | (t1 << 32))
+#define BYTESWAP8(x)  x = SHA_HTONLL(x)
+
+#else /* no long long */
+
+#if defined(IS_LITTLE_ENDIAN)
+#define ULLC(hi,lo) { 0x ## lo ## U, 0x ## hi ## U }
+#else
+#define ULLC(hi,lo) { 0x ## hi ## U, 0x ## lo ## U }
+#endif
+
+#define SHA_HTONLL(x) ( BYTESWAP4(x.lo), BYTESWAP4(x.hi), \
+   x.hi ^= x.lo ^= x.hi ^= x.lo, x)
+#define BYTESWAP8(x)  do { PRUint32 tmp; BYTESWAP4(x.lo); BYTESWAP4(x.hi); \
+   tmp = x.lo; x.lo = x.hi; x.hi = tmp; } while (0)
+#endif
+
+/* SHA-384 and SHA-512 constants, K512. */
+static const PRUint64 K512[80] = {
+#if PR_BYTES_PER_LONG == 8
+     0x428a2f98d728ae22UL ,  0x7137449123ef65cdUL , 
+     0xb5c0fbcfec4d3b2fUL ,  0xe9b5dba58189dbbcUL ,
+     0x3956c25bf348b538UL ,  0x59f111f1b605d019UL , 
+     0x923f82a4af194f9bUL ,  0xab1c5ed5da6d8118UL ,
+     0xd807aa98a3030242UL ,  0x12835b0145706fbeUL , 
+     0x243185be4ee4b28cUL ,  0x550c7dc3d5ffb4e2UL ,
+     0x72be5d74f27b896fUL ,  0x80deb1fe3b1696b1UL , 
+     0x9bdc06a725c71235UL ,  0xc19bf174cf692694UL ,
+     0xe49b69c19ef14ad2UL ,  0xefbe4786384f25e3UL , 
+     0x0fc19dc68b8cd5b5UL ,  0x240ca1cc77ac9c65UL ,
+     0x2de92c6f592b0275UL ,  0x4a7484aa6ea6e483UL , 
+     0x5cb0a9dcbd41fbd4UL ,  0x76f988da831153b5UL ,
+     0x983e5152ee66dfabUL ,  0xa831c66d2db43210UL , 
+     0xb00327c898fb213fUL ,  0xbf597fc7beef0ee4UL ,
+     0xc6e00bf33da88fc2UL ,  0xd5a79147930aa725UL , 
+     0x06ca6351e003826fUL ,  0x142929670a0e6e70UL ,
+     0x27b70a8546d22ffcUL ,  0x2e1b21385c26c926UL , 
+     0x4d2c6dfc5ac42aedUL ,  0x53380d139d95b3dfUL ,
+     0x650a73548baf63deUL ,  0x766a0abb3c77b2a8UL , 
+     0x81c2c92e47edaee6UL ,  0x92722c851482353bUL ,
+     0xa2bfe8a14cf10364UL ,  0xa81a664bbc423001UL , 
+     0xc24b8b70d0f89791UL ,  0xc76c51a30654be30UL ,
+     0xd192e819d6ef5218UL ,  0xd69906245565a910UL , 
+     0xf40e35855771202aUL ,  0x106aa07032bbd1b8UL ,
+     0x19a4c116b8d2d0c8UL ,  0x1e376c085141ab53UL , 
+     0x2748774cdf8eeb99UL ,  0x34b0bcb5e19b48a8UL ,
+     0x391c0cb3c5c95a63UL ,  0x4ed8aa4ae3418acbUL , 
+     0x5b9cca4f7763e373UL ,  0x682e6ff3d6b2b8a3UL ,
+     0x748f82ee5defb2fcUL ,  0x78a5636f43172f60UL , 
+     0x84c87814a1f0ab72UL ,  0x8cc702081a6439ecUL ,
+     0x90befffa23631e28UL ,  0xa4506cebde82bde9UL , 
+     0xbef9a3f7b2c67915UL ,  0xc67178f2e372532bUL ,
+     0xca273eceea26619cUL ,  0xd186b8c721c0c207UL , 
+     0xeada7dd6cde0eb1eUL ,  0xf57d4f7fee6ed178UL ,
+     0x06f067aa72176fbaUL ,  0x0a637dc5a2c898a6UL , 
+     0x113f9804bef90daeUL ,  0x1b710b35131c471bUL ,
+     0x28db77f523047d84UL ,  0x32caab7b40c72493UL , 
+     0x3c9ebe0a15c9bebcUL ,  0x431d67c49c100d4cUL ,
+     0x4cc5d4becb3e42b6UL ,  0x597f299cfc657e2aUL , 
+     0x5fcb6fab3ad6faecUL ,  0x6c44198c4a475817UL 
+#else
+    ULLC(428a2f98,d728ae22), ULLC(71374491,23ef65cd), 
+    ULLC(b5c0fbcf,ec4d3b2f), ULLC(e9b5dba5,8189dbbc),
+    ULLC(3956c25b,f348b538), ULLC(59f111f1,b605d019), 
+    ULLC(923f82a4,af194f9b), ULLC(ab1c5ed5,da6d8118),
+    ULLC(d807aa98,a3030242), ULLC(12835b01,45706fbe), 
+    ULLC(243185be,4ee4b28c), ULLC(550c7dc3,d5ffb4e2),
+    ULLC(72be5d74,f27b896f), ULLC(80deb1fe,3b1696b1), 
+    ULLC(9bdc06a7,25c71235), ULLC(c19bf174,cf692694),
+    ULLC(e49b69c1,9ef14ad2), ULLC(efbe4786,384f25e3), 
+    ULLC(0fc19dc6,8b8cd5b5), ULLC(240ca1cc,77ac9c65),
+    ULLC(2de92c6f,592b0275), ULLC(4a7484aa,6ea6e483), 
+    ULLC(5cb0a9dc,bd41fbd4), ULLC(76f988da,831153b5),
+    ULLC(983e5152,ee66dfab), ULLC(a831c66d,2db43210), 
+    ULLC(b00327c8,98fb213f), ULLC(bf597fc7,beef0ee4),
+    ULLC(c6e00bf3,3da88fc2), ULLC(d5a79147,930aa725), 
+    ULLC(06ca6351,e003826f), ULLC(14292967,0a0e6e70),
+    ULLC(27b70a85,46d22ffc), ULLC(2e1b2138,5c26c926), 
+    ULLC(4d2c6dfc,5ac42aed), ULLC(53380d13,9d95b3df),
+    ULLC(650a7354,8baf63de), ULLC(766a0abb,3c77b2a8), 
+    ULLC(81c2c92e,47edaee6), ULLC(92722c85,1482353b),
+    ULLC(a2bfe8a1,4cf10364), ULLC(a81a664b,bc423001), 
+    ULLC(c24b8b70,d0f89791), ULLC(c76c51a3,0654be30),
+    ULLC(d192e819,d6ef5218), ULLC(d6990624,5565a910), 
+    ULLC(f40e3585,5771202a), ULLC(106aa070,32bbd1b8),
+    ULLC(19a4c116,b8d2d0c8), ULLC(1e376c08,5141ab53), 
+    ULLC(2748774c,df8eeb99), ULLC(34b0bcb5,e19b48a8),
+    ULLC(391c0cb3,c5c95a63), ULLC(4ed8aa4a,e3418acb), 
+    ULLC(5b9cca4f,7763e373), ULLC(682e6ff3,d6b2b8a3),
+    ULLC(748f82ee,5defb2fc), ULLC(78a5636f,43172f60), 
+    ULLC(84c87814,a1f0ab72), ULLC(8cc70208,1a6439ec),
+    ULLC(90befffa,23631e28), ULLC(a4506ceb,de82bde9), 
+    ULLC(bef9a3f7,b2c67915), ULLC(c67178f2,e372532b),
+    ULLC(ca273ece,ea26619c), ULLC(d186b8c7,21c0c207), 
+    ULLC(eada7dd6,cde0eb1e), ULLC(f57d4f7f,ee6ed178),
+    ULLC(06f067aa,72176fba), ULLC(0a637dc5,a2c898a6), 
+    ULLC(113f9804,bef90dae), ULLC(1b710b35,131c471b),
+    ULLC(28db77f5,23047d84), ULLC(32caab7b,40c72493), 
+    ULLC(3c9ebe0a,15c9bebc), ULLC(431d67c4,9c100d4c),
+    ULLC(4cc5d4be,cb3e42b6), ULLC(597f299c,fc657e2a), 
+    ULLC(5fcb6fab,3ad6faec), ULLC(6c44198c,4a475817)
+#endif
+};
+
+struct SHA512ContextStr {
+    union {
+	PRUint64 w[80];	    /* message schedule, input buffer, plus 64 words */
+	PRUint32 l[160];
+	PRUint8  b[640];
+    } u;
+    PRUint64 h[8];	    /* 8 state variables */
+    PRUint64 sizeLo;	    /* 64-bit count of hashed bytes. */
+};
+
+/* =========== SHA512 implementation ===================================== */
+
+/* SHA-512 initial hash values */
+static const PRUint64 H512[8] = {
+#if PR_BYTES_PER_LONG == 8
+     0x6a09e667f3bcc908UL ,  0xbb67ae8584caa73bUL , 
+     0x3c6ef372fe94f82bUL ,  0xa54ff53a5f1d36f1UL , 
+     0x510e527fade682d1UL ,  0x9b05688c2b3e6c1fUL , 
+     0x1f83d9abfb41bd6bUL ,  0x5be0cd19137e2179UL 
+#else
+    ULLC(6a09e667,f3bcc908), ULLC(bb67ae85,84caa73b), 
+    ULLC(3c6ef372,fe94f82b), ULLC(a54ff53a,5f1d36f1), 
+    ULLC(510e527f,ade682d1), ULLC(9b05688c,2b3e6c1f), 
+    ULLC(1f83d9ab,fb41bd6b), ULLC(5be0cd19,137e2179)
+#endif
+};
+
+
+SHA512Context *
+SHA512_NewContext(void)
+{
+    SHA512Context *ctx = PORT_New(SHA512Context);
+    return ctx;
+}
+
+void 
+SHA512_DestroyContext(SHA512Context *ctx, PRBool freeit)
+{
+    if (freeit) {
+        PORT_ZFree(ctx, sizeof *ctx);
+    }
+}
+
+void 
+SHA512_Begin(SHA512Context *ctx)
+{
+    memset(ctx, 0, sizeof *ctx);
+    memcpy(H, H512, sizeof H512);
+}
+
+#if defined(SHA512_TRACE)
+#if defined(HAVE_LONG_LONG)
+#define DUMP(n,a,d,e,h) printf(" t = %2d, %s = %016lx, %s = %016lx\n", \
+			       n, #e, d, #a, h);
+#else
+#define DUMP(n,a,d,e,h) printf(" t = %2d, %s = %08x%08x, %s = %08x%08x\n", \
+			       n, #e, d.hi, d.lo, #a, h.hi, h.lo);
+#endif
+#else
+#define DUMP(n,a,d,e,h)
+#endif
+
+#if defined(HAVE_LONG_LONG)
+
+#define ADDTO(x,y) y += x
+
+#define INITW(t) W[t] = (s1(W[t-2]) + W[t-7] + s0(W[t-15]) + W[t-16])
+
+#define ROUND(n,a,b,c,d,e,f,g,h) \
+    h += S1(e) + Ch(e,f,g) + K512[n] + W[n]; \
+    d += h; \
+    h += S0(a) + Maj(a,b,c); \
+    DUMP(n,a,d,e,h)
+
+#else /* use only 32-bit variables, and don't unroll loops */
+
+#undef  NOUNROLL512
+#define NOUNROLL512 1
+
+#define ADDTO(x,y) y.lo += x.lo; y.hi += x.hi + (x.lo > y.lo)
+
+#define ROTR64a(x,n,lo,hi) (x.lo >> n | x.hi << (32-n))
+#define ROTR64A(x,n,lo,hi) (x.lo << (64-n) | x.hi >> (n-32))
+#define  SHR64a(x,n,lo,hi) (x.lo >> n | x.hi << (32-n))
+
+/* Capitol Sigma and lower case sigma functions */
+#define s0lo(x) (ROTR64a(x,1,lo,hi) ^ ROTR64a(x,8,lo,hi) ^ SHR64a(x,7,lo,hi))
+#define s0hi(x) (ROTR64a(x,1,hi,lo) ^ ROTR64a(x,8,hi,lo) ^ (x.hi >> 7))
+
+#define s1lo(x) (ROTR64a(x,19,lo,hi) ^ ROTR64A(x,61,lo,hi) ^ SHR64a(x,6,lo,hi))
+#define s1hi(x) (ROTR64a(x,19,hi,lo) ^ ROTR64A(x,61,hi,lo) ^ (x.hi >> 6))
+
+#define S0lo(x)(ROTR64a(x,28,lo,hi) ^ ROTR64A(x,34,lo,hi) ^ ROTR64A(x,39,lo,hi))
+#define S0hi(x)(ROTR64a(x,28,hi,lo) ^ ROTR64A(x,34,hi,lo) ^ ROTR64A(x,39,hi,lo))
+
+#define S1lo(x)(ROTR64a(x,14,lo,hi) ^ ROTR64a(x,18,lo,hi) ^ ROTR64A(x,41,lo,hi))
+#define S1hi(x)(ROTR64a(x,14,hi,lo) ^ ROTR64a(x,18,hi,lo) ^ ROTR64A(x,41,hi,lo))
+
+/* 32-bit versions of Ch and Maj */
+#define Chxx(x,y,z,lo) ((x.lo & y.lo) ^ (~x.lo & z.lo))
+#define Majx(x,y,z,lo) ((x.lo & y.lo) ^ (x.lo & z.lo) ^ (y.lo & z.lo))
+
+#define INITW(t) \
+    do { \
+	PRUint32 lo, tm; \
+	PRUint32 cy = 0; \
+	lo = s1lo(W[t-2]); \
+	lo += (tm = W[t-7].lo);     if (lo < tm) cy++; \
+	lo += (tm = s0lo(W[t-15])); if (lo < tm) cy++; \
+	lo += (tm = W[t-16].lo);    if (lo < tm) cy++; \
+	W[t].lo = lo; \
+	W[t].hi = cy + s1hi(W[t-2]) + W[t-7].hi + s0hi(W[t-15]) + W[t-16].hi; \
+    } while (0)
+
+#define ROUND(n,a,b,c,d,e,f,g,h) \
+    { \
+	PRUint32 lo, tm, cy; \
+	lo  = S1lo(e); \
+	lo += (tm = Chxx(e,f,g,lo));    cy = (lo < tm); \
+	lo += (tm = K512[n].lo);	if (lo < tm) cy++; \
+	lo += (tm =    W[n].lo);	if (lo < tm) cy++; \
+	h.lo += lo;			if (h.lo < lo) cy++; \
+	h.hi += cy + S1hi(e) + Chxx(e,f,g,hi) + K512[n].hi + W[n].hi; \
+	d.lo += h.lo; \
+	d.hi += h.hi + (d.lo < h.lo); \
+	lo  = S0lo(a);  \
+	lo += (tm = Majx(a,b,c,lo));	cy = (lo < tm); \
+	h.lo += lo;			if (h.lo < lo) cy++; \
+	h.hi += cy + S0hi(a) + Majx(a,b,c,hi); \
+	DUMP(n,a,d,e,h) \
+    }
+#endif
+
+static void
+SHA512_Compress(SHA512Context *ctx)
+{
+#if defined(IS_LITTLE_ENDIAN)
+  {
+#if defined(HAVE_LONG_LONG)
+    PRUint64 t1;
+#else
+    PRUint32 t1;
+#endif
+    BYTESWAP8(W[0]);
+    BYTESWAP8(W[1]);
+    BYTESWAP8(W[2]);
+    BYTESWAP8(W[3]);
+    BYTESWAP8(W[4]);
+    BYTESWAP8(W[5]);
+    BYTESWAP8(W[6]);
+    BYTESWAP8(W[7]);
+    BYTESWAP8(W[8]);
+    BYTESWAP8(W[9]);
+    BYTESWAP8(W[10]);
+    BYTESWAP8(W[11]);
+    BYTESWAP8(W[12]);
+    BYTESWAP8(W[13]);
+    BYTESWAP8(W[14]);
+    BYTESWAP8(W[15]);
+  }
+#endif
+
+  {
+    PRUint64 t1, t2;
+#ifdef NOUNROLL512
+    {
+	/* prepare the "message schedule"   */
+	int t;
+	for (t = 16; t < 80; ++t) {
+	    INITW(t);
+	}
+    }
+#else
+    INITW(16);
+    INITW(17);
+    INITW(18);
+    INITW(19);
+
+    INITW(20);
+    INITW(21);
+    INITW(22);
+    INITW(23);
+    INITW(24);
+    INITW(25);
+    INITW(26);
+    INITW(27);
+    INITW(28);
+    INITW(29);
+
+    INITW(30);
+    INITW(31);
+    INITW(32);
+    INITW(33);
+    INITW(34);
+    INITW(35);
+    INITW(36);
+    INITW(37);
+    INITW(38);
+    INITW(39);
+
+    INITW(40);
+    INITW(41);
+    INITW(42);
+    INITW(43);
+    INITW(44);
+    INITW(45);
+    INITW(46);
+    INITW(47);
+    INITW(48);
+    INITW(49);
+
+    INITW(50);
+    INITW(51);
+    INITW(52);
+    INITW(53);
+    INITW(54);
+    INITW(55);
+    INITW(56);
+    INITW(57);
+    INITW(58);
+    INITW(59);
+
+    INITW(60);
+    INITW(61);
+    INITW(62);
+    INITW(63);
+    INITW(64);
+    INITW(65);
+    INITW(66);
+    INITW(67);
+    INITW(68);
+    INITW(69);
+
+    INITW(70);
+    INITW(71);
+    INITW(72);
+    INITW(73);
+    INITW(74);
+    INITW(75);
+    INITW(76);
+    INITW(77);
+    INITW(78);
+    INITW(79);
+#endif
+  }
+#ifdef SHA512_TRACE
+  {
+    int i;
+    for (i = 0; i < 80; ++i) {
+#ifdef HAVE_LONG_LONG
+	printf("W[%2d] = %016lx\n", i, W[i]);
+#else
+	printf("W[%2d] = %08x%08x\n", i, W[i].hi, W[i].lo);
+#endif
+    }
+  }
+#endif
+  {
+    PRUint64 a, b, c, d, e, f, g, h;
+
+    a = H[0];
+    b = H[1];
+    c = H[2];
+    d = H[3];
+    e = H[4];
+    f = H[5];
+    g = H[6];
+    h = H[7];
+
+#ifdef NOUNROLL512
+    {
+	int t;
+	for (t = 0; t < 80; t+= 8) {
+	    ROUND(t+0,a,b,c,d,e,f,g,h)
+	    ROUND(t+1,h,a,b,c,d,e,f,g)
+	    ROUND(t+2,g,h,a,b,c,d,e,f)
+	    ROUND(t+3,f,g,h,a,b,c,d,e)
+	    ROUND(t+4,e,f,g,h,a,b,c,d)
+	    ROUND(t+5,d,e,f,g,h,a,b,c)
+	    ROUND(t+6,c,d,e,f,g,h,a,b)
+	    ROUND(t+7,b,c,d,e,f,g,h,a)
+	}
+    }
+#else
+    ROUND( 0,a,b,c,d,e,f,g,h)
+    ROUND( 1,h,a,b,c,d,e,f,g)
+    ROUND( 2,g,h,a,b,c,d,e,f)
+    ROUND( 3,f,g,h,a,b,c,d,e)
+    ROUND( 4,e,f,g,h,a,b,c,d)
+    ROUND( 5,d,e,f,g,h,a,b,c)
+    ROUND( 6,c,d,e,f,g,h,a,b)
+    ROUND( 7,b,c,d,e,f,g,h,a)
+
+    ROUND( 8,a,b,c,d,e,f,g,h)
+    ROUND( 9,h,a,b,c,d,e,f,g)
+    ROUND(10,g,h,a,b,c,d,e,f)
+    ROUND(11,f,g,h,a,b,c,d,e)
+    ROUND(12,e,f,g,h,a,b,c,d)
+    ROUND(13,d,e,f,g,h,a,b,c)
+    ROUND(14,c,d,e,f,g,h,a,b)
+    ROUND(15,b,c,d,e,f,g,h,a)
+
+    ROUND(16,a,b,c,d,e,f,g,h)
+    ROUND(17,h,a,b,c,d,e,f,g)
+    ROUND(18,g,h,a,b,c,d,e,f)
+    ROUND(19,f,g,h,a,b,c,d,e)
+    ROUND(20,e,f,g,h,a,b,c,d)
+    ROUND(21,d,e,f,g,h,a,b,c)
+    ROUND(22,c,d,e,f,g,h,a,b)
+    ROUND(23,b,c,d,e,f,g,h,a)
+
+    ROUND(24,a,b,c,d,e,f,g,h)
+    ROUND(25,h,a,b,c,d,e,f,g)
+    ROUND(26,g,h,a,b,c,d,e,f)
+    ROUND(27,f,g,h,a,b,c,d,e)
+    ROUND(28,e,f,g,h,a,b,c,d)
+    ROUND(29,d,e,f,g,h,a,b,c)
+    ROUND(30,c,d,e,f,g,h,a,b)
+    ROUND(31,b,c,d,e,f,g,h,a)
+
+    ROUND(32,a,b,c,d,e,f,g,h)
+    ROUND(33,h,a,b,c,d,e,f,g)
+    ROUND(34,g,h,a,b,c,d,e,f)
+    ROUND(35,f,g,h,a,b,c,d,e)
+    ROUND(36,e,f,g,h,a,b,c,d)
+    ROUND(37,d,e,f,g,h,a,b,c)
+    ROUND(38,c,d,e,f,g,h,a,b)
+    ROUND(39,b,c,d,e,f,g,h,a)
+
+    ROUND(40,a,b,c,d,e,f,g,h)
+    ROUND(41,h,a,b,c,d,e,f,g)
+    ROUND(42,g,h,a,b,c,d,e,f)
+    ROUND(43,f,g,h,a,b,c,d,e)
+    ROUND(44,e,f,g,h,a,b,c,d)
+    ROUND(45,d,e,f,g,h,a,b,c)
+    ROUND(46,c,d,e,f,g,h,a,b)
+    ROUND(47,b,c,d,e,f,g,h,a)
+
+    ROUND(48,a,b,c,d,e,f,g,h)
+    ROUND(49,h,a,b,c,d,e,f,g)
+    ROUND(50,g,h,a,b,c,d,e,f)
+    ROUND(51,f,g,h,a,b,c,d,e)
+    ROUND(52,e,f,g,h,a,b,c,d)
+    ROUND(53,d,e,f,g,h,a,b,c)
+    ROUND(54,c,d,e,f,g,h,a,b)
+    ROUND(55,b,c,d,e,f,g,h,a)
+
+    ROUND(56,a,b,c,d,e,f,g,h)
+    ROUND(57,h,a,b,c,d,e,f,g)
+    ROUND(58,g,h,a,b,c,d,e,f)
+    ROUND(59,f,g,h,a,b,c,d,e)
+    ROUND(60,e,f,g,h,a,b,c,d)
+    ROUND(61,d,e,f,g,h,a,b,c)
+    ROUND(62,c,d,e,f,g,h,a,b)
+    ROUND(63,b,c,d,e,f,g,h,a)
+
+    ROUND(64,a,b,c,d,e,f,g,h)
+    ROUND(65,h,a,b,c,d,e,f,g)
+    ROUND(66,g,h,a,b,c,d,e,f)
+    ROUND(67,f,g,h,a,b,c,d,e)
+    ROUND(68,e,f,g,h,a,b,c,d)
+    ROUND(69,d,e,f,g,h,a,b,c)
+    ROUND(70,c,d,e,f,g,h,a,b)
+    ROUND(71,b,c,d,e,f,g,h,a)
+
+    ROUND(72,a,b,c,d,e,f,g,h)
+    ROUND(73,h,a,b,c,d,e,f,g)
+    ROUND(74,g,h,a,b,c,d,e,f)
+    ROUND(75,f,g,h,a,b,c,d,e)
+    ROUND(76,e,f,g,h,a,b,c,d)
+    ROUND(77,d,e,f,g,h,a,b,c)
+    ROUND(78,c,d,e,f,g,h,a,b)
+    ROUND(79,b,c,d,e,f,g,h,a)
+#endif
+
+    ADDTO(a,H[0]);
+    ADDTO(b,H[1]);
+    ADDTO(c,H[2]);
+    ADDTO(d,H[3]);
+    ADDTO(e,H[4]);
+    ADDTO(f,H[5]);
+    ADDTO(g,H[6]);
+    ADDTO(h,H[7]);
+  }
+}
+
+void 
+SHA512_Update(SHA512Context *ctx, const unsigned char *input,
+              unsigned int inputLen)
+{
+    unsigned int inBuf;
+    if (!inputLen)
+    	return;
+
+#if defined(HAVE_LONG_LONG)
+    inBuf = (unsigned int)ctx->sizeLo & 0x7f;
+    /* Add inputLen into the count of bytes processed, before processing */
+    ctx->sizeLo += inputLen;
+#else
+    inBuf = (unsigned int)ctx->sizeLo.lo & 0x7f;
+    ctx->sizeLo.lo += inputLen;
+    if (ctx->sizeLo.lo < inputLen) ctx->sizeLo.hi++;
+#endif
+
+    /* if data already in buffer, attemp to fill rest of buffer */
+    if (inBuf) {
+    	unsigned int todo = SHA512_BLOCK_LENGTH - inBuf;
+	if (inputLen < todo)
+	    todo = inputLen;
+	memcpy(B + inBuf, input, todo);
+	input    += todo;
+	inputLen -= todo;
+	if (inBuf + todo == SHA512_BLOCK_LENGTH)
+	    SHA512_Compress(ctx);
+    }
+
+    /* if enough data to fill one or more whole buffers, process them. */
+    while (inputLen >= SHA512_BLOCK_LENGTH) {
+    	memcpy(B, input, SHA512_BLOCK_LENGTH);
+	input    += SHA512_BLOCK_LENGTH;
+	inputLen -= SHA512_BLOCK_LENGTH;
+	SHA512_Compress(ctx);
+    }
+    /* if data left over, fill it into buffer */
+    if (inputLen) 
+    	memcpy(B, input, inputLen);
+}
+
+void 
+SHA512_End(SHA512Context *ctx, unsigned char *digest,
+           unsigned int *digestLen, unsigned int maxDigestLen)
+{
+#if defined(HAVE_LONG_LONG)
+    unsigned int inBuf  = (unsigned int)ctx->sizeLo & 0x7f;
+    unsigned int padLen = (inBuf < 112) ? (112 - inBuf) : (112 + 128 - inBuf);
+    PRUint64 lo, t1;
+    lo = (ctx->sizeLo << 3);
+#else
+    unsigned int inBuf  = (unsigned int)ctx->sizeLo.lo & 0x7f;
+    unsigned int padLen = (inBuf < 112) ? (112 - inBuf) : (112 + 128 - inBuf);
+    PRUint64 lo = ctx->sizeLo;
+    PRUint32 t1;
+    lo.lo <<= 3;
+#endif
+
+    SHA512_Update(ctx, pad, padLen);
+
+#if defined(HAVE_LONG_LONG)
+    W[14] = 0;
+#else
+    W[14].lo = 0;
+    W[14].hi = 0;
+#endif
+
+    W[15] = lo;
+#if defined(IS_LITTLE_ENDIAN)
+    BYTESWAP8(W[15]);
+#endif
+    SHA512_Compress(ctx);
+
+    /* now output the answer */
+#if defined(IS_LITTLE_ENDIAN)
+    BYTESWAP8(H[0]);
+    BYTESWAP8(H[1]);
+    BYTESWAP8(H[2]);
+    BYTESWAP8(H[3]);
+    BYTESWAP8(H[4]);
+    BYTESWAP8(H[5]);
+    BYTESWAP8(H[6]);
+    BYTESWAP8(H[7]);
+#endif
+    padLen = PR_MIN(SHA512_LENGTH, maxDigestLen);
+    memcpy(digest, H, padLen);
+    if (digestLen)
+	*digestLen = padLen;
+}
+
+SECStatus 
+SHA512_HashBuf(unsigned char *dest, const unsigned char *src, 
+               uint32 src_length)
+{
+    SHA512Context ctx;
+    unsigned int outLen;
+
+    SHA512_Begin(&ctx);
+    SHA512_Update(&ctx, src, src_length);
+    SHA512_End(&ctx, dest, &outLen, SHA512_LENGTH);
+
+    return SECSuccess;
+}
+
+
+SECStatus 
+SHA512_Hash(unsigned char *dest, const char *src)
+{
+    return SHA512_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
+}
+
+
+void SHA512_TraceState(SHA512Context *ctx) { }
+
+unsigned int 
+SHA512_FlattenSize(SHA512Context *ctx)
+{
+    return sizeof *ctx;
+}
+
+SECStatus 
+SHA512_Flatten(SHA512Context *ctx,unsigned char *space)
+{
+    PORT_Memcpy(space, ctx, sizeof *ctx);
+    return SECSuccess;
+}
+
+SHA512Context * 
+SHA512_Resurrect(unsigned char *space, void *arg)
+{
+    SHA512Context *ctx = SHA512_NewContext();
+    if (ctx) 
+	PORT_Memcpy(ctx, space, sizeof *ctx);
+    return ctx;
+}
+
+void SHA512_Clone(SHA512Context *dest, SHA512Context *src) 
+{
+    memcpy(dest, src, sizeof *dest);
+}
+
+/* ======================================================================= */
+/* SHA384 uses a SHA512Context as the real context. 
+** The only differences between SHA384 an SHA512 are:
+** a) the intialization values for the context, and
+** b) the number of bytes of data produced as output.
+*/
+
+/* SHA-384 initial hash values */
+static const PRUint64 H384[8] = {
+#if PR_BYTES_PER_LONG == 8
+     0xcbbb9d5dc1059ed8UL ,  0x629a292a367cd507UL , 
+     0x9159015a3070dd17UL ,  0x152fecd8f70e5939UL , 
+     0x67332667ffc00b31UL ,  0x8eb44a8768581511UL , 
+     0xdb0c2e0d64f98fa7UL ,  0x47b5481dbefa4fa4UL 
+#else
+    ULLC(cbbb9d5d,c1059ed8), ULLC(629a292a,367cd507), 
+    ULLC(9159015a,3070dd17), ULLC(152fecd8,f70e5939), 
+    ULLC(67332667,ffc00b31), ULLC(8eb44a87,68581511), 
+    ULLC(db0c2e0d,64f98fa7), ULLC(47b5481d,befa4fa4)
+#endif
+};
+
+SHA384Context *
+SHA384_NewContext(void)
+{
+    return SHA512_NewContext();
+}
+
+void 
+SHA384_DestroyContext(SHA384Context *ctx, PRBool freeit)
+{
+    SHA512_DestroyContext(ctx, freeit);
+}
+
+void 
+SHA384_Begin(SHA384Context *ctx)
+{
+    memset(ctx, 0, sizeof *ctx);
+    memcpy(H, H384, sizeof H384);
+}
+
+void 
+SHA384_Update(SHA384Context *ctx, const unsigned char *input,
+		    unsigned int inputLen)
+{
+    SHA512_Update(ctx, input, inputLen);
+}
+
+void 
+SHA384_End(SHA384Context *ctx, unsigned char *digest,
+		 unsigned int *digestLen, unsigned int maxDigestLen)
+{
+#define SHA_MIN(a,b) (a < b ? a : b)
+    unsigned int maxLen = SHA_MIN(maxDigestLen, SHA384_LENGTH);
+    SHA512_End(ctx, digest, digestLen, maxLen);
+}
+
+SECStatus 
+SHA384_HashBuf(unsigned char *dest, const unsigned char *src,
+			  uint32 src_length)
+{
+    SHA512Context ctx;
+    unsigned int outLen;
+
+    SHA384_Begin(&ctx);
+    SHA512_Update(&ctx, src, src_length);
+    SHA512_End(&ctx, dest, &outLen, SHA384_LENGTH);
+
+    return SECSuccess;
+}
+
+SECStatus 
+SHA384_Hash(unsigned char *dest, const char *src)
+{
+    return SHA384_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
+}
+
+void SHA384_TraceState(SHA384Context *ctx) { }
+
+unsigned int 
+SHA384_FlattenSize(SHA384Context *ctx)
+{
+    return sizeof(SHA384Context);
+}
+
+SECStatus 
+SHA384_Flatten(SHA384Context *ctx,unsigned char *space)
+{
+    return SHA512_Flatten(ctx, space);
+}
+
+SHA384Context * 
+SHA384_Resurrect(unsigned char *space, void *arg)
+{
+    return SHA512_Resurrect(space, arg);
+}
+
+void SHA384_Clone(SHA384Context *dest, SHA384Context *src) 
+{
+    memcpy(dest, src, sizeof *dest);
+}
+
+/* ======================================================================= */
+#ifdef SELFTEST
+#include <stdio.h>
+
+static const char abc[] = { "abc" };
+static const char abcdbc[] = { 
+    "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+};
+static const char abcdef[] = { 
+    "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
+    "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" 
+};
+
+void
+dumpHash32(const unsigned char *buf, unsigned int bufLen)
+{
+    unsigned int i;
+    for (i = 0; i < bufLen; i += 4) {
+	printf(" %02x%02x%02x%02x", buf[i], buf[i+1], buf[i+2], buf[i+3]);
+    }
+    printf("\n");
+}
+
+void test256(void)
+{
+    unsigned char outBuf[SHA256_LENGTH];
+
+    printf("SHA256, input = %s\n", abc);
+    SHA256_Hash(outBuf, abc);
+    dumpHash32(outBuf, sizeof outBuf);
+
+    printf("SHA256, input = %s\n", abcdbc);
+    SHA256_Hash(outBuf, abcdbc);
+    dumpHash32(outBuf, sizeof outBuf);
+}
+
+void
+dumpHash64(const unsigned char *buf, unsigned int bufLen)
+{
+    unsigned int i;
+    for (i = 0; i < bufLen; i += 8) {
+    	if (i % 32 == 0)
+	    printf("\n");
+	printf(" %02x%02x%02x%02x%02x%02x%02x%02x", 
+	       buf[i  ], buf[i+1], buf[i+2], buf[i+3],
+	       buf[i+4], buf[i+5], buf[i+6], buf[i+7]);
+    }
+    printf("\n");
+}
+
+void test512(void)
+{
+    unsigned char outBuf[SHA512_LENGTH];
+
+    printf("SHA512, input = %s\n", abc);
+    SHA512_Hash(outBuf, abc);
+    dumpHash64(outBuf, sizeof outBuf);
+
+    printf("SHA512, input = %s\n", abcdef);
+    SHA512_Hash(outBuf, abcdef);
+    dumpHash64(outBuf, sizeof outBuf);
+}
+
+void time512(void)
+{
+    unsigned char outBuf[SHA512_LENGTH];
+
+    SHA512_Hash(outBuf, abc);
+    SHA512_Hash(outBuf, abcdef);
+}
+
+void test384(void)
+{
+    unsigned char outBuf[SHA384_LENGTH];
+
+    printf("SHA384, input = %s\n", abc);
+    SHA384_Hash(outBuf, abc);
+    dumpHash64(outBuf, sizeof outBuf);
+
+    printf("SHA384, input = %s\n", abcdef);
+    SHA384_Hash(outBuf, abcdef);
+    dumpHash64(outBuf, sizeof outBuf);
+}
+
+int main (int argc, char *argv[], char *envp[])
+{
+    int i = 1;
+    if (argc > 1) {
+    	i = atoi(argv[1]);
+    }
+    if (i < 2) {
+	test256();
+	test512();
+	test384();
+    } else {
+    	while (i-- > 0) {
+	    time512();
+	}
+	printf("done\n");
+    }
+    return 0;
+}
+
+void *PORT_Alloc(size_t len) 		{ return malloc(len); }
+void PORT_Free(void *ptr)		{ free(ptr); }
+void PORT_ZFree(void *ptr, size_t len)  { memset(ptr, 0, len); free(ptr); }
+#endif
diff --git a/security/nss/lib/freebl/sha_fast.c b/security/nss/lib/freebl/sha_fast.c
new file mode 100644
index 000000000..b59e3ce39
--- /dev/null
+++ b/security/nss/lib/freebl/sha_fast.c
@@ -0,0 +1,472 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is SHA 180-1 Reference Implementation (Optimized).
+ *
+ * The Initial Developer of the Original Code is
+ * Paul Kocher of Cryptography Research.
+ * Portions created by the Initial Developer are Copyright (C) 1995-9
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+#include <memory.h>
+#include "blapi.h"
+#include "sha_fast.h"
+#include "prerror.h"
+
+#ifdef TRACING_SSL
+#include "ssl.h"
+#include "ssltrace.h"
+#endif
+
+static void shaCompress(volatile SHA_HW_t *X, const PRUint32 * datain);
+
+#define W u.w
+#define B u.b
+
+
+#define SHA_F1(X,Y,Z) ((((Y)^(Z))&(X))^(Z))
+#define SHA_F2(X,Y,Z) ((X)^(Y)^(Z))
+#define SHA_F3(X,Y,Z) (((X)&(Y))|((Z)&((X)|(Y))))
+#define SHA_F4(X,Y,Z) ((X)^(Y)^(Z))
+
+#define SHA_MIX(n,a,b,c)    XW(n) = SHA_ROTL(XW(a)^XW(b)^XW(c)^XW(n), 1)
+
+/*
+ *  SHA: initialize context
+ */
+void 
+SHA1_Begin(SHA1Context *ctx)
+{
+  ctx->size = 0;
+  /*
+   *  Initialize H with constants from FIPS180-1.
+   */
+  ctx->H[0] = 0x67452301L;
+  ctx->H[1] = 0xefcdab89L;
+  ctx->H[2] = 0x98badcfeL;
+  ctx->H[3] = 0x10325476L;
+  ctx->H[4] = 0xc3d2e1f0L;
+}
+
+/* Explanation of H array and index values:
+ * The context's H array is actually the concatenation of two arrays 
+ * defined by SHA1, the H array of state variables (5 elements),
+ * and the W array of intermediate values, of which there are 16 elements.
+ * The W array starts at H[5], that is W[0] is H[5].
+ * Although these values are defined as 32-bit values, we use 64-bit
+ * variables to hold them because the AMD64 stores 64 bit values in
+ * memory MUCH faster than it stores any smaller values.
+ *
+ * Rather than passing the context structure to shaCompress, we pass
+ * this combined array of H and W values.  We do not pass the address
+ * of the first element of this array, but rather pass the address of an
+ * element in the middle of the array, element X.  Presently X[0] is H[11].
+ * So we pass the address of H[11] as the address of array X to shaCompress.
+ * Then shaCompress accesses the members of the array using positive AND 
+ * negative indexes.  
+ *
+ * Pictorially: (each element is 8 bytes)
+ * H | H0 H1 H2 H3 H4 W0 W1 W2 W3 W4 W5 W6 W7 W8 W9 Wa Wb Wc Wd We Wf |
+ * X |-11-10 -9 -8 -7 -6 -5 -4 -3 -2 -1 X0 X1 X2 X3 X4 X5 X6 X7 X8 X9 |
+ * 
+ * The byte offset from X[0] to any member of H and W is always 
+ * representable in a signed 8-bit value, which will be encoded 
+ * as a single byte offset in the X86-64 instruction set.  
+ * If we didn't pass the address of H[11], and instead passed the 
+ * address of H[0], the offsets to elements H[16] and above would be
+ * greater than 127, not representable in a signed 8-bit value, and the 
+ * x86-64 instruction set would encode every such offset as a 32-bit 
+ * signed number in each instruction that accessed element H[16] or 
+ * higher.  This results in much bigger and slower code. 
+ */
+#if !defined(SHA_PUT_W_IN_STACK)
+#define H2X 11 /* X[0] is H[11], and H[0] is X[-11] */
+#define W2X  6 /* X[0] is W[6],  and W[0] is X[-6]  */
+#else
+#define H2X 0
+#endif
+
+/*
+ *  SHA: Add data to context.
+ */
+void 
+SHA1_Update(SHA1Context *ctx, const unsigned char *dataIn, unsigned int len) 
+{
+  register unsigned int lenB;
+  register unsigned int togo;
+
+  if (!len)
+    return;
+
+  /* accumulate the byte count. */
+  lenB = (unsigned int)(ctx->size) & 63U;
+
+  ctx->size += len;
+
+  /*
+   *  Read the data into W and process blocks as they get full
+   */
+  if (lenB > 0) {
+    togo = 64U - lenB;
+    if (len < togo)
+      togo = len;
+    memcpy(ctx->B + lenB, dataIn, togo);
+    len    -= togo;
+    dataIn += togo;
+    lenB    = (lenB + togo) & 63U;
+    if (!lenB) {
+      shaCompress(&ctx->H[H2X], ctx->W);
+    }
+  }
+#if !defined(SHA_ALLOW_UNALIGNED_ACCESS)
+  if ((ptrdiff_t)dataIn % sizeof(PRUint32)) {
+    while (len >= 64U) {
+      memcpy(ctx->B, dataIn, 64);
+      len    -= 64U;
+      shaCompress(&ctx->H[H2X], ctx->W);
+      dataIn += 64U;
+    }
+  } else 
+#endif
+  {
+    while (len >= 64U) {
+      len    -= 64U;
+      shaCompress(&ctx->H[H2X], (PRUint32 *)dataIn);
+      dataIn += 64U;
+    }
+  }
+  if (len) {
+    memcpy(ctx->B, dataIn, len);
+  }
+}
+
+
+/*
+ *  SHA: Generate hash value from context
+ */
+void 
+SHA1_End(SHA1Context *ctx, unsigned char *hashout,
+         unsigned int *pDigestLen, unsigned int maxDigestLen)
+{
+  register PRUint64 size;
+  register PRUint32 lenB;
+
+  static const unsigned char bulk_pad[64] = { 0x80,0,0,0,0,0,0,0,0,0,
+          0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+          0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0  };
+#define tmp lenB
+
+  PORT_Assert (maxDigestLen >= SHA1_LENGTH);
+
+  /*
+   *  Pad with a binary 1 (e.g. 0x80), then zeroes, then length in bits
+   */
+  size = ctx->size;
+
+  lenB = (PRUint32)size & 63;
+  SHA1_Update(ctx, bulk_pad, (((55+64) - lenB) & 63) + 1);
+  PORT_Assert(((PRUint32)ctx->size & 63) == 56);
+  /* Convert size from bytes to bits. */
+  size <<= 3;
+  ctx->W[14] = SHA_HTONL((PRUint32)(size >> 32));
+  ctx->W[15] = SHA_HTONL((PRUint32)size);
+  shaCompress(&ctx->H[H2X], ctx->W);
+
+  /*
+   *  Output hash
+   */
+  SHA_STORE_RESULT;
+  *pDigestLen = SHA1_LENGTH;
+
+}
+
+#undef B
+#undef tmp
+/*
+ *  SHA: Compression function, unrolled.
+ *
+ * Some operations in shaCompress are done as 5 groups of 16 operations.
+ * Others are done as 4 groups of 20 operations.
+ * The code below shows that structure.
+ *
+ * The functions that compute the new values of the 5 state variables
+ * A-E are done in 4 groups of 20 operations (or you may also think
+ * of them as being done in 16 groups of 5 operations).  They are
+ * done by the SHA_RNDx macros below, in the right column.
+ *
+ * The functions that set the 16 values of the W array are done in 
+ * 5 groups of 16 operations.  The first group is done by the 
+ * LOAD macros below, the latter 4 groups are done by SHA_MIX below,
+ * in the left column.
+ *
+ * gcc's optimizer observes that each member of the W array is assigned
+ * a value 5 times in this code.  It reduces the number of store 
+ * operations done to the W array in the context (that is, in the X array)
+ * by creating a W array on the stack, and storing the W values there for 
+ * the first 4 groups of operations on W, and storing the values in the 
+ * context's W array only in the fifth group.  This is undesirable.
+ * It is MUCH bigger code than simply using the context's W array, because 
+ * all the offsets to the W array in the stack are 32-bit signed offsets, 
+ * and it is no faster than storing the values in the context's W array. 
+ *
+ * The original code for sha_fast.c prevented this creation of a separate 
+ * W array in the stack by creating a W array of 80 members, each of
+ * whose elements is assigned only once. It also separated the computations
+ * of the W array values and the computations of the values for the 5
+ * state variables into two separate passes, W's, then A-E's so that the 
+ * second pass could be done all in registers (except for accessing the W
+ * array) on machines with fewer registers.  The method is suboptimal
+ * for machines with enough registers to do it all in one pass, and it
+ * necessitates using many instructions with 32-bit offsets.
+ *
+ * This code eliminates the separate W array on the stack by a completely
+ * different means: by declaring the X array volatile.  This prevents
+ * the optimizer from trying to reduce the use of the X array by the
+ * creation of a MORE expensive W array on the stack. The result is
+ * that all instructions use signed 8-bit offsets and not 32-bit offsets.
+ *
+ * The combination of this code and the -O3 optimizer flag on GCC 3.4.3
+ * results in code that is 3 times faster than the previous NSS sha_fast
+ * code on AMD64.
+ */
+static void 
+shaCompress(volatile SHA_HW_t *X, const PRUint32 *inbuf) 
+{
+  register SHA_HW_t A, B, C, D, E;
+
+#if defined(SHA_NEED_TMP_VARIABLE)
+  register PRUint32 tmp;
+#endif
+
+#if !defined(SHA_PUT_W_IN_STACK)
+#define XH(n) X[n-H2X]
+#define XW(n) X[n-W2X]
+#else
+  SHA_HW_t w_0, w_1, w_2, w_3, w_4, w_5, w_6, w_7,
+           w_8, w_9, w_10, w_11, w_12, w_13, w_14, w_15;
+#define XW(n) w_ ## n
+#define XH(n) X[n]
+#endif
+
+#define K0 0x5a827999L
+#define K1 0x6ed9eba1L
+#define K2 0x8f1bbcdcL
+#define K3 0xca62c1d6L
+
+#define SHA_RND1(a,b,c,d,e,n) \
+  a = SHA_ROTL(b,5)+SHA_F1(c,d,e)+a+XW(n)+K0; c=SHA_ROTL(c,30) 
+#define SHA_RND2(a,b,c,d,e,n) \
+  a = SHA_ROTL(b,5)+SHA_F2(c,d,e)+a+XW(n)+K1; c=SHA_ROTL(c,30) 
+#define SHA_RND3(a,b,c,d,e,n) \
+  a = SHA_ROTL(b,5)+SHA_F3(c,d,e)+a+XW(n)+K2; c=SHA_ROTL(c,30) 
+#define SHA_RND4(a,b,c,d,e,n) \
+  a = SHA_ROTL(b,5)+SHA_F4(c,d,e)+a+XW(n)+K3; c=SHA_ROTL(c,30) 
+
+#define LOAD(n) XW(n) = SHA_HTONL(inbuf[n])
+
+  A = XH(0);
+  B = XH(1);
+  C = XH(2);
+  D = XH(3);
+  E = XH(4);
+
+  LOAD(0);		   SHA_RND1(E,A,B,C,D, 0);
+  LOAD(1);		   SHA_RND1(D,E,A,B,C, 1);
+  LOAD(2);		   SHA_RND1(C,D,E,A,B, 2);
+  LOAD(3);		   SHA_RND1(B,C,D,E,A, 3);
+  LOAD(4);		   SHA_RND1(A,B,C,D,E, 4);
+  LOAD(5);		   SHA_RND1(E,A,B,C,D, 5);
+  LOAD(6);		   SHA_RND1(D,E,A,B,C, 6);
+  LOAD(7);		   SHA_RND1(C,D,E,A,B, 7);
+  LOAD(8);		   SHA_RND1(B,C,D,E,A, 8);
+  LOAD(9);		   SHA_RND1(A,B,C,D,E, 9);
+  LOAD(10);		   SHA_RND1(E,A,B,C,D,10);
+  LOAD(11);		   SHA_RND1(D,E,A,B,C,11);
+  LOAD(12);		   SHA_RND1(C,D,E,A,B,12);
+  LOAD(13);		   SHA_RND1(B,C,D,E,A,13);
+  LOAD(14);		   SHA_RND1(A,B,C,D,E,14);
+  LOAD(15);		   SHA_RND1(E,A,B,C,D,15);
+
+  SHA_MIX( 0, 13,  8,  2); SHA_RND1(D,E,A,B,C, 0);
+  SHA_MIX( 1, 14,  9,  3); SHA_RND1(C,D,E,A,B, 1);
+  SHA_MIX( 2, 15, 10,  4); SHA_RND1(B,C,D,E,A, 2);
+  SHA_MIX( 3,  0, 11,  5); SHA_RND1(A,B,C,D,E, 3);
+
+  SHA_MIX( 4,  1, 12,  6); SHA_RND2(E,A,B,C,D, 4);
+  SHA_MIX( 5,  2, 13,  7); SHA_RND2(D,E,A,B,C, 5);
+  SHA_MIX( 6,  3, 14,  8); SHA_RND2(C,D,E,A,B, 6);
+  SHA_MIX( 7,  4, 15,  9); SHA_RND2(B,C,D,E,A, 7);
+  SHA_MIX( 8,  5,  0, 10); SHA_RND2(A,B,C,D,E, 8);
+  SHA_MIX( 9,  6,  1, 11); SHA_RND2(E,A,B,C,D, 9);
+  SHA_MIX(10,  7,  2, 12); SHA_RND2(D,E,A,B,C,10);
+  SHA_MIX(11,  8,  3, 13); SHA_RND2(C,D,E,A,B,11);
+  SHA_MIX(12,  9,  4, 14); SHA_RND2(B,C,D,E,A,12);
+  SHA_MIX(13, 10,  5, 15); SHA_RND2(A,B,C,D,E,13);
+  SHA_MIX(14, 11,  6,  0); SHA_RND2(E,A,B,C,D,14);
+  SHA_MIX(15, 12,  7,  1); SHA_RND2(D,E,A,B,C,15);
+
+  SHA_MIX( 0, 13,  8,  2); SHA_RND2(C,D,E,A,B, 0);
+  SHA_MIX( 1, 14,  9,  3); SHA_RND2(B,C,D,E,A, 1);
+  SHA_MIX( 2, 15, 10,  4); SHA_RND2(A,B,C,D,E, 2);
+  SHA_MIX( 3,  0, 11,  5); SHA_RND2(E,A,B,C,D, 3);
+  SHA_MIX( 4,  1, 12,  6); SHA_RND2(D,E,A,B,C, 4);
+  SHA_MIX( 5,  2, 13,  7); SHA_RND2(C,D,E,A,B, 5);
+  SHA_MIX( 6,  3, 14,  8); SHA_RND2(B,C,D,E,A, 6);
+  SHA_MIX( 7,  4, 15,  9); SHA_RND2(A,B,C,D,E, 7);
+
+  SHA_MIX( 8,  5,  0, 10); SHA_RND3(E,A,B,C,D, 8);
+  SHA_MIX( 9,  6,  1, 11); SHA_RND3(D,E,A,B,C, 9);
+  SHA_MIX(10,  7,  2, 12); SHA_RND3(C,D,E,A,B,10);
+  SHA_MIX(11,  8,  3, 13); SHA_RND3(B,C,D,E,A,11);
+  SHA_MIX(12,  9,  4, 14); SHA_RND3(A,B,C,D,E,12);
+  SHA_MIX(13, 10,  5, 15); SHA_RND3(E,A,B,C,D,13);
+  SHA_MIX(14, 11,  6,  0); SHA_RND3(D,E,A,B,C,14);
+  SHA_MIX(15, 12,  7,  1); SHA_RND3(C,D,E,A,B,15);
+
+  SHA_MIX( 0, 13,  8,  2); SHA_RND3(B,C,D,E,A, 0);
+  SHA_MIX( 1, 14,  9,  3); SHA_RND3(A,B,C,D,E, 1);
+  SHA_MIX( 2, 15, 10,  4); SHA_RND3(E,A,B,C,D, 2);
+  SHA_MIX( 3,  0, 11,  5); SHA_RND3(D,E,A,B,C, 3);
+  SHA_MIX( 4,  1, 12,  6); SHA_RND3(C,D,E,A,B, 4);
+  SHA_MIX( 5,  2, 13,  7); SHA_RND3(B,C,D,E,A, 5);
+  SHA_MIX( 6,  3, 14,  8); SHA_RND3(A,B,C,D,E, 6);
+  SHA_MIX( 7,  4, 15,  9); SHA_RND3(E,A,B,C,D, 7);
+  SHA_MIX( 8,  5,  0, 10); SHA_RND3(D,E,A,B,C, 8);
+  SHA_MIX( 9,  6,  1, 11); SHA_RND3(C,D,E,A,B, 9);
+  SHA_MIX(10,  7,  2, 12); SHA_RND3(B,C,D,E,A,10);
+  SHA_MIX(11,  8,  3, 13); SHA_RND3(A,B,C,D,E,11);
+
+  SHA_MIX(12,  9,  4, 14); SHA_RND4(E,A,B,C,D,12);
+  SHA_MIX(13, 10,  5, 15); SHA_RND4(D,E,A,B,C,13);
+  SHA_MIX(14, 11,  6,  0); SHA_RND4(C,D,E,A,B,14);
+  SHA_MIX(15, 12,  7,  1); SHA_RND4(B,C,D,E,A,15);
+
+  SHA_MIX( 0, 13,  8,  2); SHA_RND4(A,B,C,D,E, 0);
+  SHA_MIX( 1, 14,  9,  3); SHA_RND4(E,A,B,C,D, 1);
+  SHA_MIX( 2, 15, 10,  4); SHA_RND4(D,E,A,B,C, 2);
+  SHA_MIX( 3,  0, 11,  5); SHA_RND4(C,D,E,A,B, 3);
+  SHA_MIX( 4,  1, 12,  6); SHA_RND4(B,C,D,E,A, 4);
+  SHA_MIX( 5,  2, 13,  7); SHA_RND4(A,B,C,D,E, 5);
+  SHA_MIX( 6,  3, 14,  8); SHA_RND4(E,A,B,C,D, 6);
+  SHA_MIX( 7,  4, 15,  9); SHA_RND4(D,E,A,B,C, 7);
+  SHA_MIX( 8,  5,  0, 10); SHA_RND4(C,D,E,A,B, 8);
+  SHA_MIX( 9,  6,  1, 11); SHA_RND4(B,C,D,E,A, 9);
+  SHA_MIX(10,  7,  2, 12); SHA_RND4(A,B,C,D,E,10);
+  SHA_MIX(11,  8,  3, 13); SHA_RND4(E,A,B,C,D,11);
+  SHA_MIX(12,  9,  4, 14); SHA_RND4(D,E,A,B,C,12);
+  SHA_MIX(13, 10,  5, 15); SHA_RND4(C,D,E,A,B,13);
+  SHA_MIX(14, 11,  6,  0); SHA_RND4(B,C,D,E,A,14);
+  SHA_MIX(15, 12,  7,  1); SHA_RND4(A,B,C,D,E,15);
+
+  XH(0) += A;
+  XH(1) += B;
+  XH(2) += C;
+  XH(3) += D;
+  XH(4) += E;
+}
+
+/*************************************************************************
+** Code below this line added to make SHA code support BLAPI interface
+*/
+
+SHA1Context *
+SHA1_NewContext(void)
+{
+    SHA1Context *cx;
+
+    /* no need to ZNew, SHA1_Begin will init the context */
+    cx = PORT_New(SHA1Context);
+    return cx;
+}
+
+/* Zero and free the context */
+void
+SHA1_DestroyContext(SHA1Context *cx, PRBool freeit)
+{
+    memset(cx, 0, sizeof *cx);
+    if (freeit) {
+        PORT_Free(cx);
+    }
+}
+
+SECStatus
+SHA1_HashBuf(unsigned char *dest, const unsigned char *src, uint32 src_length)
+{
+    SHA1Context ctx;
+    unsigned int outLen;
+
+    SHA1_Begin(&ctx);
+    SHA1_Update(&ctx, src, src_length);
+    SHA1_End(&ctx, dest, &outLen, SHA1_LENGTH);
+    return SECSuccess;
+}
+
+/* Hash a null-terminated character string. */
+SECStatus
+SHA1_Hash(unsigned char *dest, const char *src)
+{
+    return SHA1_HashBuf(dest, (const unsigned char *)src, PORT_Strlen (src));
+}
+
+/*
+ * need to support save/restore state in pkcs11. Stores all the info necessary
+ * for a structure into just a stream of bytes.
+ */
+unsigned int
+SHA1_FlattenSize(SHA1Context *cx)
+{
+    return sizeof(SHA1Context);
+}
+
+SECStatus
+SHA1_Flatten(SHA1Context *cx,unsigned char *space)
+{
+    PORT_Memcpy(space,cx, sizeof(SHA1Context));
+    return SECSuccess;
+}
+
+SHA1Context *
+SHA1_Resurrect(unsigned char *space,void *arg)
+{
+    SHA1Context *cx = SHA1_NewContext();
+    if (cx == NULL) return NULL;
+
+    PORT_Memcpy(cx,space, sizeof(SHA1Context));
+    return cx;
+}
+
+void SHA1_Clone(SHA1Context *dest, SHA1Context *src) 
+{
+    memcpy(dest, src, sizeof *dest);
+}
+
+void
+SHA1_TraceState(SHA1Context *ctx)
+{
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+}
diff --git a/security/nss/lib/freebl/sha_fast.h b/security/nss/lib/freebl/sha_fast.h
new file mode 100644
index 000000000..d579ebad4
--- /dev/null
+++ b/security/nss/lib/freebl/sha_fast.h
@@ -0,0 +1,184 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is SHA 180-1 Reference Implementation (Optimized).
+ *
+ * The Initial Developer of the Original Code is
+ * Paul Kocher of Cryptography Research.
+ * Portions created by the Initial Developer are Copyright (C) 1995-9
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#ifndef _SHA_FAST_H_
+#define _SHA_FAST_H_
+
+#include "prlong.h"
+
+#define SHA1_INPUT_LEN 64
+
+#if defined(IS_64) && !defined(__sparc) 
+typedef PRUint64 SHA_HW_t;
+#define SHA1_USING_64_BIT 1
+#else
+typedef PRUint32 SHA_HW_t;
+#endif
+
+struct SHA1ContextStr {
+  union {
+    PRUint32 w[16];		/* input buffer */
+    PRUint8  b[64];
+  } u;
+  PRUint64 size;          	/* count of hashed bytes. */
+  SHA_HW_t H[22];		/* 5 state variables, 16 tmp values, 1 extra */
+};
+
+#if defined(_MSC_VER)
+#include <stdlib.h>
+#if defined(IS_LITTLE_ENDIAN) 
+#if (_MSC_VER >= 1300)
+#pragma intrinsic(_byteswap_ulong)
+#define SHA_HTONL(x) _byteswap_ulong(x)
+#elif defined(_X86_)
+#ifndef FORCEINLINE
+#if (_MSC_VER >= 1200)
+#define FORCEINLINE __forceinline
+#else
+#define FORCEINLINE __inline
+#endif /* _MSC_VER */
+#endif /* !defined FORCEINLINE */
+#define FASTCALL __fastcall
+
+static FORCEINLINE PRUint32 FASTCALL 
+swap4b(PRUint32 dwd) 
+{
+    __asm {
+    	mov   eax,dwd
+	bswap eax
+    }
+}
+
+#define SHA_HTONL(x) swap4b(x)
+#endif /* _X86_ */
+#endif /* IS_LITTLE_ENDIAN */
+
+#pragma intrinsic (_lrotr, _lrotl) 
+#define SHA_ROTL(x,n) _lrotl(x,n)
+#define SHA_ROTL_IS_DEFINED 1
+#endif /* _MSC_VER */
+
+#if defined(__GNUC__) 
+/* __x86_64__  and __x86_64 are defined by GCC on x86_64 CPUs */
+
+#if defined( SHA1_USING_64_BIT )
+static __inline__ PRUint64 SHA_ROTL(PRUint64 x, PRUint32 n)
+{
+    PRUint32 t = (PRUint32)x;
+    return ((t << n) | (t >> (32 - n)));
+}
+#else 
+static __inline__ PRUint32 SHA_ROTL(PRUint32 t, PRUint32 n)
+{
+    return ((t << n) | (t >> (32 - n)));
+}
+#endif
+#define SHA_ROTL_IS_DEFINED 1
+
+#if defined(_X86_) || defined(__x86_64__) || defined(__x86_64) 
+static __inline__ PRUint32 swap4b(PRUint32 value)
+{
+    __asm__("bswap %0" : "+r" (value));
+    return (value);
+}
+#define SHA_HTONL(x) swap4b(x)
+#endif /* x86 family */
+
+#endif /* __GNUC__ */
+
+#if !defined(SHA_ROTL_IS_DEFINED)
+#define SHA_NEED_TMP_VARIABLE 1
+#define SHA_ROTL(X,n) (tmp = (X), ((tmp) << (n)) | ((tmp) >> (32-(n))))
+#endif
+
+#if defined(_X86_) || defined(__x86_64__) || defined(__x86_64) 
+#define SHA_ALLOW_UNALIGNED_ACCESS 1
+#endif
+
+#if !defined(SHA_HTONL)
+#define SHA_MASK      0x00FF00FF
+#if defined(IS_LITTLE_ENDIAN)
+#undef  SHA_NEED_TMP_VARIABLE 
+#define SHA_NEED_TMP_VARIABLE 1
+#define SHA_HTONL(x)  (tmp = (x), tmp = (tmp << 16) | (tmp >> 16), \
+                       ((tmp & SHA_MASK) << 8) | ((tmp >> 8) & SHA_MASK))
+#else
+#define SHA_HTONL(x)  (x)
+#endif
+#endif
+
+#define SHA_BYTESWAP(x) x = SHA_HTONL(x)
+
+#define SHA_STORE(n) ((PRUint32*)hashout)[n] = SHA_HTONL(ctx->H[n])
+#if defined(SHA_ALLOW_UNALIGNED_ACCESS)
+#define SHA_STORE_RESULT \
+  SHA_STORE(0); \
+  SHA_STORE(1); \
+  SHA_STORE(2); \
+  SHA_STORE(3); \
+  SHA_STORE(4);
+
+#elif defined(IS_LITTLE_ENDIAN) || defined( SHA1_USING_64_BIT )
+#define SHA_STORE_RESULT \
+  if (!((ptrdiff_t)hashout % sizeof(PRUint32))) { \
+    SHA_STORE(0); \
+    SHA_STORE(1); \
+    SHA_STORE(2); \
+    SHA_STORE(3); \
+    SHA_STORE(4); \
+  } else { \
+    ctx->u.w[0] = SHA_HTONL(ctx->H[0]); \
+    ctx->u.w[1] = SHA_HTONL(ctx->H[1]); \
+    ctx->u.w[2] = SHA_HTONL(ctx->H[2]); \
+    ctx->u.w[3] = SHA_HTONL(ctx->H[3]); \
+    ctx->u.w[4] = SHA_HTONL(ctx->H[4]); \
+    memcpy(hashout, ctx->u.w, SHA1_LENGTH); \
+  }
+
+#else
+#define SHA_STORE_RESULT \
+  if (!((ptrdiff_t)hashout % sizeof(PRUint32))) { \
+    SHA_STORE(0); \
+    SHA_STORE(1); \
+    SHA_STORE(2); \
+    SHA_STORE(3); \
+    SHA_STORE(4); \
+  } else { \
+    memcpy(hashout, ctx->H, SHA1_LENGTH); \
+  }
+#endif 
+
+#endif /* _SHA_FAST_H_ */
diff --git a/security/nss/lib/freebl/shsign.h b/security/nss/lib/freebl/shsign.h
new file mode 100644
index 000000000..0557bf8b3
--- /dev/null
+++ b/security/nss/lib/freebl/shsign.h
@@ -0,0 +1,47 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#ifndef _SHSIGN_H_
+#define _SHSIGN_H_
+
+#define SGN_SUFFIX ".chk"
+#define  NSS_SIGN_CHK_MAGIC1 0xf1
+#define  NSS_SIGN_CHK_MAGIC2 0xc5
+#define  NSS_SIGN_CHK_MAJOR_VERSION 0x01
+#define  NSS_SIGN_CHK_MINOR_VERSION 0x02
+
+#endif /* _SHSIGN_H_ */
diff --git a/security/nss/lib/freebl/shvfy.c b/security/nss/lib/freebl/shvfy.c
new file mode 100644
index 000000000..5c5aad8b1
--- /dev/null
+++ b/security/nss/lib/freebl/shvfy.c
@@ -0,0 +1,295 @@
+
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 2003
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include "shsign.h"
+#include "prlink.h"
+#include "prio.h"
+#include "blapi.h"
+#include "seccomon.h"
+#include "stdio.h"
+#include "prmem.h"
+
+/* #define DEBUG_SHVERIFY 1 */
+
+static char *
+mkCheckFileName(const char *libName)
+{
+    int ln_len = PORT_Strlen(libName);
+    char *output = PORT_Alloc(ln_len+sizeof(SGN_SUFFIX));
+    int index = ln_len + 1 - sizeof("."SHLIB_SUFFIX);
+
+    if ((index > 0) &&
+        (PORT_Strncmp(&libName[index],
+                        "."SHLIB_SUFFIX,sizeof("."SHLIB_SUFFIX)) == 0)) {
+        ln_len = index;
+    }
+    PORT_Memcpy(output,libName,ln_len);
+    PORT_Memcpy(&output[ln_len],SGN_SUFFIX,sizeof(SGN_SUFFIX));
+    return output;
+}
+
+static int
+decodeInt(unsigned char *buf)
+{
+    return (buf[3]) | (buf[2] << 8) | (buf[1] << 16) | (buf[0] << 24);
+}
+
+static SECStatus
+readItem(PRFileDesc *fd, SECItem *item)
+{
+    unsigned char buf[4];
+    int bytesRead;
+
+
+    bytesRead = PR_Read(fd, buf, 4);
+    if (bytesRead != 4) {
+	return SECFailure;
+    }
+    item->len = decodeInt(buf);
+
+    item->data = PORT_Alloc(item->len);
+    if (item->data == NULL) {
+	item->len = 0;
+	return SECFailure;
+    }
+    bytesRead = PR_Read(fd, item->data, item->len);
+    if (bytesRead != item->len) {
+	PORT_Free(item->data);
+	item->data = NULL;
+	item->len = 0;
+	return SECFailure;
+    }
+    return SECSuccess;
+}
+
+PRBool
+BLAPI_SHVerify(const char *name, PRFuncPtr addr)
+{
+    /* find our shared library name */
+    char *shName = PR_GetLibraryFilePathname(name, addr);
+    char *checkName = NULL;
+    PRFileDesc *checkFD = NULL;
+    PRFileDesc *shFD = NULL;
+    SHA1Context *hashcx = NULL;
+    SECItem signature = { 0, NULL, 0 };
+    SECItem hash;
+    int bytesRead, offset;
+    SECStatus rv;
+    DSAPublicKey key;
+    int count;
+
+    PRBool result = PR_FALSE; /* if anything goes wrong,
+			       * the signature does not verify */
+    unsigned char buf[512];
+    unsigned char hashBuf[SHA1_LENGTH];
+
+    PORT_Memset(&key,0,sizeof(key));
+    hash.data = hashBuf;
+    hash.len = sizeof(hashBuf);
+
+    if (!shName) {
+	goto loser;
+    }
+
+    /* figure out the name of our check file */
+    checkName = mkCheckFileName(shName);
+    if (!checkName) {
+	goto loser;
+    }
+
+    /* open the check File */
+    checkFD = PR_Open(checkName, PR_RDONLY, 0);
+    if (checkFD == NULL) {
+#ifdef DEBUG_SHVERIFY
+        fprintf(stderr, "Failed to open the check file %s: (%d, %d)\n",
+                checkName, (int)PR_GetError(), (int)PR_GetOSError());
+#endif /* DEBUG_SHVERIFY */
+	goto loser;
+    }
+
+    /* read and Verify the headerthe header */
+    bytesRead = PR_Read(checkFD, buf, 12);
+    if (bytesRead != 12) {
+	goto loser;
+    }
+    if ((buf[0] != NSS_SIGN_CHK_MAGIC1) || (buf[1] != NSS_SIGN_CHK_MAGIC2)) {
+	goto loser;
+    }
+    if ((buf[2] != NSS_SIGN_CHK_MAJOR_VERSION) || 
+				(buf[3] < NSS_SIGN_CHK_MINOR_VERSION)) {
+	goto loser;
+    }
+#ifdef notdef
+    if (decodeInt(&buf[8]) != CKK_DSA) {
+	goto loser;
+    }
+#endif
+
+    /* seek past any future header extensions */
+    offset = decodeInt(&buf[4]);
+    PR_Seek(checkFD, offset, PR_SEEK_SET);
+
+    /* read the key */
+    rv = readItem(checkFD,&key.params.prime);
+    if (rv != SECSuccess) {
+	goto loser;
+    }
+    rv = readItem(checkFD,&key.params.subPrime);
+    if (rv != SECSuccess) {
+	goto loser;
+    }
+    rv = readItem(checkFD,&key.params.base);
+    if (rv != SECSuccess) {
+	goto loser;
+    }
+    rv = readItem(checkFD,&key.publicValue);
+    if (rv != SECSuccess) {
+	goto loser;
+    }
+    /* read the siganture */
+    rv = readItem(checkFD,&signature);
+    if (rv != SECSuccess) {
+	goto loser;
+    }
+
+    /* done with the check file */
+    PR_Close(checkFD);
+    checkFD = NULL;
+
+    /* open our library file */
+    shFD = PR_Open(shName, PR_RDONLY, 0);
+    if (shFD == NULL) {
+#ifdef DEBUG_SHVERIFY
+        fprintf(stderr, "Failed to open the library file %s: (%d, %d)\n",
+                shName, (int)PR_GetError(), (int)PR_GetOSError());
+#endif /* DEBUG_SHVERIFY */
+	goto loser;
+    }
+
+    /* hash our library file with SHA1 */
+    hashcx = SHA1_NewContext();
+    if (hashcx == NULL) {
+	goto loser;
+    }
+    SHA1_Begin(hashcx);
+
+    count = 0;
+    while ((bytesRead = PR_Read(shFD, buf, sizeof(buf))) > 0) {
+	SHA1_Update(hashcx, buf, bytesRead);
+	count += bytesRead;
+    }
+    PR_Close(shFD);
+    shFD = NULL;
+
+    SHA1_End(hashcx, hash.data, &hash.len, hash.len);
+
+
+    /* verify the hash against the check file */
+    if (DSA_VerifyDigest(&key, &signature, &hash) == SECSuccess) {
+	result = PR_TRUE;
+    }
+#ifdef DEBUG_SHVERIFY
+  {
+        int i,j;
+        fprintf(stderr,"File %s: %d bytes\n",shName, count);
+        fprintf(stderr,"  hash: %d bytes\n", hash.len);
+#define STEP 10
+        for (i=0; i < hash.len; i += STEP) {
+           fprintf(stderr,"   ");
+           for (j=0; j < STEP && (i+j) < hash.len; j++) {
+                fprintf(stderr," %02x", hash.data[i+j]);
+           }
+           fprintf(stderr,"\n");
+        }
+        fprintf(stderr,"  signature: %d bytes\n", signature.len);
+        for (i=0; i < signature.len; i += STEP) {
+           fprintf(stderr,"   ");
+           for (j=0; j < STEP && (i+j) < signature.len; j++) {
+                fprintf(stderr," %02x", signature.data[i+j]);
+           }
+           fprintf(stderr,"\n");
+        }
+	fprintf(stderr,"Verified : %s\n",result?"TRUE": "FALSE");
+    }
+#endif /* DEBUG_SHVERIFY */
+
+
+loser:
+    if (shName != NULL) {
+	PR_Free(shName);
+    }
+    if (checkName != NULL) {
+	PORT_Free(checkName);
+    }
+    if (checkFD != NULL) {
+	PR_Close(checkFD);
+    }
+    if (shFD != NULL) {
+	PR_Close(shFD);
+    }
+    if (hashcx != NULL) {
+	SHA1_DestroyContext(hashcx,PR_TRUE);
+    }
+    if (signature.data != NULL) {
+	PORT_Free(signature.data);
+    }
+    if (key.params.prime.data != NULL) {
+	PORT_Free(key.params.prime.data);
+    }
+    if (key.params.subPrime.data != NULL) {
+	PORT_Free(key.params.subPrime.data);
+    }
+    if (key.params.base.data != NULL) {
+	PORT_Free(key.params.base.data);
+    }
+    if (key.publicValue.data != NULL) {
+	PORT_Free(key.publicValue.data);
+    }
+
+    return result;
+}
+
+PRBool
+BLAPI_VerifySelf(const char *name)
+{
+    /* to separate shlib to verify if name is NULL */
+    if (name == NULL) {
+	return PR_TRUE;
+    }
+    return BLAPI_SHVerify(name, (PRFuncPtr) decodeInt);
+}
diff --git a/security/nss/lib/freebl/sysrand.c b/security/nss/lib/freebl/sysrand.c
new file mode 100644
index 000000000..7991e8f30
--- /dev/null
+++ b/security/nss/lib/freebl/sysrand.c
@@ -0,0 +1,46 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "seccomon.h"
+#if defined(XP_UNIX) || defined(XP_BEOS)
+#include "unix_rand.c"
+#endif
+#ifdef XP_WIN
+#include "win_rand.c"
+#endif
+#ifdef XP_OS2
+#include "os2_rand.c"
+#endif
diff --git a/security/nss/lib/freebl/tlsprfalg.c b/security/nss/lib/freebl/tlsprfalg.c
new file mode 100644
index 000000000..05f3f0d76
--- /dev/null
+++ b/security/nss/lib/freebl/tlsprfalg.c
@@ -0,0 +1,164 @@
+/* tlsprfalg.c - TLS Pseudo Random Function (PRF) implementation
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+/* $Id$ */
+
+#include "sechash.h"
+#include "alghmac.h"
+#include "blapi.h"
+
+#define PHASH_STATE_MAX_LEN SHA1_LENGTH
+
+/* TLS P_hash function */
+static SECStatus
+sftk_P_hash(HASH_HashType hashType, const SECItem *secret, const char *label, 
+	SECItem *seed, SECItem *result, PRBool isFIPS)
+{
+    unsigned char state[PHASH_STATE_MAX_LEN];
+    unsigned char outbuf[PHASH_STATE_MAX_LEN];
+    unsigned int state_len = 0, label_len = 0, outbuf_len = 0, chunk_size;
+    unsigned int remaining;
+    unsigned char *res;
+    SECStatus status;
+    HMACContext *cx;
+    SECStatus rv = SECFailure;
+    const SECHashObject *hashObj = HASH_GetRawHashObject(hashType);
+
+    PORT_Assert((secret != NULL) && (secret->data != NULL || !secret->len));
+    PORT_Assert((seed != NULL) && (seed->data != NULL));
+    PORT_Assert((result != NULL) && (result->data != NULL));
+
+    remaining = result->len;
+    res = result->data;
+
+    if (label != NULL)
+	label_len = PORT_Strlen(label);
+
+    cx = HMAC_Create(hashObj, secret->data, secret->len, isFIPS);
+    if (cx == NULL)
+	goto loser;
+
+    /* initialize the state = A(1) = HMAC_hash(secret, seed) */
+    HMAC_Begin(cx);
+    HMAC_Update(cx, (unsigned char *)label, label_len);
+    HMAC_Update(cx, seed->data, seed->len);
+    status = HMAC_Finish(cx, state, &state_len, sizeof(state));
+    if (status != SECSuccess)
+	goto loser;
+
+    /* generate a block at a time until we're done */
+    while (remaining > 0) {
+
+	HMAC_Begin(cx);
+	HMAC_Update(cx, state, state_len);
+	if (label_len)
+	    HMAC_Update(cx, (unsigned char *)label, label_len);
+	HMAC_Update(cx, seed->data, seed->len);
+	status = HMAC_Finish(cx, outbuf, &outbuf_len, sizeof(outbuf));
+	if (status != SECSuccess)
+	    goto loser;
+
+        /* Update the state = A(i) = HMAC_hash(secret, A(i-1)) */
+	HMAC_Begin(cx); 
+	HMAC_Update(cx, state, state_len); 
+	status = HMAC_Finish(cx, state, &state_len, sizeof(state));
+	if (status != SECSuccess)
+	    goto loser;
+
+	chunk_size = PR_MIN(outbuf_len, remaining);
+	PORT_Memcpy(res, &outbuf, chunk_size);
+	res += chunk_size;
+	remaining -= chunk_size;
+    }
+
+    rv = SECSuccess;
+
+loser:
+    /* clear out state so it's not left on the stack */
+    if (cx) 
+    	HMAC_Destroy(cx, PR_TRUE);
+    PORT_Memset(state, 0, sizeof(state));
+    PORT_Memset(outbuf, 0, sizeof(outbuf));
+    return rv;
+}
+
+SECStatus
+TLS_PRF(const SECItem *secret, const char *label, SECItem *seed, 
+         SECItem *result, PRBool isFIPS)
+{
+    SECStatus rv = SECFailure, status;
+    unsigned int i;
+    SECItem tmp = { siBuffer, NULL, 0};
+    SECItem S1;
+    SECItem S2;
+
+    PORT_Assert((secret != NULL) && (secret->data != NULL || !secret->len));
+    PORT_Assert((seed != NULL) && (seed->data != NULL));
+    PORT_Assert((result != NULL) && (result->data != NULL));
+
+    S1.type = siBuffer;
+    S1.len  = (secret->len / 2) + (secret->len & 1);
+    S1.data = secret->data;
+
+    S2.type = siBuffer;
+    S2.len  = S1.len;
+    S2.data = secret->data + (secret->len - S2.len);
+
+    tmp.data = (unsigned char*)PORT_Alloc(result->len);
+    if (tmp.data == NULL)
+	goto loser;
+    tmp.len = result->len;
+
+    status = sftk_P_hash(HASH_AlgMD5, &S1, label, seed, result, isFIPS);
+    if (status != SECSuccess)
+	goto loser;
+
+    status = sftk_P_hash(HASH_AlgSHA1, &S2, label, seed, &tmp, isFIPS);
+    if (status != SECSuccess)
+	goto loser;
+
+    for (i = 0; i < result->len; i++)
+	result->data[i] ^= tmp.data[i];
+
+    rv = SECSuccess;
+
+loser:
+    if (tmp.data != NULL)
+	PORT_ZFree(tmp.data, tmp.len);
+    return rv;
+}
+
diff --git a/security/nss/lib/freebl/unix_rand.c b/security/nss/lib/freebl/unix_rand.c
new file mode 100644
index 000000000..aec738c09
--- /dev/null
+++ b/security/nss/lib/freebl/unix_rand.c
@@ -0,0 +1,1155 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include <stdio.h>
+#include <string.h>
+#include <signal.h>
+#include <unistd.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <sys/time.h>
+#include <sys/wait.h>
+#include <sys/stat.h>
+#include "secrng.h"
+#include "secerr.h"
+#include "prerror.h"
+#include "prthread.h"
+
+size_t RNG_FileUpdate(const char *fileName, size_t limit);
+
+/*
+ * When copying data to the buffer we want the least signicant bytes
+ * from the input since those bits are changing the fastest. The address
+ * of least significant byte depends upon whether we are running on
+ * a big-endian or little-endian machine.
+ *
+ * Does this mean the least signicant bytes are the most significant
+ * to us? :-)
+ */
+    
+static size_t CopyLowBits(void *dst, size_t dstlen, void *src, size_t srclen)
+{
+    union endianness {
+	int32 i;
+	char c[4];
+    } u;
+
+    if (srclen <= dstlen) {
+	memcpy(dst, src, srclen);
+	return srclen;
+    }
+    u.i = 0x01020304;
+    if (u.c[0] == 0x01) {
+	/* big-endian case */
+	memcpy(dst, (char*)src + (srclen - dstlen), dstlen);
+    } else {
+	/* little-endian case */
+	memcpy(dst, src, dstlen);
+    }
+    return dstlen;
+}
+
+#ifdef SOLARIS
+
+#include <kstat.h>
+
+static const PRUint32 entropy_buf_len = 4096; /* buffer up to 4 KB */
+
+/* Buffer entropy data, and feed it to the RNG, entropy_buf_len bytes at a time.
+ * Returns error if RNG_RandomUpdate fails. Also increments *total_fed
+ * by the number of bytes successfully buffered.
+ */
+static SECStatus BufferEntropy(char* inbuf, PRUint32 inlen,
+                                char* entropy_buf, PRUint32* entropy_buffered,
+                                PRUint32* total_fed)
+{
+    PRUint32 tocopy = 0;
+    PRUint32 avail = 0;
+    SECStatus rv = SECSuccess;
+
+    while (inlen) {
+        avail = entropy_buf_len - *entropy_buffered;
+        if (!avail) {
+            /* Buffer is full, time to feed it to the RNG. */
+            rv = RNG_RandomUpdate(entropy_buf, entropy_buf_len);
+            if (SECSuccess != rv) {
+                break;
+            }
+            *entropy_buffered = 0;
+            avail = entropy_buf_len;
+        }
+        tocopy = PR_MIN(avail, inlen);
+        memcpy(entropy_buf + *entropy_buffered, inbuf, tocopy);
+        *entropy_buffered += tocopy;
+        inlen -= tocopy;
+        inbuf += tocopy;
+        *total_fed += tocopy;
+    }
+    return rv;
+}
+
+/* Feed kernel statistics structures and ks_data field to the RNG.
+ * Returns status as well as the number of bytes successfully fed to the RNG.
+ */
+static SECStatus RNG_kstat(PRUint32* fed)
+{
+    kstat_ctl_t*    kc = NULL;
+    kstat_t*        ksp = NULL;
+    PRUint32        entropy_buffered = 0;
+    char*           entropy_buf = NULL;
+    SECStatus       rv = SECSuccess;
+
+    PORT_Assert(fed);
+    if (!fed) {
+        return SECFailure;
+    }
+    *fed = 0;
+
+    kc = kstat_open();
+    PORT_Assert(kc);
+    if (!kc) {
+        return SECFailure;
+    }
+    entropy_buf = (char*) PORT_Alloc(entropy_buf_len);
+    PORT_Assert(entropy_buf);
+    if (entropy_buf) {
+        for (ksp = kc->kc_chain; ksp != NULL; ksp = ksp->ks_next) {
+            if (-1 == kstat_read(kc, ksp, NULL)) {
+                /* missing data from a single kstat shouldn't be fatal */
+                continue;
+            }
+            rv = BufferEntropy((char*)ksp, sizeof(kstat_t),
+                                    entropy_buf, &entropy_buffered,
+                                    fed);
+            if (SECSuccess != rv) {
+                break;
+            }
+
+            if (ksp->ks_data && ksp->ks_data_size>0 && ksp->ks_ndata>0) {
+                rv = BufferEntropy((char*)ksp->ks_data, ksp->ks_data_size,
+                                        entropy_buf, &entropy_buffered,
+                                        fed);
+                if (SECSuccess != rv) {
+                    break;
+                }
+            }
+        }
+        if (SECSuccess == rv && entropy_buffered) {
+            /* Buffer is not empty, time to feed it to the RNG */
+            rv = RNG_RandomUpdate(entropy_buf, entropy_buffered);
+        }
+        PORT_Free(entropy_buf);
+    } else {
+        rv = SECFailure;
+    }
+    if (kstat_close(kc)) {
+        PORT_Assert(0);
+        rv = SECFailure;
+    }
+    return rv;
+}
+
+#endif
+
+#if defined(SCO) || defined(UNIXWARE) || defined(BSDI) || defined(FREEBSD) \
+    || defined(NETBSD) || defined(DARWIN) || defined(OPENBSD) \
+    || defined(NTO) || defined(__riscos__)
+#include <sys/times.h>
+
+#define getdtablesize() sysconf(_SC_OPEN_MAX)
+
+static size_t
+GetHighResClock(void *buf, size_t maxbytes)
+{
+    int ticks;
+    struct tms buffer;
+
+    ticks=times(&buffer);
+    return CopyLowBits(buf, maxbytes, &ticks, sizeof(ticks));
+}
+
+static void
+GiveSystemInfo(void)
+{
+    long si;
+
+    /* 
+     * Is this really necessary?  Why not use rand48 or something?
+     */
+    si = sysconf(_SC_CHILD_MAX);
+    RNG_RandomUpdate(&si, sizeof(si));
+
+    si = sysconf(_SC_STREAM_MAX);
+    RNG_RandomUpdate(&si, sizeof(si));
+
+    si = sysconf(_SC_OPEN_MAX);
+    RNG_RandomUpdate(&si, sizeof(si));
+}
+#endif
+
+#if defined(__sun)
+#if defined(__svr4) || defined(SVR4)
+#include <sys/systeminfo.h>
+#include <sys/times.h>
+#include <wait.h>
+
+int gettimeofday(struct timeval *);
+int gethostname(char *, int);
+
+#define getdtablesize() sysconf(_SC_OPEN_MAX)
+
+static void
+GiveSystemInfo(void)
+{
+    int rv;
+    char buf[2000];
+
+    rv = sysinfo(SI_MACHINE, buf, sizeof(buf));
+    if (rv > 0) {
+	RNG_RandomUpdate(buf, rv);
+    }
+    rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
+    if (rv > 0) {
+	RNG_RandomUpdate(buf, rv);
+    }
+    rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf));
+    if (rv > 0) {
+	RNG_RandomUpdate(buf, rv);
+    }
+}
+
+static size_t
+GetHighResClock(void *buf, size_t maxbytes)
+{
+    hrtime_t t;
+    t = gethrtime();
+    if (t) {
+	return CopyLowBits(buf, maxbytes, &t, sizeof(t));
+    }
+    return 0;
+}
+#else /* SunOS (Sun, but not SVR4) */
+
+extern long sysconf(int name);
+
+static size_t
+GetHighResClock(void *buf, size_t maxbytes)
+{
+    return 0;
+}
+
+static void
+GiveSystemInfo(void)
+{
+    long si;
+
+    /* This is not very good */
+    si = sysconf(_SC_CHILD_MAX);
+    RNG_RandomUpdate(&si, sizeof(si));
+}
+#endif
+#endif /* Sun */
+
+#if defined(__hpux)
+#include <sys/unistd.h>
+
+#define getdtablesize() sysconf(_SC_OPEN_MAX)
+
+#if defined(__ia64)
+#include <ia64/sys/inline.h>
+
+static size_t
+GetHighResClock(void *buf, size_t maxbytes)
+{
+    PRUint64 t;
+
+    t = _Asm_mov_from_ar(_AREG44);
+    return CopyLowBits(buf, maxbytes, &t, sizeof(t));
+}
+#else
+static size_t
+GetHighResClock(void *buf, size_t maxbytes)
+{
+    extern int ret_cr16();
+    int cr16val;
+
+    cr16val = ret_cr16();
+    return CopyLowBits(buf, maxbytes, &cr16val, sizeof(cr16val));
+}
+#endif
+
+static void
+GiveSystemInfo(void)
+{
+    long si;
+
+    /* This is not very good */
+    si = sysconf(_AES_OS_VERSION);
+    RNG_RandomUpdate(&si, sizeof(si));
+    si = sysconf(_SC_CPU_VERSION);
+    RNG_RandomUpdate(&si, sizeof(si));
+}
+#endif /* HPUX */
+
+#if defined(OSF1)
+#include <sys/types.h>
+#include <sys/sysinfo.h>
+#include <sys/systeminfo.h>
+#include <c_asm.h>
+
+static void
+GiveSystemInfo(void)
+{
+    char buf[BUFSIZ];
+    int rv;
+    int off = 0;
+
+    rv = sysinfo(SI_MACHINE, buf, sizeof(buf));
+    if (rv > 0) {
+	RNG_RandomUpdate(buf, rv);
+    }
+    rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
+    if (rv > 0) {
+	RNG_RandomUpdate(buf, rv);
+    }
+    rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf));
+    if (rv > 0) {
+	RNG_RandomUpdate(buf, rv);
+    }
+}
+
+/*
+ * Use the "get the cycle counter" instruction on the alpha.
+ * The low 32 bits completely turn over in less than a minute.
+ * The high 32 bits are some non-counter gunk that changes sometimes.
+ */
+static size_t
+GetHighResClock(void *buf, size_t maxbytes)
+{
+    unsigned long t;
+
+    t = asm("rpcc %v0");
+    return CopyLowBits(buf, maxbytes, &t, sizeof(t));
+}
+
+#endif /* Alpha */
+
+#if defined(_IBMR2)
+static size_t
+GetHighResClock(void *buf, size_t maxbytes)
+{
+    return 0;
+}
+
+static void
+GiveSystemInfo(void)
+{
+    /* XXX haven't found any yet! */
+}
+#endif /* IBM R2 */
+
+#if defined(LINUX)
+#include <sys/sysinfo.h>
+
+static size_t
+GetHighResClock(void *buf, size_t maxbytes)
+{
+    return 0;
+}
+
+static void
+GiveSystemInfo(void)
+{
+    struct sysinfo si;
+    if (sysinfo(&si) == 0) {
+	RNG_RandomUpdate(&si, sizeof(si));
+    }
+}
+#endif /* LINUX */
+
+#if defined(NCR)
+
+#include <sys/utsname.h>
+#include <sys/systeminfo.h>
+
+#define getdtablesize() sysconf(_SC_OPEN_MAX)
+
+static size_t
+GetHighResClock(void *buf, size_t maxbytes)
+{
+    return 0;
+}
+
+static void
+GiveSystemInfo(void)
+{
+    int rv;
+    char buf[2000];
+
+    rv = sysinfo(SI_MACHINE, buf, sizeof(buf));
+    if (rv > 0) {
+	RNG_RandomUpdate(buf, rv);
+    }
+    rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
+    if (rv > 0) {
+	RNG_RandomUpdate(buf, rv);
+    }
+    rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf));
+    if (rv > 0) {
+	RNG_RandomUpdate(buf, rv);
+    }
+}
+
+#endif /* NCR */
+
+
+#if defined(sgi)
+#include <fcntl.h>
+#undef PRIVATE
+#include <sys/mman.h>
+#include <sys/syssgi.h>
+#include <sys/immu.h>
+#include <sys/systeminfo.h>
+#include <sys/utsname.h>
+#include <wait.h>
+
+static void
+GiveSystemInfo(void)
+{
+    int rv;
+    char buf[4096];
+
+    rv = syssgi(SGI_SYSID, &buf[0]);
+    if (rv > 0) {
+	RNG_RandomUpdate(buf, MAXSYSIDSIZE);
+    }
+#ifdef SGI_RDUBLK
+    rv = syssgi(SGI_RDUBLK, getpid(), &buf[0], sizeof(buf));
+    if (rv > 0) {
+	RNG_RandomUpdate(buf, sizeof(buf));
+    }
+#endif /* SGI_RDUBLK */
+    rv = syssgi(SGI_INVENT, SGI_INV_READ, buf, sizeof(buf));
+    if (rv > 0) {
+	RNG_RandomUpdate(buf, sizeof(buf));
+    }
+    rv = sysinfo(SI_MACHINE, buf, sizeof(buf));
+    if (rv > 0) {
+	RNG_RandomUpdate(buf, rv);
+    }
+    rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
+    if (rv > 0) {
+	RNG_RandomUpdate(buf, rv);
+    }
+    rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf));
+    if (rv > 0) {
+	RNG_RandomUpdate(buf, rv);
+    }
+}
+
+static size_t GetHighResClock(void *buf, size_t maxbuf)
+{
+    unsigned phys_addr, raddr, cycleval;
+    static volatile unsigned *iotimer_addr = NULL;
+    static int tries = 0;
+    static int cntr_size;
+    int mfd;
+    long s0[2];
+    struct timeval tv;
+
+#ifndef SGI_CYCLECNTR_SIZE
+#define SGI_CYCLECNTR_SIZE      165     /* Size user needs to use to read CC */
+#endif
+
+    if (iotimer_addr == NULL) {
+	if (tries++ > 1) {
+	    /* Don't keep trying if it didn't work */
+	    return 0;
+	}
+
+	/*
+	** For SGI machines we can use the cycle counter, if it has one,
+	** to generate some truly random numbers
+	*/
+	phys_addr = syssgi(SGI_QUERY_CYCLECNTR, &cycleval);
+	if (phys_addr) {
+	    int pgsz = getpagesize();
+	    int pgoffmask = pgsz - 1;
+
+	    raddr = phys_addr & ~pgoffmask;
+	    mfd = open("/dev/mmem", O_RDONLY);
+	    if (mfd < 0) {
+		return 0;
+	    }
+	    iotimer_addr = (unsigned *)
+		mmap(0, pgoffmask, PROT_READ, MAP_PRIVATE, mfd, (int)raddr);
+	    if (iotimer_addr == (void*)-1) {
+		close(mfd);
+		iotimer_addr = NULL;
+		return 0;
+	    }
+	    iotimer_addr = (unsigned*)
+		((__psint_t)iotimer_addr | (phys_addr & pgoffmask));
+	    /*
+	     * The file 'mfd' is purposefully not closed.
+	     */
+	    cntr_size = syssgi(SGI_CYCLECNTR_SIZE);
+	    if (cntr_size < 0) {
+		struct utsname utsinfo;
+
+		/* 
+		 * We must be executing on a 6.0 or earlier system, since the
+		 * SGI_CYCLECNTR_SIZE call is not supported.
+		 * 
+		 * The only pre-6.1 platforms with 64-bit counters are
+		 * IP19 and IP21 (Challenge, PowerChallenge, Onyx).
+		 */
+		uname(&utsinfo);
+		if (!strncmp(utsinfo.machine, "IP19", 4) ||
+		    !strncmp(utsinfo.machine, "IP21", 4))
+			cntr_size = 64;
+		else
+			cntr_size = 32;
+	    }
+	    cntr_size /= 8;	/* Convert from bits to bytes */
+	}
+    }
+
+    s0[0] = *iotimer_addr;
+    if (cntr_size > 4)
+	s0[1] = *(iotimer_addr + 1);
+    memcpy(buf, (char *)&s0[0], cntr_size);
+    return CopyLowBits(buf, maxbuf, &s0, cntr_size);
+}
+#endif
+
+#if defined(sony)
+#include <sys/systeminfo.h>
+
+#define getdtablesize() sysconf(_SC_OPEN_MAX)
+
+static size_t
+GetHighResClock(void *buf, size_t maxbytes)
+{
+    return 0;
+}
+
+static void
+GiveSystemInfo(void)
+{
+    int rv;
+    char buf[2000];
+
+    rv = sysinfo(SI_MACHINE, buf, sizeof(buf));
+    if (rv > 0) {
+	RNG_RandomUpdate(buf, rv);
+    }
+    rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
+    if (rv > 0) {
+	RNG_RandomUpdate(buf, rv);
+    }
+    rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf));
+    if (rv > 0) {
+	RNG_RandomUpdate(buf, rv);
+    }
+}
+#endif /* sony */
+
+#if defined(sinix)
+#include <sys/systeminfo.h>
+#include <sys/times.h>
+
+int gettimeofday(struct timeval *, struct timezone *);
+int gethostname(char *, int);
+
+#define getdtablesize() sysconf(_SC_OPEN_MAX)
+
+static size_t
+GetHighResClock(void *buf, size_t maxbytes)
+{
+    int ticks;
+    struct tms buffer;
+
+    ticks=times(&buffer);
+    return CopyLowBits(buf, maxbytes, &ticks, sizeof(ticks));
+}
+
+static void
+GiveSystemInfo(void)
+{
+    int rv;
+    char buf[2000];
+
+    rv = sysinfo(SI_MACHINE, buf, sizeof(buf));
+    if (rv > 0) {
+	RNG_RandomUpdate(buf, rv);
+    }
+    rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
+    if (rv > 0) {
+	RNG_RandomUpdate(buf, rv);
+    }
+    rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf));
+    if (rv > 0) {
+	RNG_RandomUpdate(buf, rv);
+    }
+}
+#endif /* sinix */
+
+#if defined(VMS)
+#include <c_asm.h>
+
+static void
+GiveSystemInfo(void)
+{
+    long si;
+ 
+    /* 
+     * This is copied from the SCO/UNIXWARE etc section. And like the comment
+     * there says, what's the point? This isn't random, it generates the same
+     * stuff every time its run!
+     */
+    si = sysconf(_SC_CHILD_MAX);
+    RNG_RandomUpdate(&si, sizeof(si));
+ 
+    si = sysconf(_SC_STREAM_MAX);
+    RNG_RandomUpdate(&si, sizeof(si));
+ 
+    si = sysconf(_SC_OPEN_MAX);
+    RNG_RandomUpdate(&si, sizeof(si));
+}
+ 
+/*
+ * Use the "get the cycle counter" instruction on the alpha.
+ * The low 32 bits completely turn over in less than a minute.
+ * The high 32 bits are some non-counter gunk that changes sometimes.
+ */
+static size_t
+GetHighResClock(void *buf, size_t maxbytes)
+{
+    unsigned long t;
+ 
+    t = asm("rpcc %v0");
+    return CopyLowBits(buf, maxbytes, &t, sizeof(t));
+}
+ 
+#endif /* VMS */
+
+#ifdef BEOS
+#include <be/kernel/OS.h>
+
+static size_t
+GetHighResClock(void *buf, size_t maxbytes)
+{
+    bigtime_t bigtime; /* Actually an int64 */
+
+    bigtime = real_time_clock_usecs();
+    return CopyLowBits(buf, maxbytes, &bigtime, sizeof(bigtime));
+}
+
+static void
+GiveSystemInfo(void)
+{
+    system_info *info = NULL;
+    int32 val;                     
+    get_system_info(info);
+    if (info) {
+        val = info->boot_time;
+        RNG_RandomUpdate(&val, sizeof(val));
+        val = info->used_pages;
+        RNG_RandomUpdate(&val, sizeof(val));
+        val = info->used_ports;
+        RNG_RandomUpdate(&val, sizeof(val));
+        val = info->used_threads;
+        RNG_RandomUpdate(&val, sizeof(val));
+        val = info->used_teams;
+        RNG_RandomUpdate(&val, sizeof(val));
+    }
+}
+#endif /* BEOS */
+
+#if defined(nec_ews)
+#include <sys/systeminfo.h>
+
+#define getdtablesize() sysconf(_SC_OPEN_MAX)
+
+static size_t
+GetHighResClock(void *buf, size_t maxbytes)
+{
+    return 0;
+}
+
+static void
+GiveSystemInfo(void)
+{
+    int rv;
+    char buf[2000];
+
+    rv = sysinfo(SI_MACHINE, buf, sizeof(buf));
+    if (rv > 0) {
+	RNG_RandomUpdate(buf, rv);
+    }
+    rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
+    if (rv > 0) {
+	RNG_RandomUpdate(buf, rv);
+    }
+    rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf));
+    if (rv > 0) {
+	RNG_RandomUpdate(buf, rv);
+    }
+}
+#endif /* nec_ews */
+
+size_t RNG_GetNoise(void *buf, size_t maxbytes)
+{
+    struct timeval tv;
+    int n = 0;
+    int c;
+
+    n = GetHighResClock(buf, maxbytes);
+    maxbytes -= n;
+
+#if defined(__sun) && (defined(_svr4) || defined(SVR4)) || defined(sony)
+    (void)gettimeofday(&tv);
+#else
+    (void)gettimeofday(&tv, 0);
+#endif
+    c = CopyLowBits((char*)buf+n, maxbytes, &tv.tv_usec, sizeof(tv.tv_usec));
+    n += c;
+    maxbytes -= c;
+    c = CopyLowBits((char*)buf+n, maxbytes, &tv.tv_sec, sizeof(tv.tv_sec));
+    n += c;
+    return n;
+}
+
+#define SAFE_POPEN_MAXARGS	10	/* must be at least 2 */
+
+/*
+ * safe_popen is static to this module and we know what arguments it is
+ * called with. Note that this version only supports a single open child
+ * process at any time.
+ */
+static pid_t safe_popen_pid;
+static struct sigaction oldact;
+
+static FILE *
+safe_popen(char *cmd)
+{
+    int p[2], fd, argc;
+    pid_t pid;
+    char *argv[SAFE_POPEN_MAXARGS + 1];
+    FILE *fp;
+    static char blank[] = " \t";
+    static struct sigaction newact;
+
+    if (pipe(p) < 0)
+	return 0;
+
+    fp = fdopen(p[0], "r");
+    if (fp == 0) {
+	close(p[0]);
+	close(p[1]);
+	return 0;
+    }
+
+    /* Setup signals so that SIGCHLD is ignored as we want to do waitpid */
+    newact.sa_handler = SIG_DFL;
+    newact.sa_flags = 0;
+    sigfillset(&newact.sa_mask);
+    sigaction (SIGCHLD, &newact, &oldact);
+
+    pid = fork();
+    switch (pid) {
+      int ndesc;
+
+      case -1:
+	fclose(fp); /* this closes p[0], the fd associated with fp */
+	close(p[1]);
+	sigaction (SIGCHLD, &oldact, NULL);
+	return 0;
+
+      case 0:
+	/* dup write-side of pipe to stderr and stdout */
+	if (p[1] != 1) dup2(p[1], 1);
+	if (p[1] != 2) dup2(p[1], 2);
+
+	/* 
+	 * close the other file descriptors, except stdin which we
+	 * try reassociating with /dev/null, first (bug 174993)
+	 */
+	if (!freopen("/dev/null", "r", stdin))
+	    close(0);
+	ndesc = getdtablesize();
+	for (fd = PR_MIN(65536, ndesc); --fd > 2; close(fd));
+
+	/* clean up environment in the child process */
+	putenv("PATH=/bin:/usr/bin:/sbin:/usr/sbin:/etc:/usr/etc");
+	putenv("SHELL=/bin/sh");
+	putenv("IFS= \t");
+
+	/*
+	 * The caller may have passed us a string that is in text
+	 * space. It may be illegal to modify the string
+	 */
+	cmd = strdup(cmd);
+	/* format argv */
+	argv[0] = strtok(cmd, blank);
+	argc = 1;
+	while ((argv[argc] = strtok(0, blank)) != 0) {
+	    if (++argc == SAFE_POPEN_MAXARGS) {
+		argv[argc] = 0;
+		break;
+	    }
+	}
+
+	/* and away we go */
+	execvp(argv[0], argv);
+	exit(127);
+	break;
+
+      default:
+	close(p[1]);
+	break;
+    }
+
+    /* non-zero means there's a cmd running */
+    safe_popen_pid = pid;
+    return fp;
+}
+
+static int
+safe_pclose(FILE *fp)
+{
+    pid_t pid;
+    int status = -1, rv;
+
+    if ((pid = safe_popen_pid) == 0)
+	return -1;
+    safe_popen_pid = 0;
+
+    fclose(fp);
+
+    /* yield the processor so the child gets some time to exit normally */
+    PR_Sleep(PR_INTERVAL_NO_WAIT);
+
+    /* if the child hasn't exited, kill it -- we're done with its output */
+    while ((rv = waitpid(pid, &status, WNOHANG)) == -1 && errno == EINTR)
+	;
+    if (rv == 0) {
+	kill(pid, SIGKILL);
+	while ((rv = waitpid(pid, &status, 0)) == -1 && errno == EINTR)
+	    ;
+    }
+
+    /* Reset SIGCHLD signal hander before returning */
+    sigaction(SIGCHLD, &oldact, NULL);
+
+    return status;
+}
+
+
+#if !defined(VMS)
+
+#ifdef DARWIN
+#include <crt_externs.h>
+#endif
+
+/* Fork netstat to collect its output by default. Do not unset this unless
+ * another source of entropy is available
+ */
+#define DO_NETSTAT 1
+
+void RNG_SystemInfoForRNG(void)
+{
+    FILE *fp;
+    char buf[BUFSIZ];
+    size_t bytes;
+    const char * const *cp;
+    char *randfile;
+#ifdef DARWIN
+    char **environ = *_NSGetEnviron();
+#else
+    extern char **environ;
+#endif
+#ifdef BEOS
+    static const char * const files[] = {
+	"/boot/var/swap",
+	"/boot/var/log/syslog",
+	"/boot/var/tmp",
+	"/boot/home/config/settings",
+	"/boot/home",
+	0
+    };
+#else
+    static const char * const files[] = {
+	"/etc/passwd",
+	"/etc/utmp",
+	"/tmp",
+	"/var/tmp",
+	"/usr/tmp",
+	0
+    };
+#endif
+
+#if defined(BSDI)
+    static char netstat_ni_cmd[] = "netstat -nis";
+#else
+    static char netstat_ni_cmd[] = "netstat -ni";
+#endif
+
+    GiveSystemInfo();
+
+    bytes = RNG_GetNoise(buf, sizeof(buf));
+    RNG_RandomUpdate(buf, bytes);
+
+    /*
+     * Pass the C environment and the addresses of the pointers to the
+     * hash function. This makes the random number function depend on the
+     * execution environment of the user and on the platform the program
+     * is running on.
+     */
+    if (environ != NULL) {
+        cp = (const char * const *) environ;
+        while (*cp) {
+	    RNG_RandomUpdate(*cp, strlen(*cp));
+	    cp++;
+        }
+        RNG_RandomUpdate(environ, (char*)cp - (char*)environ);
+    }
+
+    /* Give in system information */
+    if (gethostname(buf, sizeof(buf)) == 0) {
+	RNG_RandomUpdate(buf, strlen(buf));
+    }
+    GiveSystemInfo();
+
+    /* grab some data from system's PRNG before any other files. */
+    bytes = RNG_FileUpdate("/dev/urandom", SYSTEM_RNG_SEED_COUNT);
+
+    /* If the user points us to a random file, pass it through the rng */
+    randfile = getenv("NSRANDFILE");
+    if ( ( randfile != NULL ) && ( randfile[0] != '\0') ) {
+	RNG_FileForRNG(randfile);
+    }
+
+    /* pass other files through */
+    for (cp = files; *cp; cp++)
+	RNG_FileForRNG(*cp);
+
+/*
+ * Bug 100447: On BSD/OS 4.2 and 4.3, we have problem calling safe_popen
+ * in a pthreads environment.  Therefore, we call safe_popen last and on
+ * BSD/OS we do not call safe_popen when we succeeded in getting data
+ * from /dev/urandom.
+ *
+ * Bug 174993: LINUX provides /dev/urandom, don't fork netstat
+ * if data has been gathered successfully
+ */
+
+#if defined(BSDI) || defined(LINUX)
+    if (bytes)
+        return;
+#endif
+
+#ifdef SOLARIS
+
+/*
+ * On Solaris, NSS may be initialized automatically from libldap in
+ * applications that are unaware of the use of NSS. safe_popen forks, and
+ * sometimes creates issues with some applications' pthread_atfork handlers.
+ * We always have /dev/urandom on Solaris 9 and above as an entropy source,
+ * and for Solaris 8 we have the libkstat interface, so we don't need to
+ * fork netstat.
+ */
+
+#undef DO_NETSTAT
+    if (!bytes) {
+        /* On Solaris 8, /dev/urandom isn't available, so we use libkstat. */
+        PRUint32 kstat_bytes = 0;
+        if (SECSuccess != RNG_kstat(&kstat_bytes)) {
+            PORT_Assert(0);
+        }
+        bytes += kstat_bytes;
+        PORT_Assert(bytes);
+    }
+#endif
+
+#ifdef DO_NETSTAT
+    fp = safe_popen(netstat_ni_cmd);
+    if (fp != NULL) {
+	while ((bytes = fread(buf, 1, sizeof(buf), fp)) > 0)
+	    RNG_RandomUpdate(buf, bytes);
+	safe_pclose(fp);
+    }
+#endif
+
+}
+#else
+void RNG_SystemInfoForRNG(void)
+{
+    FILE *fp;
+    char buf[BUFSIZ];
+    size_t bytes;
+    int extra;
+    char **cp;
+    extern char **environ;
+    char *randfile;
+ 
+    GiveSystemInfo();
+ 
+    bytes = RNG_GetNoise(buf, sizeof(buf));
+    RNG_RandomUpdate(buf, bytes);
+ 
+    /*
+     * Pass the C environment and the addresses of the pointers to the
+     * hash function. This makes the random number function depend on the
+     * execution environment of the user and on the platform the program
+     * is running on.
+     */
+    cp = environ;
+    while (*cp) {
+	RNG_RandomUpdate(*cp, strlen(*cp));
+	cp++;
+    }
+    RNG_RandomUpdate(environ, (char*)cp - (char*)environ);
+ 
+    /* Give in system information */
+    if (gethostname(buf, sizeof(buf)) > 0) {
+	RNG_RandomUpdate(buf, strlen(buf));
+    }
+    GiveSystemInfo();
+ 
+    /* If the user points us to a random file, pass it through the rng */
+    randfile = getenv("NSRANDFILE");
+    if ( ( randfile != NULL ) && ( randfile[0] != '\0') ) {
+	RNG_FileForRNG(randfile);
+    }
+
+    /*
+    ** We need to generate at least 1024 bytes of seed data. Since we don't
+    ** do the file stuff for VMS, and because the environ list is so short
+    ** on VMS, we need to make sure we generate enough. So do another 1000
+    ** bytes to be sure.
+    */
+    extra = 1000;
+    while (extra > 0) {
+        cp = environ;
+        while (*cp) {
+	    int n = strlen(*cp);
+	    RNG_RandomUpdate(*cp, n);
+	    extra -= n;
+	    cp++;
+        }
+    }
+}
+#endif
+
+#define TOTAL_FILE_LIMIT 1000000	/* one million */
+
+size_t RNG_FileUpdate(const char *fileName, size_t limit)
+{
+    FILE *        file;
+    size_t        bytes;
+    size_t        fileBytes = 0;
+    struct stat   stat_buf;
+    unsigned char buffer[BUFSIZ];
+    static size_t totalFileBytes = 0;
+    
+    /* suppress valgrind warnings due to holes in struct stat */
+    memset(&stat_buf, 0, sizeof(stat_buf));
+
+    if (stat((char *)fileName, &stat_buf) < 0)
+	return fileBytes;
+    RNG_RandomUpdate(&stat_buf, sizeof(stat_buf));
+    
+    file = fopen((char *)fileName, "r");
+    if (file != NULL) {
+	while (limit > fileBytes) {
+	    bytes = PR_MIN(sizeof buffer, limit - fileBytes);
+	    bytes = fread(buffer, 1, bytes, file);
+	    if (bytes == 0) 
+		break;
+	    RNG_RandomUpdate(buffer, bytes);
+	    fileBytes      += bytes;
+	    totalFileBytes += bytes;
+	    /* after TOTAL_FILE_LIMIT has been reached, only read in first
+	    ** buffer of data from each subsequent file.
+	    */
+	    if (totalFileBytes > TOTAL_FILE_LIMIT) 
+		break;
+	}
+	fclose(file);
+    }
+    /*
+     * Pass yet another snapshot of our highest resolution clock into
+     * the hash function.
+     */
+    bytes = RNG_GetNoise(buffer, sizeof(buffer));
+    RNG_RandomUpdate(buffer, bytes);
+    return fileBytes;
+}
+
+void RNG_FileForRNG(const char *fileName)
+{
+    RNG_FileUpdate(fileName, TOTAL_FILE_LIMIT);
+}
+
+size_t RNG_SystemRNG(void *dest, size_t maxLen)
+{
+    FILE *file;
+    size_t bytes;
+    size_t fileBytes = 0;
+    unsigned char *buffer = dest;
+
+    file = fopen("/dev/urandom", "r");
+    if (file == NULL) {
+	PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+	return fileBytes;
+    }
+    while (maxLen > fileBytes) {
+	bytes = maxLen - fileBytes;
+	bytes = fread(buffer, 1, bytes, file);
+	if (bytes == 0) 
+	    break;
+	fileBytes += bytes;
+	buffer += bytes;
+    }
+    fclose(file);
+    if (fileBytes != maxLen) {
+	PORT_SetError(SEC_ERROR_NEED_RANDOM);  /* system RNG failed */
+	fileBytes = 0;
+    }
+    return fileBytes;
+}
diff --git a/security/nss/lib/freebl/win_rand.c b/security/nss/lib/freebl/win_rand.c
new file mode 100644
index 000000000..4a3f61b59
--- /dev/null
+++ b/security/nss/lib/freebl/win_rand.c
@@ -0,0 +1,648 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "secrng.h"
+#include "secerr.h"
+#ifdef XP_WIN
+#include <windows.h>
+
+#if defined(_WIN32_WCE)
+#include <stdlib.h>	/* Win CE puts lots of stuff here. */
+#include "prprf.h"	/* for PR_snprintf */
+#else
+#include <time.h>
+#include <io.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#endif
+#include <stdio.h>
+
+#ifndef _WIN32
+#define VTD_Device_ID   5
+#define OP_OVERRIDE     _asm _emit 0x66
+#include <dos.h>
+#endif
+
+#include "prio.h"
+#include "prerror.h"
+
+static PRInt32  filesToRead;
+static DWORD    totalFileBytes;
+static DWORD    maxFileBytes	= 250000;	/* 250 thousand */
+static DWORD    dwNumFiles, dwReadEvery;
+
+static BOOL
+CurrentClockTickTime(LPDWORD lpdwHigh, LPDWORD lpdwLow)
+{
+#ifdef _WIN32
+    LARGE_INTEGER   liCount;
+
+    if (!QueryPerformanceCounter(&liCount))
+        return FALSE;
+
+    *lpdwHigh = liCount.u.HighPart;
+    *lpdwLow = liCount.u.LowPart;
+    return TRUE;
+
+#else   /* is WIN16 */
+    BOOL    bRetVal;
+    FARPROC lpAPI;
+    WORD    w1, w2, w3, w4;
+
+    // Get direct access to the VTD and query the current clock tick time
+    _asm {
+        xor   di, di
+        mov   es, di
+        mov   ax, 1684h
+        mov   bx, VTD_Device_ID
+        int   2fh
+        mov   ax, es
+        or    ax, di
+        jz    EnumerateFailed
+
+        ; VTD API is available. First store the API address (the address actually
+        ; contains an instruction that causes a fault, the fault handler then
+        ; makes the ring transition and calls the API in the VxD)
+        mov   word ptr lpAPI, di
+        mov   word ptr lpAPI+2, es
+        mov   ax, 100h      ; API function to VTD_Get_Real_Time
+;       call  dword ptr [lpAPI]
+        call  [lpAPI]
+
+        ; Result is in EDX:EAX which we will get 16-bits at a time
+        mov   w2, dx
+        OP_OVERRIDE
+        shr   dx,10h        ; really "shr edx, 16"
+        mov   w1, dx
+
+        mov   w4, ax
+        OP_OVERRIDE
+        shr   ax,10h        ; really "shr eax, 16"
+        mov   w3, ax
+
+        mov   bRetVal, 1    ; return TRUE
+        jmp   EnumerateExit
+
+      EnumerateFailed:
+        mov   bRetVal, 0    ; return FALSE
+
+      EnumerateExit:
+    }
+
+    *lpdwHigh = MAKELONG(w2, w1);
+    *lpdwLow = MAKELONG(w4, w3);
+
+    return bRetVal;
+#endif  /* is WIN16 */
+}
+
+size_t RNG_GetNoise(void *buf, size_t maxbuf)
+{
+    DWORD   dwHigh, dwLow, dwVal;
+    int     n = 0;
+    int     nBytes;
+
+    if (maxbuf <= 0)
+        return 0;
+
+    CurrentClockTickTime(&dwHigh, &dwLow);
+
+    // get the maximally changing bits first
+    nBytes = sizeof(dwLow) > maxbuf ? maxbuf : sizeof(dwLow);
+    memcpy((char *)buf, &dwLow, nBytes);
+    n += nBytes;
+    maxbuf -= nBytes;
+
+    if (maxbuf <= 0)
+        return n;
+
+    nBytes = sizeof(dwHigh) > maxbuf ? maxbuf : sizeof(dwHigh);
+    memcpy(((char *)buf) + n, &dwHigh, nBytes);
+    n += nBytes;
+    maxbuf -= nBytes;
+
+    if (maxbuf <= 0)
+        return n;
+
+    // get the number of milliseconds that have elapsed since Windows started
+    dwVal = GetTickCount();
+
+    nBytes = sizeof(dwVal) > maxbuf ? maxbuf : sizeof(dwVal);
+    memcpy(((char *)buf) + n, &dwVal, nBytes);
+    n += nBytes;
+    maxbuf -= nBytes;
+
+    if (maxbuf <= 0)
+        return n;
+
+#if defined(_WIN32_WCE)
+    {
+    // get the number of milliseconds elapsed since Windows CE was started. 
+    DWORD  tickCount = GetTickCount();
+    nBytes = (sizeof tickCount) > maxbuf ? maxbuf : (sizeof tickCount);
+    memcpy(((char *)buf) + n, &tickCount, nBytes);
+    n += nBytes;
+    }
+#else
+    {
+    time_t  sTime;
+    // get the time in seconds since midnight Jan 1, 1970
+    time(&sTime);
+    nBytes = sizeof(sTime) > maxbuf ? maxbuf : sizeof(sTime);
+    memcpy(((char *)buf) + n, &sTime, nBytes);
+    n += nBytes;
+    }
+#endif
+
+    return n;
+}
+
+#if defined(_WIN32_WCE)
+static BOOL
+EnumSystemFilesWithNSPR(const char * dirName, 
+			BOOL recursive,
+                        PRInt32 (*func)(const char *))
+{
+    PRDir *      pDir;
+    PRDirEntry * pEntry;
+    BOOL         rv 		= FALSE;
+
+    pDir = PR_OpenDir(dirName);
+    if (!pDir)
+    	return rv;
+    while ((pEntry = PR_ReadDir(pDir, PR_SKIP_BOTH|PR_SKIP_HIDDEN)) != NULL) {
+	PRStatus    status;
+	PRInt32     count;
+	PRInt32     stop;
+	PRFileInfo  fileInfo;
+	char        szFileName[_MAX_PATH];
+
+        count = (PRInt32)PR_snprintf(szFileName, sizeof szFileName, "%s\\%s", 
+	                             dirName, PR_DirName(pEntry));
+	if (count < 1)
+	    continue;
+	status = PR_GetFileInfo(szFileName, &fileInfo);
+	if (status != PR_SUCCESS)
+	    continue;
+	if (fileInfo.type == PR_FILE_FILE) {
+	    stop = (*func)(szFileName);
+	    rv = TRUE;
+	    if (stop)
+	        break;
+	    continue;
+    	}
+	if (recursive && fileInfo.type == PR_FILE_DIRECTORY) {
+	    rv |= EnumSystemFilesWithNSPR(szFileName, recursive, func);
+	}
+    }
+    PR_CloseDir(pDir);
+    return rv;
+}
+#endif
+
+static BOOL
+EnumSystemFiles(PRInt32 (*func)(const char *))
+{
+#if defined(_WIN32_WCE)
+    BOOL rv = FALSE;
+    rv |= EnumSystemFilesWithNSPR("\\Windows\\Temporary Internet Files", TRUE, func);
+    rv |= EnumSystemFilesWithNSPR("\\Temp",    FALSE, func);
+    rv |= EnumSystemFilesWithNSPR("\\Windows", FALSE, func);
+    return rv;
+#else
+    int                 iStatus;
+    char                szSysDir[_MAX_PATH];
+    char                szFileName[_MAX_PATH];
+#ifdef _WIN32
+    WIN32_FIND_DATA     fdData;
+    HANDLE              lFindHandle;
+#else
+    struct _find_t  fdData;
+#endif
+
+    if (!GetSystemDirectory(szSysDir, sizeof(szSysDir)))
+        return FALSE;
+
+    // tack *.* on the end so we actually look for files. this will
+    // not overflow
+    strcpy(szFileName, szSysDir);
+    strcat(szFileName, "\\*.*");
+
+#ifdef _WIN32
+    lFindHandle = FindFirstFile(szFileName, &fdData);
+    if (lFindHandle == INVALID_HANDLE_VALUE)
+        return FALSE;
+    do {
+        // pass the full pathname to the callback
+        sprintf(szFileName, "%s\\%s", szSysDir, fdData.cFileName);
+        (*func)(szFileName);
+        iStatus = FindNextFile(lFindHandle, &fdData);
+    } while (iStatus != 0);
+    FindClose(lFindHandle);
+#else
+    if (_dos_findfirst(szFileName, 
+             _A_NORMAL | _A_RDONLY | _A_ARCH | _A_SUBDIR, &fdData) != 0)
+        return FALSE;
+    do {
+        // pass the full pathname to the callback
+        sprintf(szFileName, "%s\\%s", szSysDir, fdData.name);
+        (*func)(szFileName);
+        iStatus = _dos_findnext(&fdData);
+    } while (iStatus == 0);
+    _dos_findclose(&fdData);
+#endif
+
+    return TRUE;
+#endif
+}
+
+static PRInt32
+CountFiles(const char *file)
+{
+    dwNumFiles++;
+    return 0;
+}
+
+static PRInt32
+ReadFiles(const char *file)
+{
+    if ((dwNumFiles % dwReadEvery) == 0) {
+	++filesToRead;
+    }
+    if (filesToRead) {
+	DWORD    prevFileBytes = totalFileBytes;
+        RNG_FileForRNG(file);
+	if (prevFileBytes < totalFileBytes) {
+	    --filesToRead;
+	}
+    }
+    dwNumFiles++;
+    return (totalFileBytes >= maxFileBytes);
+}
+
+static void
+ReadSystemFiles()
+{
+    // first count the number of files
+    dwNumFiles = 0;
+    if (!EnumSystemFiles(CountFiles))
+        return;
+
+    RNG_RandomUpdate(&dwNumFiles, sizeof(dwNumFiles));
+
+    // now read the first 10 readable files, then 10 or 11 files
+    // spread throughout the system directory
+    filesToRead = 10;
+    if (dwNumFiles == 0)
+        return;
+
+    dwReadEvery = dwNumFiles / 10;
+    if (dwReadEvery == 0)
+        dwReadEvery = 1;  // less than 10 files
+
+    dwNumFiles = 0;
+    EnumSystemFiles(ReadFiles);
+}
+
+void RNG_SystemInfoForRNG(void)
+{
+    DWORD           dwVal;
+    char            buffer[256];
+    int             nBytes;
+#ifdef _WIN32
+    MEMORYSTATUS    sMem;
+    HANDLE          hVal;
+#if !defined(_WIN32_WCE)
+    DWORD           dwSerialNum;
+    DWORD           dwComponentLen;
+    DWORD           dwSysFlags;
+    char            volName[128];
+    DWORD           dwSectors, dwBytes, dwFreeClusters, dwNumClusters;
+#endif
+#else
+    int             iVal;
+    HTASK           hTask;
+    WORD            wDS, wCS;
+    LPSTR           lpszEnv;
+#endif
+
+    nBytes = RNG_GetNoise(buffer, 20);  // get up to 20 bytes
+    RNG_RandomUpdate(buffer, nBytes);
+
+#ifdef _WIN32
+    sMem.dwLength = sizeof(sMem);
+    GlobalMemoryStatus(&sMem);                // assorted memory stats
+    RNG_RandomUpdate(&sMem, sizeof(sMem));
+#if !defined(_WIN32_WCE)
+    dwVal = GetLogicalDrives();
+    RNG_RandomUpdate(&dwVal, sizeof(dwVal));  // bitfields in bits 0-25
+#endif
+#else
+    dwVal = GetFreeSpace(0);
+    RNG_RandomUpdate(&dwVal, sizeof(dwVal));
+
+    _asm    mov wDS, ds;
+    _asm    mov wCS, cs;
+    RNG_RandomUpdate(&wDS, sizeof(wDS));
+    RNG_RandomUpdate(&wCS, sizeof(wCS));
+#endif
+
+#ifdef _WIN32
+#if !defined(_WIN32_WCE)
+    dwVal = sizeof(buffer);
+    if (GetComputerName(buffer, &dwVal))
+        RNG_RandomUpdate(buffer, dwVal);
+#endif
+/* XXX This is code that got yanked because of NSPR20.  We should put it
+ * back someday.
+ */
+#ifdef notdef
+    {
+    POINT ptVal;
+    GetCursorPos(&ptVal);
+    RNG_RandomUpdate(&ptVal, sizeof(ptVal));
+    }
+
+    dwVal = GetQueueStatus(QS_ALLINPUT);      // high and low significant
+    RNG_RandomUpdate(&dwVal, sizeof(dwVal));
+
+    {
+    HWND hWnd;
+    hWnd = GetClipboardOwner();               // 2 or 4 bytes
+    RNG_RandomUpdate((void *)&hWnd, sizeof(hWnd));
+    }
+
+    {
+    UUID sUuid;
+    UuidCreate(&sUuid);                       // this will fail on machines with no ethernet
+    RNG_RandomUpdate(&sUuid, sizeof(sUuid));  // boards. shove the bits in regardless
+    }
+#endif
+
+    hVal = GetCurrentProcess();               // 4 or 8 byte pseudo handle (a
+                                              // constant!) of current process
+    RNG_RandomUpdate(&hVal, sizeof(hVal));
+
+    dwVal = GetCurrentProcessId();            // process ID (4 bytes)
+    RNG_RandomUpdate(&dwVal, sizeof(dwVal));
+
+    dwVal = GetCurrentThreadId();             // thread ID (4 bytes)
+    RNG_RandomUpdate(&dwVal, sizeof(dwVal));
+
+#if !defined(_WIN32_WCE)
+    volName[0] = '\0';
+    buffer[0] = '\0';
+    GetVolumeInformation(NULL,
+                         volName,
+                         sizeof(volName),
+                         &dwSerialNum,
+                         &dwComponentLen,
+                         &dwSysFlags,
+                         buffer,
+                         sizeof(buffer));
+
+    RNG_RandomUpdate(volName,         strlen(volName));
+    RNG_RandomUpdate(&dwSerialNum,    sizeof(dwSerialNum));
+    RNG_RandomUpdate(&dwComponentLen, sizeof(dwComponentLen));
+    RNG_RandomUpdate(&dwSysFlags,     sizeof(dwSysFlags));
+    RNG_RandomUpdate(buffer,          strlen(buffer));
+
+    if (GetDiskFreeSpace(NULL, &dwSectors, &dwBytes, &dwFreeClusters, &dwNumClusters)) {
+        RNG_RandomUpdate(&dwSectors,      sizeof(dwSectors));
+        RNG_RandomUpdate(&dwBytes,        sizeof(dwBytes));
+        RNG_RandomUpdate(&dwFreeClusters, sizeof(dwFreeClusters));
+        RNG_RandomUpdate(&dwNumClusters,  sizeof(dwNumClusters));
+    }
+#endif
+#else   /* is WIN16 */
+    hTask = GetCurrentTask();
+    RNG_RandomUpdate((void *)&hTask, sizeof(hTask));
+
+    iVal = GetNumTasks();
+    RNG_RandomUpdate(&iVal, sizeof(iVal));      // number of running tasks
+
+    lpszEnv = GetDOSEnvironment();
+    while (*lpszEnv != '\0') {
+        RNG_RandomUpdate(lpszEnv, strlen(lpszEnv));
+
+        lpszEnv += strlen(lpszEnv) + 1;
+    }
+#endif  /* is WIN16 */
+
+    // now let's do some files
+    ReadSystemFiles();
+
+    nBytes = RNG_GetNoise(buffer, 20);  // get up to 20 bytes
+    RNG_RandomUpdate(buffer, nBytes);
+}
+
+#if defined(_WIN32_WCE)
+void RNG_FileForRNG(const char *filename)
+{
+    PRFileDesc *    file;
+    int             nBytes;
+    PRFileInfo      infoBuf;
+    unsigned char   buffer[1024];
+
+    /* windows doesn't initialize all the bytes in the stat buf,
+     * so initialize them all here to avoid UMRs.
+     */
+    memset(&infoBuf, 0, sizeof infoBuf);
+
+    if (PR_GetFileInfo(filename, &infoBuf) < 0)
+        return;
+
+    RNG_RandomUpdate((unsigned char*)&infoBuf, sizeof(infoBuf));
+
+    file = PR_Open(filename, PR_RDONLY, 0);
+    if (file != NULL) {
+        for (;;) {
+            PRInt32 bytes = PR_Read(file, buffer, sizeof buffer);
+
+            if (bytes <= 0)
+                break;
+
+            RNG_RandomUpdate(buffer, bytes);
+            totalFileBytes += bytes;
+            if (totalFileBytes > maxFileBytes)
+                break;
+        }
+
+        PR_Close(file);
+    }
+
+    nBytes = RNG_GetNoise(buffer, 20);  // get up to 20 bytes
+    RNG_RandomUpdate(buffer, nBytes);
+}
+
+#else /* not WinCE */
+
+void RNG_FileForRNG(const char *filename)
+{
+    FILE*           file;
+    int             nBytes;
+    struct stat     stat_buf;
+    unsigned char   buffer[1024];
+
+   /* static DWORD    totalFileBytes = 0; */
+
+    /* windows doesn't initialize all the bytes in the stat buf,
+     * so initialize them all here to avoid UMRs.
+     */
+    memset(&stat_buf, 0, sizeof stat_buf);
+
+    if (stat((char *)filename, &stat_buf) < 0)
+        return;
+
+    RNG_RandomUpdate((unsigned char*)&stat_buf, sizeof(stat_buf));
+
+    file = fopen((char *)filename, "r");
+    if (file != NULL) {
+        for (;;) {
+            size_t  bytes = fread(buffer, 1, sizeof(buffer), file);
+
+            if (bytes == 0)
+                break;
+
+            RNG_RandomUpdate(buffer, bytes);
+            totalFileBytes += bytes;
+            if (totalFileBytes > maxFileBytes)
+                break;
+        }
+
+        fclose(file);
+    }
+
+    nBytes = RNG_GetNoise(buffer, 20);  // get up to 20 bytes
+    RNG_RandomUpdate(buffer, nBytes);
+}
+
+#endif  /* not WinCE */
+
+/*
+ * CryptoAPI requires Windows NT 4.0 or Windows 95 OSR2 and later.
+ * Until we drop support for Windows 95, we need to emulate some
+ * definitions and declarations in <wincrypt.h> and look up the
+ * functions in advapi32.dll at run time.
+ */
+
+#ifndef WIN64
+typedef unsigned long HCRYPTPROV;
+#endif
+
+#define CRYPT_VERIFYCONTEXT 0xF0000000
+
+#define PROV_RSA_FULL 1
+
+typedef BOOL
+(WINAPI *CryptAcquireContextAFn)(
+    HCRYPTPROV *phProv,
+    LPCSTR pszContainer,
+    LPCSTR pszProvider,
+    DWORD dwProvType,
+    DWORD dwFlags);
+
+typedef BOOL
+(WINAPI *CryptReleaseContextFn)(
+    HCRYPTPROV hProv,
+    DWORD dwFlags);
+
+typedef BOOL
+(WINAPI *CryptGenRandomFn)(
+    HCRYPTPROV hProv,
+    DWORD dwLen,
+    BYTE *pbBuffer);
+
+/*
+ * Windows XP and Windows Server 2003 and later have RtlGenRandom,
+ * which must be looked up by the name SystemFunction036.
+ */
+typedef BOOLEAN
+(APIENTRY *RtlGenRandomFn)(
+    PVOID RandomBuffer,
+    ULONG RandomBufferLength);
+
+size_t RNG_SystemRNG(void *dest, size_t maxLen)
+{
+    HMODULE hModule;
+    RtlGenRandomFn pRtlGenRandom;
+    CryptAcquireContextAFn pCryptAcquireContextA;
+    CryptReleaseContextFn pCryptReleaseContext;
+    CryptGenRandomFn pCryptGenRandom;
+    HCRYPTPROV hCryptProv;
+    size_t bytes = 0;
+
+    hModule = LoadLibrary("advapi32.dll");
+    if (hModule == NULL) {
+	PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+	return 0;
+    }
+    pRtlGenRandom = (RtlGenRandomFn)
+	GetProcAddress(hModule, "SystemFunction036");
+    if (pRtlGenRandom) {
+	if (pRtlGenRandom(dest, maxLen)) {
+	    bytes = maxLen;
+	} else {
+	    PORT_SetError(SEC_ERROR_NEED_RANDOM);  /* system RNG failed */
+	}
+	goto done;
+    }
+    pCryptAcquireContextA = (CryptAcquireContextAFn)
+	GetProcAddress(hModule, "CryptAcquireContextA");
+    pCryptReleaseContext = (CryptReleaseContextFn)
+	GetProcAddress(hModule, "CryptReleaseContext");
+    pCryptGenRandom = (CryptGenRandomFn)
+	GetProcAddress(hModule, "CryptGenRandom");
+    if (!pCryptAcquireContextA || !pCryptReleaseContext || !pCryptGenRandom) {
+	PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+	goto done;
+    }
+    if (pCryptAcquireContextA(&hCryptProv, NULL, NULL,
+	PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
+	if (pCryptGenRandom(hCryptProv, maxLen, dest)) {
+	    bytes = maxLen;
+	}
+	pCryptReleaseContext(hCryptProv, 0);
+    }
+    if (bytes == 0) {
+	PORT_SetError(SEC_ERROR_NEED_RANDOM);  /* system RNG failed */
+    }
+done:
+    FreeLibrary(hModule);
+    return bytes;
+}
+
+#endif  /* is XP_WIN */
author	cvs2hg <devnull@localhost>	2009-05-21 19:50:33 +0000
committer	cvs2hg <devnull@localhost>	2009-05-21 19:50:33 +0000
commit	fe7c0a62d359825d537f29602aa213a722e3e7a1 (patch)
tree	dbdfa03a22dc1eb8293fcf5d597d8ac76e565f2a /security/nss/lib/freebl
parent	b5c29c9fea36731e5d72bd223c1ec4c5d17e5e22 (diff)
parent	db382805a1d20e2207f9f7081e18a16474484a0c (diff)
download	nss-hg-fe7c0a62d359825d537f29602aa213a722e3e7a1.tar.gz